2019 has been a great year… for cyber criminals and hackers. Over 4.1 billion records have been breached by cyber criminals through an untold number of attacks over the course of the year. Breaches have affected major players including the likes of Facebook, big banks and the Fortnite game. Added to this, vulnerabilities were found on Android, iOS, and Windows in 2019 that often gave hackers a free hand to access your devices.
While sometimes there’s really nothing that you can do to help, such as with the vulnerability on WhatsApp that allowed hackers to access your phone’s microphones and other features, at nearly all times you can be your best defence!
What Can You Do
The main thing is to be alert. Cyber-attacks can come in many forms. It’s essential to always be alert and treat every communication and notification with a healthy dose of suspicion; especially when it is clearly not from someone you trust. Even when it is, always lookout for things that may be out of character.
Think Before You Click
Nearly all attacks require that the user does something to enable it. Most attacks will come in the form of Malware or Phishing.
Who among us can resist the temptation of clicking a link that says something like “Miley Cyrus Naked Twerking” or “Work Part Time – Earn Full Time”? Sadly it’s these kinds of links and posts that often lead to your devices and data being compromised. Never click something unless you know it’s genuine.
Email & Messaging Are Hugely Vulnerable
Phishing is a malicious attempt, by a third-party, to obtain sensitive information from you by masquerading as a legitimate organization. A typical scenario might go something like this; you receive an email from what appears to be Facebook Support asking you to verify your password and phone number. You are to click a link and follow the instructions and graphically, everything will appear to be legitimate.
First, always ask yourself, how likely is it for Facebook, or whatever the organization maybe, to ask you for this? Next, check the email address and the URLs. If it is a button, hovering over it will show you the URL. This applies to pop-ups too.
Does the URL and email address make sense? In the Facebook example above:
A legitimate request might have a link like this: www.facebook.com/verify
But never: www.facebookverify.com
Or there could be subdomain used, like this: www.verify.facebook.com
But never: www.facebook.verify.com
Always make sure the domain that the URL is pointing you to is the same as the domain used by the legitimate service. This is important when verifying email addresses too. Here’s an example:
Legitimate Email Address: “yourbestfriendsname@yahoo.com”
Malicious Email Address: “yourbestfriendsname@yahooo.com”
Protect yourself by reading emails carefully before opening attachments or clicking links. Verify that the email is from a trusted source. Be very cautious of generic subject lines like, ‘CHECK THIS OUT!!!’, ‘YOU WON’T BELIEVE THIS’ and the like. Ask yourself whether, in your experience, the sender would use such language. Always remember, WHEN IN DOUBT DO NOT CLICK! Be especially wary of executable files and office files. Always check that the email address of the sender is correct.
Spam is more irritating than harmful, but it can lead to malware infections and you exchanging hard-earned money for copious quantities of snake oil. No, those penile enlargement pills don’t work, you won’t find the solution to your financial problems in your inbox and no, you cannot win the lottery or anything for that matter without actually having bought the lottery or entered the draw.
Never Give Out Personal Information
No bank, institution, law enforcement agency or government department nor any representatives of these organizations will ever contact you by telephone, email, SMS or any other way and ask you for your personal information for any reason. No matter how genuine it may seem, never give out your information. Should you ever receive such a communication report it to the relevant authority or politely ask for a contact person’s name and then say you will first verify this request through an official channel. Then contact the relevant organization through their publicly available contact information and never through the contact information provided by the party who initiated the communication.
Other Security Measures
Trusted Apps– Always use trusted apps from Google, Apple or Microsoft Stores. Even then, make sure to read the reviews and more importantly, make sure it’s actually the app you want to download and not a malicious app masquerading as the genuine one like this one did for Whats App.
Secure Your Devices –Encrypt wherever possible and use passwords or PINs and, when using bio-metrics, make sure they’re secure. For example, many devices will offer face-unlock but this method can easily be tricked.
Change Passwords –Change passwords frequently and if necessary use a password manager to manage your passwords so you only need to remember one passphrase.
Review Activity –Review your login activity for all your accounts, especially banking-related accounts so that you’ll immediately notice anything suspicious.
Recovery Methods – Make sure you can recover quickly and with minimal damage in the event of a breach. For easily lost devices such as mobile devices, make sure security features such as “Find My Phone” are turned on.
Backups – Make sure your data is backed up. Cloud backups are easy and can be automated but the most reliable will be physical backups to encrypted drives that are not stored alongside the relevant devices and that are effectively offline. An effective backup regimen will see that ransomware attacks can never get the better of you.
Avoid Public Wi-Fi and Public Computers – Just avoid these like the plague. If you must use public Wi-Fi, make sure you use a reliable paid-for VPN service or TOR, especially for sensitive activities like logins to email or banking.
Avoid Public Chargers & Untrusted Charging Cables – These can compromise your devices using USB data transfer protocols. Never allow anyone you do not trust to plug anything into your devices. If absolutely necessary carry a power bank and charge through the power bank or make sure to get a USB charger cable that expressly does not support USB data transfer protocols.
Never Give Your Phone or Laptop to Anyone You Do Not Trust – Never allow anyone to use your phone or other devices if you do not absolutely trust them. If someone you don’t know asks to make a call, dial the number for them, then lock the device and give it to them. When showing information to others use features like window pinning in Android to prevent unauthorized access.
Do Not Answer Fishy Calls – Calls from far-flung countries or numbers that ring once or twice and cut the line are extremely suspicious. Do not answer them and don’t ever call them back. You could have your device compromised or be charged high fees for calling “Special Service Numbers”.
Tech Support Will Never Contact You –
You will always have to contact them. Don’t ever dial codes or mess with settings on the instructions of tech support if you haven’t expressly initiated the communication.
Money Issues – Never send money to anyone to receive a larger sum of money. Sometimes attackers will offer to pay you for something or the other and then send you a cheque or transfer for a sum larger than what was originally discussed and then ask you to send the excess back. Never do this until you confirm with your bank that the money transfer or cheque is legitimate.
A Final Word
Our devices are increasingly complex and there are many ways to attack them. For example, it is possible to initiate attacks on mobile phones using the base band of the phone, which handles cellular communications without the knowledge of the user. However, these methods are impractical unless you’re being specifically targeted by a three-letter agency or are a billionaire or something like that. However, it’s important to be aware of the existence of these threats.
We understand that it’s difficult to keep track of all these things. But if you ever notice anything suspicious or out of the ordinary, stop immediately and reevaluate the situation. If ever in doubt, just stop until you’re absolutely sure.
As we head into 2020, let’s take charge and be the front line of our own tech’s defenses. As we mentioned earlier, you are the biggest vulnerability and nearly all attacks will need your cooperation; so don’t cooperate! At least not willingly.
Stay safe and stay aware! Here’s to a data-secure 2020!