I
n the early years of most nations, criminals have robbed
individuals, stage coaches, trains and banks. Why? Because that’s where the
money is. In the 20th and 21st century, with the coming of the internet age,
criminal conduct has expanded dramatically to include new types of crime such
as fraud, theft, identity theft, blackmail and espionage conducted through
cyberspace. We term this as cybercrime.
Cyberterrorism can arise from the same groups, but we will only look at
cybercrime at this time.
Cybercrime can be far reaching with long-term effects; from
the impact on organisations resulting from the theft of intellectual property
or business secrets to the consequences that identity theft can have on an
individual, including credit standing and loss of personal resources or loss of
personal identity.
Responding to cybercrime is even
more challenging because the economics favour the criminals. With just a
laptop, a single individual anywhere in the world can wreak havoc on
individuals and organisations with minimal cost and little risk of being
caught. As more advanced technologies and protective measures are developed it
may eventually level what has become an unbalanced playing field but in the
meantime, it is imperative that all digital users practice basic cybersecurity
practices to increase their own protection and improve cybersecurity
overall.
Protection of business information
systems
In business, your system protection will
start with well-defined policies on the use of internet connected devices in
the workplace or when working out of the office. Education and awareness across
your staff will go a long way to protect yourself against many types of
cybercrime.
Do all your employees understand
the most common hacking tactics, such as phishing, social engineering, or
packet sniffing.
Do they understand your company policies around protection of
information and information systems? Do they understand and comply
with the company social media policy?
Is your information system well
configured and your network secure, ensuring the confidentiality, integrity and
availability of your data? Is all software housed within your network
continually up to date? Exploits in software are very common ways hackers gain
access to systems and sensitive data. Updating software on network-connected
machines should always be a top priority.
Do you have business-class
antivirus software installed (and up to date) on all office workstations and
servers? Leading antivirus software can detect, remove, and protect your
machines and network from malware. Do you scan your website or web applications
for malware?
Do you have reliable IT support
who maintain ongoing awareness of evolving threats and the latest mitigation
treatments for cybercrime?
Do you have reliable backups of all of your critical data?
Recovering from many types of common cybercrimes often involves restoring your
data from a point prior to the event in question. Not having reliable and
securely stored backups of your data is a significant liability.
Businesses that have contracts with government agencies are
seen by hostile cyber aggressors as soft targets, allow them the potential to
gain information that would otherwise be difficult to get from protected
government information systems. All information shared by government agencies
must be protected from compromise either from data leakage or deliberate or
accidental human compromise. Companies should work closely with government
agency security advisers to ensure that data is protected to a standard
required by the information owner or government agency.
Home computer users
For home users, many of the same
rules apply. One of the best ways to
keep attackers away from your computer is to apply patches and other software
fixes when they become available. By regularly updating your computer, you
block attackers from being able to take advantage of software flaws
(vulnerabilities) that they could otherwise use to break into your system.
While keeping your computer
up-to-date will not protect you from all attacks, when used with difficult
passwords it makes it much more difficult for hackers to gain access to your
system, blocks many basic and automated attacks completely, and might be enough
to discourage a less-determined attacker to look for a more vulnerable computer
elsewhere.
Operating systems, Web browsers and
Email
More recent versions of popular operating
systems can be configured to download and apply updates automatically so that
you do not have to remember to check for the latest software. Taking advantage
of "auto-update" features in your software is a great start toward
keeping yourself safe online.
Keep in mind that a
newly purchased computer may not have the right level of security for you. When
you are installing your computer at home, pay attention not just to making your
new system function, but also focus on making it work securely.
Configuring popular Internet
applications such as your Web browser and email software is one of the most
important areas to focus on. For example, settings in your Web browser will
determine what happens when you visit Web sites on the Internet. The strongest
security settings will give you the most control over what happens online but
may also frustrate some people with a large number of questions ("This may
not be safe, are you sure you want do this?") or the inability to do what
they want to do.
Choosing the right level of
security and privacy depends on the individual using the computer. Oftentimes
security and privacy settings can be properly configured without any sort of
special expertise by simply using the "Help" feature of your software
or reading the vendor's Web site. If you are uncomfortable configuring it
yourself consult someone you know and trust for assistance or contact the
vendor directly.
Passwords
Passwords are a fact of life on
the Internet today—we use them for everything from ordering flowers and online
banking to logging into our favourite airline Web site to see how many miles we
have accumulated.
