Pages

Tuesday 30 April 2019

Crime Prevention in Cyberspace




In the early years of most nations, criminals have robbed individuals, stage coaches, trains and banks. Why? Because that’s where the money is. In the 20th and 21st century, with the coming of the internet age, criminal conduct has expanded dramatically to include new types of crime such as fraud, theft, identity theft, blackmail and espionage conducted through cyberspace.  We term this as cybercrime. Cyberterrorism can arise from the same groups, but we will only look at cybercrime at this time.

Cybercrime can be far reaching with long-term effects; from the impact on organisations resulting from the theft of intellectual property or business secrets to the consequences that identity theft can have on an individual, including credit standing and loss of personal resources or loss of personal identity.
 

Responding to cybercrime is even more challenging because the economics favour the criminals. With just a laptop, a single individual anywhere in the world can wreak havoc on individuals and organisations with minimal cost and little risk of being caught. As more advanced technologies and protective measures are developed it may eventually level what has become an unbalanced playing field but in the meantime, it is imperative that all digital users practice basic cybersecurity practices to increase their own protection and improve cybersecurity overall.  

Protection of business information systems


In business, your system protection will start with well-defined policies on the use of internet connected devices in the workplace or when working out of the office. Education and awareness across your staff will go a long way to protect yourself against many types of cybercrime.

Do all your employees understand the most common hacking tactics, such as phishing, social engineering, or packet sniffing.

Do they understand your company policies around protection of information and information systems?  Do they understand and comply with the company social media policy?

Is your information system well configured and your network secure, ensuring the confidentiality, integrity and availability of your data? Is all software housed within your network continually up to date? Exploits in software are very common ways hackers gain access to systems and sensitive data. Updating software on network-connected machines should always be a top priority.

Do you have business-class antivirus software installed (and up to date) on all office workstations and servers? Leading antivirus software can detect, remove, and protect your machines and network from malware. Do you scan your website or web applications for malware? 

Do you have reliable IT support who maintain ongoing awareness of evolving threats and the latest mitigation treatments for cybercrime?

Do you have reliable backups of all of your critical data? Recovering from many types of common cybercrimes often involves restoring your data from a point prior to the event in question. Not having reliable and securely stored backups of your data is a significant liability.

Businesses that have contracts with government agencies are seen by hostile cyber aggressors as soft targets, allow them the potential to gain information that would otherwise be difficult to get from protected government information systems. All information shared by government agencies must be protected from compromise either from data leakage or deliberate or accidental human compromise. Companies should work closely with government agency security advisers to ensure that data is protected to a standard required by the information owner or government agency.

Home computer users


For home users, many of the same rules apply.  One of the best ways to keep attackers away from your computer is to apply patches and other software fixes when they become available. By regularly updating your computer, you block attackers from being able to take advantage of software flaws (vulnerabilities) that they could otherwise use to break into your system. 

While keeping your computer up-to-date will not protect you from all attacks, when used with difficult passwords it makes it much more difficult for hackers to gain access to your system, blocks many basic and automated attacks completely, and might be enough to discourage a less-determined attacker to look for a more vulnerable computer elsewhere.



Operating systems, Web browsers and Email

More recent versions of popular operating systems can be configured to download and apply updates automatically so that you do not have to remember to check for the latest software. Taking advantage of "auto-update" features in your software is a great start toward keeping yourself safe online.


Keep in mind that a newly purchased computer may not have the right level of security for you. When you are installing your computer at home, pay attention not just to making your new system function, but also focus on making it work securely. 

Configuring popular Internet applications such as your Web browser and email software is one of the most important areas to focus on. For example, settings in your Web browser will determine what happens when you visit Web sites on the Internet. The strongest security settings will give you the most control over what happens online but may also frustrate some people with a large number of questions ("This may not be safe, are you sure you want do this?") or the inability to do what they want to do. 

Choosing the right level of security and privacy depends on the individual using the computer. Oftentimes security and privacy settings can be properly configured without any sort of special expertise by simply using the "Help" feature of your software or reading the vendor's Web site. If you are uncomfortable configuring it yourself consult someone you know and trust for assistance or contact the vendor directly.

Passwords

Passwords are a fact of life on the Internet today—we use them for everything from ordering flowers and online banking to logging into our favourite airline Web site to see how many miles we have accumulated. 

