How to Stay Safe – Introduction
With the ever-increasing transfer of sensitive information to computers and mobile devices comes the growing risk of data loss or theft. There is no single response to this threat and a myriad of confusing jargon-filled advice. We advise our small business customers daily about how to protect themselves, so I felt that it was good time to try and summarise some of that advice on our blog.
This article is the first in a series of 4 articles on the subject of Keeping Your Technology Secure. My intention is to provide some insight and guidance into this ever-changing aspect of technology – in plain English.
- This first article provides a brief introduction followed by examples of how you might be affected.
- The second article is my attempt to define a short list of ‘Golden Rules’.
- The third article addresses safe surfing and getting you engaged in the right sort of browsing habits.
- Finally, in my last article, I address mobile and wireless working.
The first, and most important, point to make is that you need to take responsibility for your own protection. No amount of ingenious technical solutions will protect you if you use a weak password, for example. The most significant element in the on-going success of your protection will be your own behaviour.
Like any form of security, the threat is constantly evolving. To some extent protection is proactive and allows us to get ahead of the bad guys, but more often than not we are reacting to changes in the attack. There will always be periods where you are not protected even if they are extremely short.
The potential reward for the bad guys that breach security is huge. That means that the risks facing you are no longer coming from computer geeks doing it for the challenge. Organised criminals, nation states, and politically motivated groups are all investing time and resources in increasingly elaborate ways to get at your sensitive information.
Danger comes from a multitude of sources – email, infected websites, social networking sites, downloaded files, apps on your mobile devices, installation of software and telephone calls. You need to stay alert to all these channels.
How you could be affected
At the heart of the majority of dangerous threats is ‘social engineering’. Quite simply this is where you are manipulated into thinking that a request comes from a source you trust rather than the real and, most probably, malevolent originator. The objective of this request is to obtain sensitive information from you. This information can then be used in a myriad of ways but most commonly for financial benefit, for blackmail or to attack a third-party.
For example, it could be as simple as a phone call from someone pretending to be from your IT support company asking for your username and password. Equally, fake emails that appear to originate from your bank are common and take you to a bogus website where you are prompted to provide sensitive information.
Social engineering is also used to get you to install software (malware) on your machine. Attachments or links in email messages are the most common way in which the engineering begins. An attachment installs the malware directly and a link to a website allows the attacker to fool you further into actively accepting the installation.
With a threat installed on your machine you are vulnerable to key logging. This is where the threat records everything you type and sends it off for further analysis. Knowing the login username and password to your online bank account, for example, has obvious financial benefits but a key logger could equally be used to compromise your email or social networking sites. The attacker is then able to pretend to be you. One particular scam involves gaining access to your email account and locking you out of it. Then a message is sent to all your contacts explaining that you are out of the country and have lost all your belongings. It goes on to ask for money to be urgently transferred into a bank account. People are amazingly keen to help when a friend or colleague is in trouble and often act without question having a ‘trusted’ email from you. As a result, this scam is particularly effective.
A more subtle kind of threat is where installed software uses your machine to ‘attack’ a third party. Botnets, as they are known, are networks of compromised computers used to send huge amounts of traffic to a target rendering their system or website unable to cope. If your machine is part of that botnet network then you’ll probably know very little about it. Your machine may slow down from time to time but that is as much as you’ll notice and you’ll probably just blame your computer or Internet connection.
A common threat is where a piece of installed software intercepts all your search requests. In its most benign form this information can be used to target you with adverts based on your browsing history. Worse than this, however, you can be redirected to a compromised website instead of the one you were expecting. So you think you are looking at a page on a site you trust and are therefore much more likely to part with your valuable personal information.
Although blackmail seems unlikely to happen to us it takes many forms. A threat that has been around for a while is where a pop up warns you that your security software is out of date, and urgently advises you to install software to rectify it. What you receive instead is software that makes changes to your machine and then requires you to pay to have it ‘fixed’. This can take the form of hiding your documents or even encrypting them so that they are no longer accessible. The damage caused is often not fixable and can result in your machine needing to be rebuilt. This is a lengthy process, incurs costs and stops you from being able to work.
Identity theft is big news and is a very real threat. By obtaining your personal information it is possible to masquerade as you and apply for loans or credit cards. The long term effects of such compromises can be very damaging for your credit rating. This is a notoriously difficult situation to recover from.
As you can see, the effects of a compromise of your system can be very costly. It affects both your personal and your work life. The repercussions are mostly obviously financial but can also affect your status and how you are perceived by others. The resulting damage will also not necessarily be short lived. Your relationship with your friends and employer can be permanently affected. Business relationships can be spoiled and your credit rating affected.
In the next 3 articles I will be addressing how you can keep yourself safe from the examples of threats outlined here. Next up are my 5 Golden Rules for staying secure.
If there is anything in this article that you would further help with then please do not hesitate to get in touch.