Brendan Richardson
Auckland, July 9, 2019
The IT landscape, along with business, has changed dramatically since PC King was launched in Auckland in 1992.
Technology was then expensive and very complicated to use.
While prices have dropped, and software has become easier to use, with the growth of the internet, and your daily reliance on it, a new threat to IT and business continuity has developed.
Early viruses and the worm
Early viruses were transmitted by floppy disk (remember those?) and may put an annoying pop up window on your system, explaining how clever the programmer was.
Then there was the ‘worm’, which replicated itself across networks, and the internet at large, causing massive headaches for businesses, as their technology stopped working.
Now we have ‘ransomware,’ which can hide undetected on your computers, often for a few months, until one day it strikes – and all your files are encrypted.
If you have a backup, those are also overwritten, and become useless.
The only way to continue staying in business is to pay the ransom.
Social Engineering
One of the latest hacking techniques is Social Engineering, in which a nefarious person will email someone in business, pretending to be a bank, the IRD (or another government department), or perhaps a telecommunication company, asking you to log in to their website to verify information.
The person is led to a very convincing, legitimate looking website, by clicking the link.
Once they log in, they are doomed. Their credentials are captured.
Cyber thieves and criminals no longer need to hack into your business, because they can now trick you and your team to just hand over the keys and alarm code.
Sadly, there is no technical defence against a Social Engineering attack.
Ultimately, it comes down to training.
Employees and people need to learn that these threats are very real and very prevalent.
Overwhelming human error
Even when a company implements the most state-of-the-art technical and physical security measures, all it takes is a single employee to mistakenly trust an adversary one time and inadvertently provide a way into the system for the attacker.
Human-error accounts for up to 95% of security incidents. Therefore educating employees on security awareness is crucial to organisations.
About 25% of employees use the same password for all logins.
A massive amount of passwords are compromised due to data breaches and used by the bad guys for attacks. Are any hacked passwords in use within your organisation?
What if that password is available for sale on the internet’s Dark Web?
Using breached passwords puts your network at risk.
Password policies often do not prevent employees from using known bad passwords.
Making your users frequently change their passwords is not a good solution either. It only takes one compromised password match for the bad guys to gain access.
There are solutions
But its not all doom and gloom.
The internet is here to stay and we need it more and more now, to use it to stay connected for everyday things.
Here are seven things you can do to help safeguard and protect yourself, your family, your business, your finances, and your reputation:
Regularly Backup your Data: Copy your important files to another, separate location, and try and keep more than two copies, with ne copy somewhere else
Install an Anti-Virus that can fully protect you: Antivirus software can help you detect and remove malware and viruses from your device. And consider investing in the best you can get (this is the one thing you must not compromise on)
Keep your Devices up-to-date: When you are alerted to an update, do not ignore it – install it as soon as possible.
Choose unique passwords: Aim for passwords of eight characters or more. Use numbers, letters and symbols in them (and don’t use ‘password’ as your password!). Think about using a short phrase rather than a password, for example ‘Winter here is warmer than summer,’ and use a mix of letters, numbers and symbols to make it more complex, such as ‘Wint3r here 1s warmer th@n Summ3r.’
Don’t trust free WiFi: If you are logging on at a café or hotspot, for example.
These networks are generally untrusted, meaning that it is possible that others could see what you’re doing when you use them.
Be smart about social media: Did you know that the information you post to your Facebook profile, your Twitter feed or your Instagram account could be used to steal your identity or hack into your online accounts? Don’t give out personal information online unless you know who’s asking for it and why. Scams, fraud and phishing emails all attempt to trick you into giving away your personal information or your financial details – often by pretending to be a legitimate business
Invest in a Security Training Programme: Human-error accounts for up to 95% of security incidents. Therefore educating employees on security awareness is crucial to organisations.
Brendan Richardson is a Security Specialist and Director of PC King, one New Zealand’s oldest IT companies. PC King has been assisting businesses with their IT needs since 1992. He can be contacted by email brendan@pcking.co.nz; Phone 0800-1234PC.