Sure, this might not be one of the most cutesy or heart-warming days of the year, but it’s definitely one of the important ones. Also called Cyber Security Day or Internet Security Day, every 30 November, the international community attempts to raise awareness about computer security issues.
So let’s dive into the matrix to look at what some of those protocols are, and what tools you can use to fend off cyber-attacks from malicious software and wealthy Nigerian princes.
What is cybersecurity and why does it matter?
Cybersecurity is a collection of processes, technology and practices that help protect our online networks, devices and data from being stolen or destroyed. The 21st century has seen more and more of our personal data uploaded into computer systems and the cloud. Unfortunately, there’s no avoiding a digital footprint, whether you’re an Insta-selfie junkie, or have nothing more than a social security or tax file number.
Like it or not we live in a digital age where our data has value, providing the incentive hackers and other less scrupulous types need to steal it. In the 9 months to September 2020, Australians lost more than $116.5m to scammers with investment and dating scams the most lucrative.
As cybersecurity measures become more sophisticated, so to do those looking to steal data. Which is why International Computer Security Day is an excellent opportunity to reset passwords and educate yourself on the latest security threats and how to protect yourself from them.
Don’t think of this as yet another tedious chore to add to the To-Do list. Instead, picture yourself as the star of the latest John Grisham novel, pitting your wits against shady internet villains to keep the world a safer place!
Exciting, heart-pounding stuff. Right?
The 3 most common internet scams
Does something smell phishy?
No - not a typo. We’re talking phishing scams - attempts by cybercriminals to steal data such as logins, credit card details, passwords, etc. From there, they can steal your money or your identity.
The most common phishing scams are emails asking for information or money. They either try to scare or lure their targets with threats or incentives such as:
- confirmation of your account details to avoid “your account being suspended”
- payment to receive a package
- payment to avoid fines or overdue fees
- help to transfer money, for which you will receive compensation (hello Nigerian prince)
- confirmation of identity to receive an inheritance from a long, lost relative
- confirmation of identity for winnings in a competition you never entered
More sophisticated emails will use the same branding or names as legitimate businesses such as banks, postal/delivery services, government departments, web hosting services, etc., to gain trust. This method of using physical and psychological trickery to fool people into giving away sensitive information is called “social engineering”.
Less common are spear-phishing or whale phishing scams. Unlike the scatter-gun approach used in regular phishing scams, these are incredibly well-researched to target specific individuals and organisations.
Even if an email looks legit, never - NEVER - click on links or confirm your details using information (such as website links, emails or phone numbers) included in the email.
If the “ATO” is threatening legal action if you don’t pay $1,000 in bitcoins or gift cards by Tuesday, head to Google and search for the ATO’s details and use those to contact them directly. Better still, head to the ACCC’s Scamwatch site where you can find new and ongoing scams, and sign up for scam alerts.
Beware malware misadventure
These malicious little nasties are designed to gain unauthorised access to your computer and wreak merry hell. There are various types of malware that include:
Essentially malware is a piece of code embedded in a file or software program to damage, control or steal your data. It could enter your system through an infected email attachment, or a software download.
Ransomware takes the hostility to a whole new level. Rather than sneaking in, only to be detected at a much later stage, ransomware is a very open attack. The program will happily advise your computer has been infected and demand payment to fix damage, or keep data private.
Your best bet to protect against malware is to have a reputable antivirus software, enable firewalls and only open or download files from trusted sources. Also be sure to regularly back up your data to independent locations. If your information is compromised, this gives you the chance to restore it after scouring your system of malware.
Not even remotely legitimate
Have you ever received a surprise phone call from some tech company advising your computer is infected and you need their help?
Isn’t it wonderful that large organisations who usually leave you on hold for half the day (if you can find a contact number at all) are now making personal calls because they’re suddenly SOOO concerned by something you never even logged as a problem in the first place!
Usually this surprise caller will advise of all sorts of issues in lots of tech-y jargon, so novices are thoroughly confused and worried. The next step is to download a program so they can access your computer and remotely “fix” it for you. At which point, you can whip out your credit card to pay for this favour.
At best, you’ve just been duped for a totally bogus service call. But chances are, now they have remote access to your computer, they can create new problems to “fix”, or install software to track your keystrokes to steal your login and personal information.
Your best bet with this sort of call is to promptly hang up. If you’re genuinely concerned, find a reputable local computer specialist to give your system a once-over.
Keeping ahead of cyber threats and scammers
As long as the internet exists, so will internet fraud. But there are a couple of things you can do to minimise your risk and protect your data.
Take 2 steps to verification
Not sure what 2-factor authentication (2FA) or multi-factor authentication is? The 2-step verification process helps identify an individual as the account owner to prevent unauthorised access. This might require a fingerprint or unique verification code to be entered at login, with codes sent to the email or phone number provided when the account was set up.
Without the code, the account cannot be accessed. Failed attempts, or attempts from unknown electronic devices, can also trigger a warning to give the owner a heads-up that something hinky might be going on.
Many government and financial institutions have introduced 2FA for their online portals, and you can opt to set up 2FA on many of your online accounts.
If you’re a business wanting to give your customers an added layer of cybersecurity, then chat to the team at Refuel about setting up 2-factor authentication on your website.
Discover the ease of a password manager
If the thought of keeping track of all the different passwords you need for every different site leaves you sobbing in a corner, dry those tears. There are a number of online password vaults where you can store all your passwords for easy access. This is a much better option than using one password for every site, which is a major security no-no.
Good password managers offer features such as:
- Random password generators
- 2-factor authentication
- Access across multiple devices
- Browser extensions
- Auto-fill functionality
- Duplicate password alerts
Here at Refuel we use 1Password, but other reputable options include LastPass, Keeper, Dashlane, PasswordBox and Zoho Vault.
Once you’ve chosen a password manager, you can create and store unique, secure passwords for all your online accounts. Of course, your password manager will require its own unique password which you do NOT want to lose or forget.
Even so, it's still a good idea to change your passwords on a regular basis. Make International Computer Security Day your day to create new passwords, close accounts you no longer use and check your existing security protocols. Pop it into your calendar now!