Selecting a password that cannot
be easily guessed is the first step toward keeping passwords secure and away from
the wrong hands. Strong passwords have eight characters or more and use a
combination of letters, numbers and symbols (e.g., # $ % ! ?). Avoid using any
of the following as your password: your login name, anything based on your
personal information such as your last name, and words that can be found in the
dictionary. Try to select especially strong, unique passwords for protecting
activities like online banking.
Keep your passwords in a safe
place and try not to use the same password for every service you use online.
Change passwords on a regular basis, at
least every 90 days. This can limit the damage caused by someone who has
already gained access to your account. If you notice something suspicious with
one of your online accounts, one of the first steps you can take is to change
your password.
It is recommended that users monitor improvements in
biometrics and physical tokens to use with passwords to provide two factor (dual factor) authentications. A
fingerprint reader or other technology, combined with password, will provide a higher level of
security for your computer or system.
Dual factor authentication
Two-factor authentication (2FA), sometimes referred to as
two-step verification or dual factor authentication, is a security process in
which the user provides two different authentication factors to verify
themselves to better protect both the user's credentials and the resources the
user can access. Two-factor authentication provides a higher level of assurance
than authentication methods that depend on single-factor authentication (SFA),
in which the user provides only one factor -- typically a password or passcode.
Two-factor authentication methods rely on users providing a password as well as
a second factor, usually either a security token or a biometric factor like a
fingerprint or facial scan.
Two-factor authentication adds an additional layer of
security to the authentication process by making it harder for attackers to
gain access to a person's devices or online accounts, because knowing the
victim's password alone is not enough to pass the authentication check.
Two-factor authentication has long been used to control access to sensitive
systems and data, and online service providers are increasingly using 2FA to
protect their users' credentials from being used by hackers who have stolen a
password database or used phishing campaigns to obtain user passwords.
The technology involve in dual factor authentication is
improving all the time and it is important that those looking at implementing
such security protection measures seek expert insight into the latest and most
secure measures on the market.
Security software
Several types of security software are
necessary for basic online security. Security software essentials include
firewall and antivirus programs. A firewall is usually your computer's first
line of defence as it controls who and what can communicate with your computer
online. You could think of a firewall as a sort of "policeman" that
watches all the data attempting to flow in and out of your computer on the
Internet, allowing communications that it knows are safe and blocking
"bad" traffic such as attacks from ever reaching your computer.
The next line of defence is your
antivirus software, which monitors all online activities such as email messages
and Web browsing and protects an individual from viruses, worms, Trojan horse
and other types malicious programs. More recent versions of antivirus programs
also protect from spyware and potentially unwanted programs such as adware.
Having security software that
gives you control over software you may not want and protects you from online threats
is essential to staying safe on the Internet. Your antivirus and antispyware
software should be configured to update itself, and it should do so every time
you connect to the Internet.
Integrated security suites
combine firewall, antivirus, antispyware with other features such as antispam
and parental controls have become popular as they offer all the security
software needed for online protection in a single package. Many people find
using a security suite an attractive alternative to installing and configuring
several different types of security software as well as keeping them all
up-to-date.
Protecting personal information
Exercise caution when sharing
personal information such as your name, home address, phone number, and email
address online. To take advantage of many online services, you will inevitably
have to provide personal information in order to handle billing and shipping of
purchased goods. Since not divulging any personal information is rarely
possible you should, where possible, only deal with reputable e-commerce sites
and monitor any unusual activity that may indicate that security of your
information has been compromised.
Keep an eye out for phony email
messages. Things that indicate a message may be fraudulent are misspellings,
poor grammar, odd phrasings, web site addresses with strange extensions, web
site addresses that are entirely numbers where there are normally words, and
anything else out of the ordinary. Additionally, phishing messages will often
tell you that you have to act quickly to keep your account open, update your
security, or urge you to provide information immediately or else something bad
will happen. Don't take the bait.
Don't respond to email messages
that ask for personal information. Legitimate companies will not use email
messages to ask for your personal information. When in doubt, contact the
company by phone or by typing in the company web address into your web browser.
Don't click on the links in these messages as they may take you to a
fraudulent, malicious web sites.
Steer clear of fraudulent Web
sites used to steal personal information. When visiting a Web site, type the
address (URL) directly into the Web browser rather than following a link within
an email or instant message. Fraudsters often forge these links to make them
look convincing.