Selecting a password that cannot be easily guessed is the first step toward keeping passwords secure and away from the wrong hands. Strong passwords have eight characters or more and use a combination of letters, numbers and symbols (e.g., # $ % ! ?). Avoid using any of the following as your password: your login name, anything based on your personal information such as your last name, and words that can be found in the dictionary. Try to select especially strong, unique passwords for protecting activities like online banking.

Keep your passwords in a safe place and try not to use the same password for every service you use online.

Change passwords on a regular basis, at least every 90 days. This can limit the damage caused by someone who has already gained access to your account. If you notice something suspicious with one of your online accounts, one of the first steps you can take is to change your password.




It is recommended that users monitor improvements in biometrics and physical tokens to use with passwords to provide two factor (dual factor) authentications. A fingerprint reader or other technology, combined with password, will provide a higher level of security for your computer or system.

Dual factor authentication 


Two-factor authentication (2FA), sometimes referred to as two-step verification or dual factor authentication, is a security process in which the user provides two different authentication factors to verify themselves to better protect both the user's credentials and the resources the user can access. Two-factor authentication provides a higher level of assurance than authentication methods that depend on single-factor authentication (SFA), in which the user provides only one factor -- typically a password or passcode. Two-factor authentication methods rely on users providing a password as well as a second factor, usually either a security token or a biometric factor like a fingerprint or facial scan.

Two-factor authentication adds an additional layer of security to the authentication process by making it harder for attackers to gain access to a person's devices or online accounts, because knowing the victim's password alone is not enough to pass the authentication check. Two-factor authentication has long been used to control access to sensitive systems and data, and online service providers are increasingly using 2FA to protect their users' credentials from being used by hackers who have stolen a password database or used phishing campaigns to obtain user passwords.

The technology involve in dual factor authentication is improving all the time and it is important that those looking at implementing such security protection measures seek expert insight into the latest and most secure measures on the market.

Security software


Several types of security software are necessary for basic online security. Security software essentials include firewall and antivirus programs. A firewall is usually your computer's first line of defence as it controls who and what can communicate with your computer online. You could think of a firewall as a sort of "policeman" that watches all the data attempting to flow in and out of your computer on the Internet, allowing communications that it knows are safe and blocking "bad" traffic such as attacks from ever reaching your computer. 

The next line of defence is your antivirus software, which monitors all online activities such as email messages and Web browsing and protects an individual from viruses, worms, Trojan horse and other types malicious programs. More recent versions of antivirus programs also protect from spyware and potentially unwanted programs such as adware.

Having security software that gives you control over software you may not want and protects you from online threats is essential to staying safe on the Internet. Your antivirus and antispyware software should be configured to update itself, and it should do so every time you connect to the Internet.

Integrated security suites combine firewall, antivirus, antispyware with other features such as antispam and parental controls have become popular as they offer all the security software needed for online protection in a single package. Many people find using a security suite an attractive alternative to installing and configuring several different types of security software as well as keeping them all up-to-date.

 


Protecting personal information

Exercise caution when sharing personal information such as your name, home address, phone number, and email address online. To take advantage of many online services, you will inevitably have to provide personal information in order to handle billing and shipping of purchased goods. Since not divulging any personal information is rarely possible you should, where possible, only deal with reputable e-commerce sites and monitor any unusual activity that may indicate that security of your information has been compromised.

Keep an eye out for phony email messages. Things that indicate a message may be fraudulent are misspellings, poor grammar, odd phrasings, web site addresses with strange extensions, web site addresses that are entirely numbers where there are normally words, and anything else out of the ordinary. Additionally, phishing messages will often tell you that you have to act quickly to keep your account open, update your security, or urge you to provide information immediately or else something bad will happen. Don't take the bait.


Don't respond to email messages that ask for personal information. Legitimate companies will not use email messages to ask for your personal information. When in doubt, contact the company by phone or by typing in the company web address into your web browser.

Don't click on the links in these messages as they may take you to a fraudulent, malicious web sites.

Steer clear of fraudulent Web sites used to steal personal information. When visiting a Web site, type the address (URL) directly into the Web browser rather than following a link within an email or instant message. Fraudsters often forge these links to make them look convincing.

A shopping, banking or any other Web site where sensitive information should have an "S" after the letters "http" (i.e. https://www.yourbank.com.au not http://www.yourbank.com)/. The "s" stands for secure and should appear when you are in an area requesting you to login or provide other sensitive data.

