Security: Making yourself a hard target for hackers is easier than you think

Teaching staff even the most basic cyber security techniques can help protect them in the workplace – and at home.
Image: iStock
We seem to be in the grip of a data breach epidemic. Whether it’s big businesses falling victim to cyber espionage campaigns, workers foolishly handing over their credentials in reply to phishing emails from fraudsters or just consumers getting their PCs infected with malware there are security threats everywhere.
远东宏信担保的4亿美元资本证券交易许可预计12月5日生效
But the reality is that it doesn’t have to be this way: with a few simple precautions businesses and consumers can do a lot to secure their accounts and data.
Strong passwords, two factor authentication, anti-virus and backups are just some of the simple things users can employ to protect themselves from cyber attacks – yet breaches and cyber attacks show that some of the most basic advice is often not followed.
“We pretend this is the most complicated thing in the world and yet strong passwords, backing up your data, updating your security software: security isn’t that difficult,” said Raj Samani, Chief Scientist at McAfee.
The UK’s National Health Service was one of the most high-profile victims of May’s global WannaCry ransomware virus outbreak, with a significant proportion of hospitals taken offline – some which didn’t have systems restored for weeks.
An investigation following the incident found that NHS Trusts had been warned to apply critical patches to prevent systems being exposed to the EternalBlue Windows vulnerability which powered WannaCry, but that many failed to do so. Of course, nobody knew that just a month following the warnings that WannaCry would hit, but failing to patch systems left many organisations open to attack.
“If I’d come to you in April and said there’s going to be a massive worm, it’s going to be infecting with ransomware, how do you protect yourself against it? Everyone knows how to protect against that,” said Samani, referring to how patches would have been prioritised.
“I understand there are business pressures which are that patching and updating systems isn’t necessarily simple to do, but yet we all know how to have prevented these attacks, so let’s not over-complicate the issue,” said Samani.
Making security your problem
What can potentially help is to personalise the issue: it’s all very well telling users that they should follow a particular company policy in order to ensure security, but in many cases, if the user doesn’t understand why they have to follow a particular rule, they probably won’t do it.
Explaining what threats could be waiting online and how to to protect against them can go a long way towards boosting enterprise security.
See also: What is phishing? Everything you need to know to protect yourself from scam emails and more
“Someone going into a work event and learning about why it’s important to have a strong password on their email or why not to transfer money when booking a holiday, all these best practices they learn for themselves become second nature in the business,” said Sarah Martinez, communications director for Get Safe Online, an organisation which provides information and advice on online safety.
And while some might expect digital-native technically-savvy younger people will bring better security awareness with them as they become a bigger part of the workforce, research by Get Safe Online suggests it’s people aged 18-24 who are most likely to fall victim to phishing attacks.
The organisation recently ran a ‘training academy’ in which it taught grandparents the skills they needed to carry out phishing tests on their grandchildren – and by using just simple techniques many of the targets fell for it.
While it wasn’t a real cyber criminal on the other end of the email exchange, it demonstrates how easy it can be to fall for a cyber attack, especially if basic security principles aren’t adhered to.
您的组织中的员工跳槽情况如何?相信您的组织已经将员工离职的信息安全工作流程化,如果没有的话,我们提醒您及时建立起删除离职员工账号和访问权限,与离职员工签订适当的保密协议、竞业协议等等流程。
“It was cheeky, but the idea was to demonstrate we can’t be complacent and think we’re not at risk. This was easy, it was first-page Google search tech which we showed 65 year olds,” said Martinez.
This ‘Scammer Nanas’ experiment demonstrated two things: firstly, how easy it is for fall victim to online attacks and secondly how people with only the most basic training – even if it is cribbed from an online search – are capable of luring victims.
And while the premise of using grandparents as attackers might seem far-fetched, thanks to the rise of cybercrime-as-a-service, almost anyone who wants to dip their toes into hacking and cyber crime has the option to do so, even if they lack the skills.
“The challenge we have now is that my 12-year old daughter could launch a ransomware campaign,” said Samani. “The technical barriers required to become a criminal working in the digital world has actually lowered”.
“That’s the challenge; we want to make it difficult from an ROI perspective, but the economy has made it so much simpler to do this,” he added.
Ensuring that even the most basic cyber security procedures are adhered to the theory is that not only would it help to protect individuals and organisations against attacks, but even simple barriers could prove enough to stop some cyber criminals from conducting malicious activities because the time and effort required to conduct the attacks is no longer worth it.

READ MORE ON CYBER SECURITYOnline security 101: Tips for protecting your privacy from hackers and spiesInternet of Things security woes: Can smarter consumers save the IoT from disaster?Darknet 101: Your guide to the badlands of the internet [CNET]After WannaCry ransomware attack, the NHS is toughening its cyber defencesSecurity experts: Every business should have a security and encryption policy [TechRepublic]
Related Topics:
Security TV
Data Management
网络通过多年的发展,与现实之间的界限早已越来越模糊,网络代表的不仅仅是虚拟的世界,它与我们的现实生活有着千丝万缕的联系。为了通过网络手段达成现实中的某些目的,早已是惯用的手段。

猜您喜欢

大数据时代,如何保障个人信息安全
移动僵尸网络防范
Security-Frontline-安全前线
大连接时代:创新 智能 变革
ASHLEYELLIS SPSS
安全培训“超融合”彰显大安全理念