There are things you can do to reduce your risk.
Okay, Donald. Given the growing frequency of high-profile, major data breaches, you could be forgiven for thinking that we are all being hacked. Sony, Yahoo!, Ashley Madison, LinkedIn, Dropbox – the leaks of supposedly secure data keep coming: hundreds of millions of usernames, passwords and credit card numbers have already been scooped up by cybercriminals.
Much of the time, nothing bad seems to happen to us; we change our passwords and carry on firing things into the cloud. It isn’t until cybercrime hits close to home that we begin to think about our online security.
In the past couple of weeks, two friends have had their webmail accounts hacked. In one case, the hack nearly derailed a company’s annual meeting, and in the other, many important files, including the draft of a novel, disappeared into the ether.
Had they used stronger passwords and two-factor authentication, which offers an extra shield against hackers trying to access your online accounts, they’d have saved themselves a lot of grief.
Elsewhere ransomware, phishing, identity theft and denial-of-service attacks are growing in sophistication. Governments are becoming increasingly worried that the economy and our critical infrastructure are vulnerable to major disruption by cybercriminals.
Our Government’s response has been to develop a national cybersecurity strategy and to launch Cert – the Computer Emergency Response Team – which has been allocated $22.2 million over the next four years.
Cert will serve as the place where online scams and hacking attacks can be reported. It has a website and an 0800 number. But it’s not an IT helpdesk that you can call when your computer freezes and a scary screen pops up demanding you pay a large amount of money to have it unlocked.
That was the hypothetical ransomware attack I gave the Cert team when I called 0800 CERT NZ (0800 2378 69). I asked if the team could help me remove a bug from my computer and I was put on hold for a couple of minutes while the Cert staffer conferred with her colleagues before directing me to an online form, which asked me a lot of questions about the issue. But within a day, Aaron from the Cert team was in touch offering to run some tools over any files I could get off my computer to see if he could decrypt them.
Cert’s role is to get a good handle on the types of scams and attacks we are facing online so it can help businesses, ISPs and government agencies respond more rapidly and keep their systems as secure as possible, keeping us safer in the process.
Cybersecurity experts say it is a step in the right direction given that surveys show seven out of 10 New Zealanders have experienced a cybersecurity issue and the average financial loss for small and medium businesses that had been the subject of a cyberattack is $19,000.
“In the longer term, we need to invest more in cybersecurity innovation, which will enable people to help themselves when they are faced with a cyber threat,” says Ryan Ko, head of the Cyber Security Lab at the University of Waikato.
Ko’s lab supplies Cert with feeds of data detailing the latest security exploits and is also working on Stratus, a six-year, $12 million project to develop tools that he says will help computer users regain control of their data.
He describes a “remote kill switch” that searches the internet for your files and allows you to delete them, tackling the nightmare scenario of having your photos or documents dumped on the web.
The Waikato team are hoping their security tools can become a standard in the IT world. More such innovations will be required to combat cyberattacks, which, as the US found with the hacking of the Democratic National Committee’s computer servers during the race for the White House, are undermining democracy itself.
The mobile phone and Internet of Things devices increasingly in our homes give hackers and scammers new lines of attack, says Ko.
But it is so-called warmware that remains most vulnerable: human beings and their ability to be duped into doing things that undermine their own security.
- Enable two-factor authentication for webmail, cloud services and online banking.
- Use complex passwords, and don’t use the same password to access multiple online services. Use a password vault to manage your log-ins.
- Don’t open attachments from people you don’t know, and be wary of emails asking you to click a link to update your username and password.
- Use some kind of online security and antivirus software even if it’s a free package – and keep it up to date.
- High-capacity hard drives are cheap – duplicate important files stored in the cloud and use encryption to make it secure.
This article was first published in the May 13, 2017 issue of the New Zealand Listener.