Another sign that you have a secure connection is the small lock icon in your web browser bar similar to below.

Pay attention to privacy policies on Web sites and in software. It is important to understand how an organisation might collect and use your personal information before you share it with them.

Guard your email address. Spammers and phishers sometimes send millions of messages to email addresses that may or may not exist in hopes of finding a potential victim. Responding to these messages or even downloading images ensures you will be added to their lists for more of the same messages in the future.

Online offers that look too good to be true usually are. The old saying "there's no such thing as a free lunch" still rings true today. There are many enticing hooks (scams) used by companies to grab your attention that can lead to your computer being compromised or your bank account being raided. Be aware and very careful when online.

Social media safety


You need to think carefully about how much information you share on social media sites, and who is able to see it. While most people who use social networking sites are well intentioned, there are others out there who may copy, forward or save your information to embarrass you, damage your reputation, or steal your identity. Once something goes online, you have very little chance of deleting it.

Keep in mind that the information that you provide on social; media can be harvested by criminals to create false identities, thus stealing your identity. Use of Pseudonyms and false dates of birth can reduce the risk, however, without making a concentrated effort to limit personal information across web sites, it is still possible to accidentally place yourself at risk.  Practice good personal security and you can protect yourself and your family.

The Australian Cybercrime Online Reporting Network (ACORN) recommends the following practical tips for staying safe while using social media.

                always type your social media website address into your browser,

                never use the same password that you use for your bank or email accounts,

                have a different password for each social media site,

                only accept friend requests from people you know,

                avoid clicking on links in ‘friend request’ emails,

                be careful about how much information you share online and with whom, and

               think before you post – how could your post affect you and others, now and into the future.

Use of Virtual Private Networks


A virtual private network (VPN) extends a private network across a public network and after recent information breaches that have been reported in the media, is becoming popular across the world enabling users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. VPNs, alone, cannot make online connections completely anonymous, but they can usually increase privacy and security.  Not all VPN’s are the same so careful selection is necessary if businesses or individuals wish to use the technology. Where necessary, use of end-to-end encryption that many VPN’s now provide, can be used to enhance the protection of data being transmitted, which will provide an additional layer of protection.

Businesses, especially that operate internationally, should be aware that as VPN’s are becoming more popular, some nations are blocking them to allow government agencies to monitor data traffic, that may lead to compromise of protected data. It is important to maintain awareness of any changes in government attitudes that may potentially, result in a weakening of your information systems security.

Your part in cybercrime prevention

As technology increases our links to the world and enters our homes and personal lives more and more, with smart home automation, network connected medical devices and intelligent software in the modern vehicle; the risk of cybercrime increases. We must all gain an understanding of the risks and how we can protect ourselves from them.

Firewalls and virus protection along with encryption that will protect the operating system and network provides a layer of security that must be supported by the human element. The insider threat or human individual remains the single primary threat to our connected world. Be it the programmer that makes a mistake in their coding that allows an attacker to gain access to systems or users who disregard basic security rules such as strong passwords, that allow systems to be compromised.  All can undo any security system designed to prevent cybercrime.

By understanding how cybercrime can occur and by ensuring that our business systems or home computers are as secure as we can make them and practicing sound personal security when online (including social media sites) we can all assist in mitigating the risk.

Australian Cybercrime Online Reporting Network (ACORN) and other nations Cyber agencies.



Advice on protecting businesses and individuals from cybercrime or how to report cybercrime can be obtained from ACORN
 (https://www.acorn.gov.au/), a national policing initiative of the Australian Commonwealth, State and Territory governments.

For US residents, the National Cyber Awareness System at https://www.us-cert.gov/ncas provides similar services.

The European Union Agency for Network and Information Security (ENISA) is a centre of expertise for cyber security in Europe. The Agency is located in Greece with its seat in Heraklion Crete and an operational office in Athens. Information is available from https://www.enisa.europa.eu/

Interpol have a cybersecurity centre that provides advice to most countries including the Asia Pacific region and can be found at https://www.interpol.int/Crime-areas/Cybercrime/Online-safety.

A quick search of your nations websites will allow you to locate information relevant to you.

Cybercrime prevention provides a sound return on investment for a nation’s economy and gives individuals confidence in having a safe and secure connection to the world.

No comments:

Post a Comment