Story image

Back to the basics: Five ways to stay safe online

16 Oct 2018

Article by Palo Alto Networks systems engineering director Philip Dimitriu

Staying safe online is crucial and as hackers get more sophisticated and aggressive, some of the most effective ways to stay protected are also some of the simplest.

Unfortunately, these are also some of the most overlooked security precautions, perhaps precisely because they seem so basic.

Hardly a day goes by without a news report of another scam or hack in which innocent people lose time, money, or their identity in cyber attacks.

However, people can engage online and keep themselves safe at the same time without needing to become cybersecurity experts.

The first step is awareness.

People who aren’t aware of the need to protect themselves online are more likely to fall for scams or be successfully targeted by hackers.

In Australia and New Zealand, for example, cybersecurity awareness weeks are run annually to remind people that they can’t depend on technology alone to protect them from cybercriminals.

The good news is that it’s relatively easy for people to protect themselves online.

There are five basic security measures that are essential:

  1. Use unique passwords and multi-factor authentication to make it harder for attackers to access multiple accounts.
     
  2. Update apps to close security gaps. App-makers are constantly refining and improving their apps to make them perform better and be more secure, and these updates are free so there’s no reason users shouldn’t keep them updated to the latest version.
     
  3. Check privacy settings to ensure data isn’t being shared with third parties.
     
  4. Be aware of the risk of phishing attacks as well as the form these attacks could take. Phishing attacks rely on social engineering techniques to trick users into divulging information or making unauthorised payments or purchases.
     
  5. Don’t post on social media when executives are travelling. This information can be used to mount a successful phishing attack.

Phishing attacks or social-engineering attacks are on the rise, where cybercriminals trick people into divulging details and participating in scams.

These scams work because the cybercriminals conduct research, mainly through social media, to find out details about a person’s movements, preferences, and activities.

This gold mine of information can then be used to successfully guess a person’s password for example.

Once an attacker gains access to a person’s email account, there’s virtually no limit to the amount of damage they can do to that person individually and to the organisation they work for.

Another approach is to monitor the person’s activity and then create a plausible cover story in which the person is asked to pay an invoice they never incurred or buy gift cards on behalf of a senior person in their organisation.

The attacker sends emails that look legitimate and are convincing enough to make them follow the instructions.

Many smart people have been fooled into providing banking details, confidential system passwords, and more.

They pay the fake invoice because it looks just like an invoice they would normally expect to receive.

Or they buy the gift cards and provide the details to the cybercriminals (who are posing as a colleague or supervisor via email) so they can convert them to cash.

These losses can mount quickly.

In Australia alone, people lost AU$340 million to scammers in 2017, with $49.9 million attributed to scams via email, social media, apps and the internet.

In New Zealand, latest reports are showing losses to online scams of NZ$10 million in 2017.

This highlights the need for continued vigilance to stay safe online, especially as cyber threats continue to evolve and increase.

Organisations must also ensure that employees are fully educated and aware of the types of scams and risks they may encounter, so they’re prepared and know what to do if they’re targeted.

Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.
How blockchain could help stop video piracy in its tracks
An Australian video tech firm has successfully tested a blockchain trial that could end up being a welcome relief for video creators and the fight against video piracy.