If you believe cybercrime is something that only happens to businesses and “other people,” now is a good time to reboot your attitude.
South Africa currently has the third highest number of cybercrime victims worldwide according to Accenture, with cybercrime costing South Africa R2,2-billion per year. Beyond that, the Cisco Talos Quarterly Report: Incident Response Trends in Q3 2022 suggest that cybercriminals are consistently expanding in the sectors they attack, with education, telecommunications, financial services, government, and energy sectors all bearing the brunt of cyber-attacks.
“Most people don’t fully understand the gravity of the situation,” says Dave Lewis, global advisory CISO at Cisco. “They think that security people are running around with their hair on fire, but the reality is everyone is a target of opportunity for an attacker.”
Here are five steps that can help you stay safe in a world of rising cybercrime.
Mind your passwords
You’ve heard it before – don’t reuse the same passwords for different sites. If you do, you’re making the attacker’s job easier, even if your passwords are strong. A hacker could break into a website, steal your username and password, and run those credentials against other websites to get even more of your information.
But, you say, how do I remember dozens of different passwords? A simple solution is to write them down. Don’t write them on a sticky note on your computer monitor. Store them in a digital password manager or record them in a file that you keep in a safe place. That way you don’t have to commit them to memory.
Use multi-factor authentication
Passwords need to be paired with multi-factor authentication (MFA) to create an effective security control. A password is like a house key. You can use it to lock your door and protect your possessions, but if it falls into the wrong hands you could wind up losing your valuables. That’s because a key – a password – does nothing to validate who comes through your door.
That’s where MFA comes in. It’s an authentication mechanism that grants you access to a website or application only after you successfully present two or more pieces of evidence, such as a PIN number or a device such as a cell phone. Today, most websites allow you to enrol in some form of MFA for better security.
Turn on automatic updates
Enabling automatic updates is an easy way to reduce your exposure to cyberattacks and can be done with a few clicks on your Mac or Windows machine. In most cases, this is true for Linux machines too. When a security vulnerability is announced, there’s often a very short window before a cybercriminal cooks up an exploit to take advantage of it. Enabling automatic updates, or patches, ensures your system is always running the latest versions of software.
Be sure to do this not only for your operating system but especially for your browsers (Safari, Chrome, Firefox, Edge, etc). Most of our internet activity – for work, email, shopping, banking, and so on – is done via browsers. And browsers are a favourite target of cybercriminals.
Be sceptical
According to author and journalist Malcolm Gladwell, human beings are wired to trust by default. In the online world, this can land you in a world of pain. Phishing scammers rely on your trust when they email you a link or attachment to click on a bad link. Bad actors rely on it when they impersonate a tech support person or IRS agent on the phone to extract information from you.
Still, others rely on it when they invite you to fill out a survey in exchange for a $200 gift card. In many of those circumstances, they may intend to catch you off-guard with a sense of urgency. In all these situations, it pays to be sceptical.
The same is true in some situations in the offline world. If you’re out in public or travelling, an attacker can stand near you and scan your RFID-enabled credit cards, eavesdrop on a phone call in which you give your credit card information, or even glean information about you from your baggage tags. In such cases, you can reduce your risk of cyberattack by sharpening your situational awareness and exercising a degree of scepticism about the intentions of people around you.
Ask questions
Often we don’t ask questions because we’re too trusting or too embarrassed. But asking questions is how we learn and take control. For example, if you don’t know how to set up MFA or how to turn on automatic updates, ask someone who does. It could be a security practitioner at work or a tech-savvy friend or family member.
For security practitioners, a helpful practice is to empower people and peers to ask questions. It’s easy to get impatient and frustrated with those who are less tech-savvy, but it’s precisely this behaviour that makes some users reluctant to speak up. Instead of chastising users for their security faux pas, start the conversation with them and try to tap into their innate curiosity.
These five measures will help reduce your risk of exposure, even at a time when the bad guys are pulling out all the stops to make you a cyberattack statistic.