Would you leave your bank account details along with your passwords on a slip of paper attached to the front door of your house? Hopefully not.
Most of us take security quite seriously. We all lock the doors and windows in our houses at night or when we go out. We put precious items somewhere safe, we set alarms, we even have dogs.
This is defined as multi-layered security. Yet, with all these precautions, we still don’t take our security for granted. We are careful about letting strangers into our homes, we keep our handbags and wallets close to our person. We keep our keys safe and we are conscious of disclosing personal information. Why? Because we know these bad guys can find ways in to our homes and lives that we didn’t think of. So, we put security systems in place and we watch our own behaviour.
Why then, does the same not apply to the security of our computers? For some of us, the information contained on our computers is very valuable indeed, our bank details, identity information, photos, documents, the list goes on. If you run a business on it, it’s value shoots up and up. Intellectual property, in addition to client and financial data is the lifeblood of any organisation. If that stuff gets stolen, goes missing or is exposed we are left financially vulnerable, possibly unable to work and potentially liable to prosecution. Whether your data is on hand-written notebooks or in the cloud, you need to keep it safe. So a little bit like our home, we lock the doors, set alarms, get a Doberman and behave in a responsible manner? No, the reality is, when it comes to our computers, we don’t do any of that.
Any unsecured computer attached to the internet, is like a house left with the door wide open. Add an uninformed user, and you are broadcasting an open invitation to the bad guys.
Now, this might sound a bit sensationalist, but the truth is that we’re not just talking about virus’s or a bit of malware that might slow your machine down. There has been a dramatic increase in the number of individuals and small businesses, in Kilkenny, that have fallen victim to cyber-crime in 2016. A study was done in the UK that estimated the number of small businesses that have been attacked is as high as 80%. And that’s only what’s been reported. Not a lot of businesses want you to know they were hacked. It would be naïve of us to think our own numbers weren’t similar.
Gavin Dixon is the managing director of Business I.T. Solutions here in Kilkenny. BITS work closely with many businesses and individuals in Carlow, Kilkenny and beyond. Cyber-crime is becoming a daily factor in their line of work and he had this to say: “Network security has always been important. However, since the beginning of this year, we are seeing an average of a client a week experiencing a direct attack on their business servers and computers. Whether access is by social profiling through email or on the phone, or direct attacks on the network, only with robust back-ups and security on the networks are we able to prevent or recover from these attacks.” He further goes on to say that the numbers of home users coming to them, desperate for help as they realise they have unwittingly given a cyber-criminal access to their PC, laptop or tablet, has shot up. “The profile of the victim is indiscriminate. They don’t care who they are stealing from. The methods they use to get in to steal money or data, is constantly changing and evolving.” Says Gavin. “People need to take this seriously. It’s not a new concept, the idea of hacking/attacking a computer, but the number of incidents are definitely on the rise and the seriousness of the crimes is also increasing. They will either steal money directly from your bank accounts, or they will hold you to ransom for your data. Either way it’s expensive, and seriously disruptive. There is a lot an individual can do to be safer but they need to be informed.”
The reasons for this dramatic increase is two-fold. Firstly, it yields money – this type of crime pays…and it pays big! Not only that, the criminal doesn’t even have to leave his/her bedroom. The second reason is that the home-owners (just to stick with the analogy) only close the doors – not a dead bolt in sight. In addition, sometimes when the criminal talks nice at the door, we let him in and give him the keys to the safe. In short, it’s a soft and lucrative crime with detection rates on the floor!
Now this might all sound a bit simplistic but many reading this article will have had experience of being phoned and convinced by the person on the phone that they are from the phone company, or some software providers that you use, and convince you to open your pc. While you are busy clicking here and clicking there, they are having a wild time in the background. They might be stealing data right then and there, or they might be planting a piece of malware to allow them in later. Either way, it only requires a few seconds and you let them in yourself!
There are many entry points for these criminals into your computer. You can, and should, install security software. However, a little bit like the testing for doping in sport, the best we can hope for with these products is to be just one step behind the criminal rather than many steps behind. We can only test for what we know we are looking for. You think that’s the bad news? Here’s the really bad news. A shocking 80% of attackers have gained entry by the user (you) letting them in. No amount of firewalls will protect you if you allow the criminal in yourself!
This type of attack is called social profiling and we are all vulnerable to it. They can intercept email conversations and mask being a person you usually talk to via email. So you THINK you are sending your bank details to your client for payment, or your login details to your daughter so she can log in from abroad! They can even be sitting in the middle between you and your friend editing responses as you “converse” in real time, in order to buy time and hold you where they want you while you are on your computer. They can steal money out of your bank account while you are busy trying to clarify a point.
Now, most of us think we are reasonably careful. When it comes to computers, we all know not to click on attachments in emails. Incredibly, some people will still click the attachment, but they are probably the same people who won’t put on a seat belt in a car. But even us conscientious people are making regular mistakes and doing things that can and do leave us quite vulnerable. Gavin and his team at BITS are spending more and more time educating their clients on the do’s and don’ts of internet behaviour and have even gone so far as to develop a short presentation that they deliver as part of their client service in order to reduce the risks to the networks they take care of.
“Even as IT professionals we are regularly surprised by the tactics and schemes employed by these criminals in their efforts to gain entry. We have to stay as up-to-date and as aware as we can ourselves. We do what we can on the network and hardware side, but the end-user needs to play their part too. We now feel an obligation to offer this information to our clients as a way for them to protect themselves and others from these types of crime. It’s less work for us in the long run so definitely worth the time and effort.”
Gavin gave us a few tips for us to employ but he did have this to say, “if you think you have been hacked, disconnect from the internet straight away. Call your bank and check your balances and have your passwords changed. Bring your computer to us or another professional to fully scan your machine.”
Don’t ever give anyone remote control of your computer (unless it’s your contracted IT support), even if you think you are watching what they are doing and you can shut them off anytime.
Sometimes they will deliberately hold you on the phone and confuse you to create a distraction, while they are working on your computer.
Change your passwords regularly, make them complex and just deal with the fact that you have to remember them.
Be vigilant on your email. If you get an email looking for money, or bank details, even if it looks like it’s from your Mammy, give her a ring. Check everything.
Double check the email addresses you are communicating with. They should have proper domain names especially if you think you are dealing with a business.
Never click on a pop up window on a web-site.
If it feels wrong…it’s wrong!
Run operating system updates.
Have advanced security software on your computer.
Remove software you don’t need.
When you’re not using your computer – log out/off.