A shopping, banking or any other
Web site where sensitive information should have an "S" after the
letters "http" (i.e. https://www.yourbank.com.au not
http://www.yourbank.com)/. The "s" stands for secure and should
appear when you are in an area requesting you to login or provide other
sensitive data.
Another sign that you have a
secure connection is the small lock icon in your web browser bar similar to
below.
Pay attention to privacy policies
on Web sites and in software. It is important to understand how an organisation
might collect and use your personal information before you share it with them.
Guard your email address.
Spammers and phishers sometimes send millions of messages to email addresses
that may or may not exist in hopes of finding a potential victim. Responding to
these messages or even downloading images ensures you will be added to their
lists for more of the same messages in the future.
Online offers that look too good
to be true usually are. The old saying "there's no such thing as a free
lunch" still rings true today. There are many enticing hooks (scams) used
by companies to grab your attention that can lead to your computer being
compromised or your bank account being raided. Be aware and very careful when
online.
Social media safety
You need to think carefully about how
much information you share on social media sites, and who is able to see it.
While most people who use social networking sites are well intentioned, there
are others out there who may copy, forward or save your information to
embarrass you, damage your reputation, or steal your identity. Once something
goes online, you have very little chance of deleting it.
Keep in mind that the information
that you provide on social; media can be harvested by criminals to create false
identities, thus stealing your identity. Use of Pseudonyms and false dates of
birth can reduce the risk, however, without making a concentrated effort to
limit personal information across web sites, it is still possible to
accidentally place yourself at risk.
Practice good personal security and you can protect yourself and your family.
The Australian Cybercrime Online
Reporting Network (ACORN) recommends the following practical tips for staying
safe while using social media.
• always type your social media website address
into your browser,
• never use the same password that you use for
your bank or email accounts,
• have a different password for each social media
site,
• only accept friend requests from people you
know,
• avoid clicking on links in ‘friend request’
emails,
• be careful about how much information you share
online and with whom, and
• think before you post – how could your post
affect you and others, now and into the future.
Use of Virtual Private Networks
A virtual private network (VPN) extends a
private network across a public network and after recent information breaches
that have been reported in the media, is becoming popular across the world enabling
users to send and receive data across shared or public networks as if their
computing devices were directly connected to the private network. VPNs, alone,
cannot make online connections completely anonymous, but they can usually
increase privacy and security. Not all
VPN’s are the same so careful selection is necessary if businesses or
individuals wish to use the technology. Where necessary, use of end-to-end
encryption that many VPN’s now provide, can be used to enhance the protection
of data being transmitted, which will provide an additional layer of
protection.
Businesses, especially that
operate internationally, should be aware that as VPN’s are becoming more
popular, some nations are blocking them to allow government agencies to monitor
data traffic, that may lead to compromise of protected data. It is important to
maintain awareness of any changes in government attitudes that may potentially,
result in a weakening of your information systems security.
Your part in cybercrime prevention 
As technology increases our links
to the world and enters our homes and personal lives more and more, with smart
home automation, network connected medical devices and intelligent software in
the modern vehicle; the risk of cybercrime increases. We must all gain an
understanding of the risks and how we can protect ourselves from them.
Firewalls and virus protection
along with encryption that will protect the operating system and network
provides a layer of security that must be supported by the human element. The
insider threat or human individual remains the single primary threat to our
connected world. Be it the programmer that makes a mistake in their coding that
allows an attacker to gain access to systems or users who disregard basic
security rules such as strong passwords, that allow systems to be
compromised. All can undo any security
system designed to prevent cybercrime.
By understanding how cybercrime
can occur and by ensuring that our business systems or home computers are as
secure as we can make them and practicing sound personal security when online
(including social media sites) we can all assist in mitigating the risk.
Advice on protecting businesses
and individuals from cybercrime or how to report cybercrime can be obtained
from ACORN
(https://www.acorn.gov.au/), a
national policing initiative of the Australian Commonwealth, State and
Territory governments.
The European Union Agency for
Network and Information Security (ENISA) is a centre of expertise for cyber
security in Europe. The Agency is located in Greece with its seat in Heraklion
Crete and an operational office in Athens. Information is available from https://www.enisa.europa.eu/.
A quick search of your nations
websites will allow you to locate information relevant to you.
Cybercrime prevention provides a
sound return on investment for a nation’s economy and gives individuals
confidence in having a safe and secure connection to the world.
