If there’s one thing that evolves as quickly as technology, it’s the ingenuity of cyber criminals. In a world where millions are glued to their multiple mobile devices 24/7 and checking in on social media constantly, attackers are tailoring their spam and scams to these new online platforms and communication channels.
It is a lucrative business, says Pierre Noel, chief security officer of Microsoft Asia Pacific. Credit information on one person can fetch up to US$50 (S$68), while personal addresses are worth US$0.01 each.
On the business front, advanced attackers continue to exploit weaknesses that companies fail to anticipate. Last year, cases where networks were breached with spear-phishing attacks increased by 8 per cent, says Tan Yuh Woei, senior director for Asean at antivirus maker Symantec. More troubling was the precision of these attacks – 20 per cent fewer e-mail messages were used to successfully reach targets.
As attacks get faster and code more malicious, no company or individual can ever be completely immune to cyber threats. Hyper vigilance, however, will help to safeguard against vulnerabilities. Here are six common cyber risks and how to nip them in the bud.
01 Working with multiple devices
Mobile smart gadgets are a godsend when it comes to speeding up business communications, but it’s easy to forget that they provide additional entry points to attacks. Be sure to trace logins by giving access to only trusted devices, says Vic Mankotia, vice-president of security and application protection interface management for the Asia-Pacific and Japan at IT solutions company CA Technologies. Digital certificates, which electronically verify user identities, are the gold standard, while a good corporate education programme on best practices, such as acceptable use policies, also helps.
02 Using the cloud for storage needs
The cloud has made it more convenient to share and access data. However, that has also made confidential information more susceptible to being leaked – especially with the prevalence of using multiple devices and integrated platforms. Always limit and verify access rights to cloud service accounts. A reputable cloud storage provider should have privacy policies to protect users and data sovereignty, says Noel.
03 Using an e-wallet service and saving credit card details on frequently used sites
Spam is as annoying as it is dangerous. It can redirect to fraudulent versions of e-wallet service sites such as Paypal. There, one will be prompted to provide banking details. Some tricks that suspicious e-mail messages employ include invalid e-mail addresses and links, threats of losing a service, generic greetings such as “Dear Guest” and poor spelling and grammar. Only provide personal information like credit card numbers over secure websites – URLs should start with “https” rather than “http”.
04 Using the same password for multiple accounts
As obvious as it seems, many continue to do so. Over three million passwords last year were made up of personal information like birthdays and lazy codes like “123456”, reported US password management-applications maker Splashdata early this year. Change passwords every three months. They should be complex and unique, with a combination of upper- and lower-case letters, numbers and symbols. A free password manager like Norton Identity Safe stores and syncs passwords across multiple devices, so there’s no need to remember multiple complex passwords.
05 Using public Wi-Fi networks in airport lounges and hotels
Being password-protected doesn’t make them more secure; such Wi-Fi hotspots actually make it easy for cyber criminals to track online activities and steal personal information. When on such networks, hold off visiting websites that require a login. Tan suggests using a virtual private network (VPN), which is a network-within-a-network solution that renders one invisible. Install a free VPN service like Cyberghost, or pay for something like Air VPN for tighter security. This way, communications will be encrypted and kept away from prying eyes.
06 Not updating software and operating systems
It may seem like a troublesome task but that mindset is exactly what hackers are banking on. Without the most updated security fixes, personal data or system access can be digitally “kidnapped” for money in what is referred to as crypto-ransomware. And there’s no guarantee that the victim will get the promised decryption key. Make sure all software – from operating system to browser and plug-ins – is current, as well as security software subscriptions, in order to keep track of new malware variants released every day.