Friday, 22 September 2017

Staying safe online

We all know how to protect ourselves against infection, don’t we? We know to sneeze into our elbows, wash our hands after visiting the toilet and to use barrier methods when doing anything particularly intimate. We all know these things, even if not all of us follow the advice we’re being given. But we know.

Do we really know how to protect ourselves when we’re in front of a computer? Do we have any understanding of what the threats might be? Do you have any idea what the impact would be on you and your company if you fail to protect yourself?

We recently had a very useful lesson about cybersecurity. In May this year computers around the world were attacked by the so-called “WannaCry” ransomware. According to the BBC
“200,000 victims in 150 countries” had been infected including hospitals in the UK which “left hospitals and doctors unable to access patient data, and led to the cancellation of operations and medical appointments.” The attack also affected systems in several European countries and victims in Russia were hit hard.

WannaCry was an example of “ransomware”, a particularly vicious descendant of the old-fashioned computer virus. Once it got onto the victim’s computer all the documents on the computer would remain visible but could no longer be opened. Instead the victim was presented with a message saying that if they wanted to access their documents they need to pay the criminals behind the scheme the equivalent of P3,000 but not by any conventional means. Like all criminals who kidnap for ransom, they wanted payment in an untraceable form, in this case Bitcoin.

This particular example was focussed specifically on Windows computers and in particular those using older version of Windows, and those who haven’t been downloading the regular security updates that Microsoft releases. It also did its best to spread itself across any network in which it found itself so that once one computer was infected, all the other vulnerable computers on the network would likely be infected as well.

The worrying thing is that even though this attack targeted computers that were running very old versions of Windows, most notably Windows XP which became unsupported by Microsoft more then three years ago, there are still many businesses that persist in using it. Within a few days of the WannaCry attack I saw a computers running Windows XP at an airport check-in desk and, much more worryingly, in a hospital. I know my fellow techies will say that it’s often hard to upgrade certain “legacy” systems but I don’t care. Which is more important to you, saving money upgrading systems or the security of your customer and patient data?

What would happen to your business if all your files were suddenly inaccessible? Would you be able to continue? How would you sell anything? How many customers would you have left by the end of the week?

What’s more worrying to me is how risky some people’s behaviour can be. Just like in other areas of life, people are frighteningly careless, inserting memory sticks from unknown sources into their devices or visiting dubious web sites and allowing them to install software on their computers when they are offered something that’s either free or titillating. It’s just as worrying when I see people in coffee shops and restaurants using the free WiFi and doing some extremely reckless things.

Like online banking.

In case you don’t know this already, you should never, except in a national emergency, and probably not even then, go to your bank’s online banking service when using a public WiFi network. Just don’t, the risks are too high.

The biggest risk is that the WiFi network you join might not be real. You see a network called “CoffeeShop” and that’s the one you join, yes? But how do you know it’s for real? How do you know it’s not a fake network designed to lure you into connecting?

Even though it’s beyond the skills of most of us, a moderately skilled techie can set up a fake WiFi network very easily. I know this for a fact. Because that’s exactly what we did at the recent Consumer Watchdog conference.

Our technology partners, IT-IQ set up an unsecure WiFi access point at the conference center and conducted what they call a “man in the middle” attack. That allowed them to monitor the traffic that went through their network. During the session when the network was available 55 people connected to it and each one of them could pick up their email, surf the web and post pictures on Facebook. Not one of them realised that they’d been deceived.

Obviously on this occasion nothing unethical was done but it showed how easily smart, cyber-smart people could fall victim to such a fake network. The look on the faces of some of these people when IT-IQ held a cybersecurity workshop later that day when they were told what had happened was both funny and scary. When they were shown details of some of the web sites they had visited to prove what had been done people learned a very valuable lesson. If this is what good, ethical guys can do, what do you think the bad guys will do?

So here are some free tips to help you stay safe online.

Don’t use unsecured public WiFi networks for anything sensitive. You probably shouldn’t use them for anything but be particularly careful not to visit any online financial services such as banking and BURS when connected to one.

Don’t use out-dated and unsupported operating systems such as Windows XP. If your computer is too old and underpowered to use a later version of Windows then install a form of Unix such as Ubuntu or Linux. They’re free and come with almost everything most of us will ever need. Or use a Mac.

Use one of the free malware protection services. You don’t need to use the one that came with your computer that costs money, choose a free alternative, they’re just as good.

Above all, we must all educate ourselves. Don’t ever think you’re too unsophisticated or old to understand technology. Just because you don’t understand how a car works, does that mean you don’t wear a seatbelt?

No comments: