Our lives are quickly becoming increasingly more digitalized. Some of us are online 24/7 with their smartphones. All thanks to WhatsApp. And then there are tablets, laptops, and PCs, both in our private and professional lives. We’re clever though, we set the anti-virus software to update automatically. And then we think our IT security is covered.
Feeling safe in a digital environment is normal. We use software at work every day. We do everything online: comparing, buying, booking. Apps and programs also help with financial activities. It goes without saying that we manage our money online. How else?
Digital normality poses a threat to IT security.
We can hardly keep track of the number of interactions with computers and other digital tools each day. Here lies a great risk. It has become so normal that we do many things semi-automatically and quickly. What can happen? There is this reset arrow to undo everything. Am I right, Alexa or Siri?
Then you get an email, presumably from a good friend. You click an attachment or link that opens a banal image. You are surprised and forget about it. However, from this moment on your system has been infected by a Trojan that is spreading through your professional and private network. There are Trojans that only activate after years.
Elementary IT security rules and tips for today and tomorrow:
1. First and foremost: one of the most important and well-known rules. Do not open attachments and links if you do not know the sender or find something suspicious. Verify if the message really originated from the known sender or whether this is just a pretense? Even then it’s possible your friend’s or colleague’s inbox has been affected.
2. Note that devices within the Internet of Things (IoT) might potentially also be at risk: You would be stumped if a Trojan had infected your garage door remote control or a building’s entire locking system or if an “intelligent” car is intentionally steered off the road. Individual IoT devices may also act as gateways to home or company networks enabling infections with computer viruses and worms. We have all heard of IoT device bot farms used as part of criminal activity. Protecting the Internet of Things will soon be a profitable business area for IT security departments.
3. Artificial intelligence (AI) may soon be used to penetrate networks as part of targeted attacks. IBM researchers have developed malware that flies under the radar of security software. It is only activated once it identifies the face of a certain user.
4. Avoid websites providing next to no protection during online shopping. Fake online shops are particularly dangerous as they were created to sell low-quality or counterfeit products and phish for user data. Make sure that you are dealing with a legit provider. In most cases you can Google the shop’s URL to find out whether something is not right.
5. Soundloggers are a relatively new way of phishing for elements including passwords. These programs are a keylogger sub-type. While traditional keyloggers record which keys on a keyboard are used, soundloggers are even more sophisticated. They can identify the frequency of strikes and the sound of the click when using a keyboard.
6. Protect your cloud(s), for instance by always encrypting data transfers and traffic, a measure that makes sense at least for areas relevant to security and your emails.
7. Use secure passwords featuring digits and special characters to log in to networks and services. Here’s a trick to help you remember complex passwords: Phrase a sentence, for instance “I have been regularly reading the Westhouse blog for 12 weeks”. Use the first letter of each word, in this case: IhbrrtWbf12w”. There are plenty of other methods out there.
The eighth area of IT security susceptible to attacks is often overlooked:
8. The human factor. Attacks on users can be fully digital, completely offline, or a hybrid of both.
However, such attacks are often more time-consuming, frequently demanding time and patience. Still, depending on the targets (banks, stock exchange, research, patents, tenders, accounting, authorities, etc.), it may still be worth it for attackers. There’s this likable guy who also eats down at the local bistro and you initially add him to your Facebook. All of a sudden a travel agent is sending access credentials to a competition to the employees of a defense company. Or let’s imagine the unfamiliar, but dynamic trader you grant access to your company’s printer. He’s waving the fake order form about. A form that took him five minutes to create in Paint…
There is an even easier way: Data can also be harvested by Bluetooth, via unprotected WiFi networks or by looking over your shoulder onto the smartphone or laptop screen at the airport, in the park, or on the train.
There are many more areas susceptible to attacks. However, you can significantly contribute by occasionally stopping and thinking about the daily risks to IT security. You are on the front foot if you can prevent the attack or at least take notice of it. – Good luck and stay on the ball! Your Westhouse Group.