How to create an internet fortress and repel hackers
This morning's newspaper headline read, “Another major cyber breach!”
This time a hospital database has been hacked and 60 000 patient records have been stolen with medical and financial data.
You groan sickeningly, that is the same hospital you attended with your 11 year old son when he ended up in surgery.
You scan the article for contact information… nothing. Dang it!!!
Your phone starts ringing, the caller ID reports “SUSPECT”
You answer it anyway…
A recorded message telling you that your library books are overdue and you need to press 1 to renew or you will be invoiced…Scammers…, crooks…, you feel anger and frustration at not knowing how to be safe.
Cyber crime is everywhere and the likelihood of having your data compromised is very real.
How do you protect yourself?
Through technology? Is that it? Then why does cyber crime still happen?
You have the default security software installed but is that enough. You are not a computer scientist, and have no real idea what exactly is required to be safe on the internet. How are you supposed to know what “bit” or “byte” you need to implement to stop hackers getting to your personal data and holding you ransom.
The good news is that there are a number of easy things you can do to protect yourself and your online data and you don't need an IT degree or give up and hide under your bed biting your bottom lip in fear.
Set Your best security at the borders
Your data is protected by authentication.
Authentication is a computer system's way of making sure you are who you say you are. The most basic form of this authentication is your password and username. To get access to a system you need both of these pieces of data.
The username is normally related to you directly, it may be your name or email address. Normally you have very little input into what your username will be. Your username is also the public element of your account and it will identify you to other users of the system.
Your password however is “FOR YOUR EYES ONLY”
Password is a bit of a yesteryear term, and it is misleading as to what is required when thinking of an ideal password. A more appropriate term would be passphrase.
When computer systems first started using passwords it was common to have your name followed by your birthdate. If you did that today, you would be asking for trouble. It would be like pinning a sign on your back with the words in big black lettering “KICK ME”.
The difference between a password and a passphrase is the complexity. A password is just a word, a normal single word. A phrase is a whole sentence. A sentence can contain a complex concept that is easier to remember. The phrase is easy to shorten with tricks like taking the first letter of each word in the sentence.
Using a passphrase also helps increase the length of your password which should be at least 16 characters. The more characters the harder it is for the password to be cracked.
Using special characters and numbers also improves the robustness of the password making your account safer.
Save your memory, save your password
The uniqueness of your password in relation to a particular system is an important element of password authentication.
Picture this very real scenario.
You wake up one morning to find that somehow your facebook account has been compromised. The hacker is sending rubbish messages to your friends and posting obscene posts to your wall.
Who knows how the thug got your details but whatever source they hacked, they have your bank account number as well. Perhaps they intercepted a message you sent to someone who was paying you for something… a second hand item you sold on facebook marketplace.
The problem is you don’t realise that they have your bank account details and you are completely preoccupied trying to reclaim your facebook account and say sorry to everyone that has been spammed.
The disaster now really explodes because your facebook password and bank account password are the same! The jump the hackers take from facebook to bank account is quick and devastating. They have full access to your social and financial systems. Without a pause the criminals are spending on your credit card, ruining your reputation and making your life hell.
Having a unique password for each system is unequivocally, totally and unconditionally important. The downside of a unique password for each system is being able to remember which password with what system, especially when the password is a complex passphrase.
To the rescue is a password manager.
A password manager is a tool that has high levels of encryption and remembers all of your passwords for you. It has interfaces that allow you to get your password on all your devices whenever you need to login.
A password manager is a must have in setting up an authentication fortress around your data.
Don't place all your passwords in one basket.
Recently a secure addon has been made available to improve your account security. This addon works alongside your password. You may have heard of MFA or 2FA. These acronyms stand for Multi Factor Authentication and Two Factor Authentication.
The extra authentication comes when you use an extra bit of identification to let the system know you are how you say you are. This extra identification could be your fingerprint, eye scan like they do in the movies or a special code that is sent to your phone or a separate device.
The easiest of these extra authentication tests is when you login, the system sends you a SMS with a number that you can use for a short amount of time. The system then waits for you to type in the number that you received. If the numbers match up and your password is correct you are admitted to the system.
Close the security backdoor
Once you have the front door protected you also need to secure the backdoor. It would be silly to place a huge security system with cameras and auto locks on your front door. Then at the back of the house have a door handle that does not lock and is left open all the time.
Our information systems are like our house. There is not just one entrance. Our information systems need to be protected by finding all the doors and windows and placing appropriate security at each opening or entrance point.
The backdoor to your system we are going to liken to the robustness of the software that the system is running.
There are a number of factors that over time reduce the robustness of your system to keep cyber criminals out. These factors include the change in technology and the finding of system holes or programming that did not consider a particular scenario.
Because of these problems the software manufacturer fixes the holes and problems. These fixes are delivered in what we call updates or patches.
To secure our system backdoor it is really important to implement and apply all the patches and updates that come out from the manufacturer. These updates come out for all your systems. Your laptop normally updates itself automatically when you shutdown. Your phone has updates that you may need to download manually.
To secure your system your ongoing work is to make a note of all your systems and on a regular basis make sure that all your hardware and software is uptodate.
Avoid infection with the golden rules
Picture yourself sitting in a big bay window in the afternoon winter sun with a good book and cup of hot chocolate as the wind whips around outside. It sounds inviting and cosy. The feel of the situation changes if you picture yourself throwing open the window and standing there embracing the arctic blast.
The actions we take impacts how we feel. The actions we take when accessing the internet and other systems impacts the security we enjoy.
Just like throwing open a window will let in the cold wind so clicking on the wrong link or downloading an infected file will allow your system and your data to be compromised.
In terms of internet security there are a number of ways you could open yourself up to an attack or allow your system to be compromised. However there are two actions which are more common and really are your golden rule to guide you to safe actions.
Golden rule number 1: Make sure that the link you click comes from a source that you know and trust. If you have a link presented to you that looks strange it probably is strange. If it has strange looking numbers or other warning signs, DON'T CLICK.
Golden rule number 2: Is similar to number one and that is beware of what you are downloading and where you are downloading from. Your antivirus software should help and pick up files that may be compromised. If you are vigilant in where you go and what you do and don’t just rely on your antivirus software to pick up infected problems then the likelihood of being infected, hacked or stolen from will have reduced significantly.
You now have the weapons
The damage that cyber crime inflicts each year more than doubles. In 2020 the damage was $2 trillion across the globe, and this is growing exponentially (as reported by juniper).
The horrible fact of cyber crime is not “if” but “when” you get attacked.
The information that you have just read is essential to helping you be safe. Cyber crime is the number one concern for most individuals in the first world when asked what criminal activities they feared most.
You are not alone in your desire to be safe. But you must do your part and implement the easy basics as a first step. Surprisingly this first step can be very effective. It is not a complete security solution but it will make it so much harder for hackers to capture your information that they will likely move on to easier pickings.
It is essential that you implement safe and secure password management. It is important to ensure that your systems are always uptodate. And it is vital that you practise safe internet habits when surfing and interacting with information.
I can not stress enough the need to implement these simple techniques to improve your safety. I want you to be safe because there is nothing worse than feeling violated.