Provided by Wilna Meiring, IRMSA Risk Intelligence Committee Member
From online transactions and banking to shopping and gaming, cyber attackers are methodically finding new ways of using your devices against you, making each one of us increasingly vulnerable.
In order to have a positive and safe experience in the digital world, we need to understand the ever-increasing diversity of digital threats and equip ourselves with the necessary knowledge and skills.
Unfortunately, too many users/consumers are oblivious to the threats and how quickly cybercrime is evolving.
Hackers are no longer as interested in breaking through firewalls or systems just to show they can. Their focus has shifted to theft of personal information and identity theft for financial gain with phishing being the most common method used to trick/deceive you into disclosing your data.
According to the 2018 Norton Cyber Safety Insights Report, 37% of consumers globally experienced cybercrime with malicious software being the most common cyber related crime experienced.The report further highlights that less than half of consumers globally have taken any measure(s) to protect their personal information and online activities.
The information below will assist to stay abreast of the risks and to anticipate and safeguard us against some of these threats.
Protecting information online
Companies learn a lot about consumers/users through the data they collect from online activities which assists them in understanding consumer behaviour and developing personalised offerings for targeted advertising. This includes data on preferences when shopping online, social pages that are liked or followed, media channels that are used and the personal information included on social profiles.
Another dimension to the digital world and online activities is sharing – users share news, information, events, pictures, experiences and a lot more to build and maintain relationships as well as create new ones.
Staying safe and secure in a digital world can be difficult. Not all hope is lost though, and there are some simple measures you can take to protect yourself and your information online:
- Be aware of the threats and understand the risks of going online. It is important to be conscientious and not assume that you are safe.
- In this regard, be cautious with online surveys and competitions as some of these may be scams designed to source your information.
- Carefully consider what information you choose to share online, including on social networks, chat rooms and other online media.
- Be careful not to post something that you do not want everyone to see; remember once it’s online, it is there permanently.
- Always use your best judgment: never disclose personal information and keep company information and workplace matters private!
Clearing or disabling cookies
We have all seen the message “This website stores cookies on your computer” while browsing the internet.
So what are cookies? These are essentially a mechanism to how the internet (web) works.
An HTTP cookie is a small piece of data sent from a website and stored on the user’s computer by the web browser while the user is browsing.
Cookies were designed to be a reliable mechanism for websites to remember a record of interaction information or to record the user’s browsing activity. While cookies cannot infect computers with viruses or other malware, the danger with cookies are that cyber attackers can hijack cookies and, therefore, browsing sessions and track individuals’ browsing histories.
Take care to ensure that if you are using a public computer/device, you should delete cookies when you have finished browsing so that subsequent users will not have access to your data (sent to websites) when they use the browser.
Business Email Compromise (BEC)
BEC is a type of attack where a cybercriminal compromises or spoofs a corporate email account of an executive/senior member of staff to defraud the company, its employees, customers or business partners.
In recent years the amount of BEC attacks have significantly increased with the FBI’s Internet Crime Complaint Centre putting global BEC losses in excess of $12 billion (USD) over the last 5 years (2013 – 2018).BEC attackers rely heavily on social engineering tactics and trick unsuspecting employees with well-worded, very specific email requests that appears completely legitimate.
While there are many variations, the attack basically entails targeting employees with access to company funds/finances and tricking them into making transfers or payments to the bank accounts of the cybercriminal/fraudster. Requests typically impersonate senior employees and include an element of urgency and a request for confidentiality.
The same modus operandi is also used to target customers or business partners.
BEC prevention measures that can reduce this risk includes monitoring networks for suspicious emails, encrypting emails, diligently checking the sender details, independently confirming requests with the sender and most importantly employee training given BEC attacks rely primarily on employees’ vulnerability.
Email and connected devices
In some cases, risk-avoidance behaviour by users do not seem to extend to how email and connected home devices are used.Case in point, approximately half of all users cannot distinguish between a real or scam/fake email or are operating their home devices with limited or no protective measures in place.
Frank Abagnale, the subject of the book and film, Catch Me If You Can, states that, “stealing your identity is like counting to three.”
The reality is that we are all at times careless with our information or likely to accept certain risks online. Taking a few basic steps will however go a long way to protect yourself and your privacy:
- Remember the essentials such as ensuring your devices’ operating systems are current and security software is installed and updated.
- Verify the authenticity of a website before entering sensitive or personal information. Check for ‘https’ indicating a secure site or look for the padlock icon, or lock icon, in the address bar.
- Think before clicking on links, opening attachments or installing software from unknown sources – if you absolutely must first verify that the communication is genuine.
- Use complex passwords and change these regularly: for passwords, longer is stronger however avoid choosing real words, sequential numbers or personal information.
- Protect your home network, connected devices and smartphones by using two-factor authentication (2FA) on home computers, email accounts and smartphones.
MEDIA CONTACT: Rosa-Mari, 060 995 6277, [email protected], www.atthatpoint.co.za
For more information on IRMSA please visit: