Security hygiene for the 2020s

Johannesburg, 16 September21: Be more alert. Cybercrime has evolved to become an even greater threat than ever before, as it is not hard to steal someone’s login details, break into their bank accounts or even hijack their identity.

This was not the case ten to fifteen years ago. Cybercrime was not as lucrative, either. Today, it’s a much more dangerous situation. The UK Home Office estimates that global cybercrime is worth around $575 billion¹. In comparison, 2017’s sales among the top 100 arms companies totalled less than $400 billion². The UK’s estimates predate the COVID-19 pandemic, which criminals exploited and could grow cybercrime activities by triple digits.

Don’t be fooled: cybercriminals pose very real threats. However, there are daily security habits that you can practice to make yourself safer in the digital space.

Trust but Validate

“Cybercriminals often focus on inconvenience and convenience,” says Elad Sherf, Global Head of Cyber Defence at cybersecurity company, Performanta. “They will pose a very inconvenient problem, maybe that your bank details are expired and then they will offer a very convenient solution i.e.: click on this link to sort it out. But that link is actually going to steal those details. Criminals try to keep us on autopilot with narratives that blend with our day to day lives, that may appear urgent and trigger our fight or flight impulses. They put a lot of effort into making something feel legitimate and irresistible that requires devoted attention. The top thing we don’t do for security is practice vigilance. We should be more suspicious during our daily online habits.”

Cybercriminals go to great lengths to fool their targets, even phoning people to make things seem official (a tactic called social engineering). To counteract these, Sherf has the following tips:

• Be suspicious. If something is unexpected, urgent or requires payment, give it a much closer look and question its authenticity.
• Responsible companies, especially banks, will never ask you to transfer funds to a different account or for your login details, including full passwords, card pins and security tokens via email, over the phone or in a text message.
• If you aren’t sure about a message or a call, search for the company in question’s official phone number and call them directly.
• Remember that if you hang up the phone to wait at least 20 seconds till the line is fully disconnected.
• Do not click on links or attachments on unsolicited emails. If it might be important, go to the official app or website independently.
• If you’re still in doubt, check with family or friends before taking any action.

Slow down on apps

Phone apps are not as safe as they might appear. Even on official app stores, criminals sneak in dangerous or hijacked apps. Unfortunately, this is not easy to police, and requires vigilance from people who download apps.

“The important thing is to keep your app ecosystem hygienic,” says Sherf. “Download what you need but uninstall what you don’t use and check the app’s reputation on the app store to see if there are problems with it.”

Tips for better app security:

• Only download apps from official app stores. Avoid downloading and installing ‘rogue’ apps from third-party sites.
• Check the reputation of the app and its creator.
• Remember that a single password isn’t enough to protect a personal app account – use multi-factor (MFA) authentication (such as a one-time pin) especially with valuable accounts.
• Beware of apps that offer something for free, such as easy access to content or easy wins
• Watch out for apps and app messages that claim you have security problems. Those are often attacks disguised to help you.
• Check and review your app’s permission. If it asks for permissions you don’t feel it needs (such as access to your contacts), change the permission or rather not install.
• Remember to use unique passwords for apps, uninstall and disconnect apps that you don’t recognise or no longer use.

Public Wifi and VPNs

Public Wifi hotspots are very convenient but can also be dangerous. Criminals can hack the Wifi router or create a fake Wifi hotspot that looks like the real one, hoping you connect to their hotspot instead.

Staying safe on public Wifi depends on what you are doing, says Sherf: “Are you playing a game? Most criminals don’t care about information like that. However, if you are you logging onto your bank account or email account, they will be able to see sensitive details that they might use to gain access to your account. If you have to do something sensitive, preferably avoid public Wifi and use something such as mobile internet. Mobile internet such as LTE can be hacked, but it’s much less likely. Or use a VPN to encrypt your traffic.”

Tips for using Wifi securely:

• Assume that someone is watching, so don’t do anything you don’t mind others seeing.
• If you have to do something sensitive (such as internet banking) on public Wifi, use a VPN to mask your traffic.
• Avoid Wifi hotspots that don’t require passwords – they are easier for criminals to hijack.

Know your risk

Fighting today’s cybercrime requires a higher level of personal diligence. Cybercriminals are constantly finding new ways to frighten and fool people. Even traditional snail mail can be part of an attack. Criminals can steal your letters to get your personal details and impersonate you.

But how much diligence is enough? It would be best if you tried to understand your risk: “Some people are higher value targets. If you are wealthier or not savvy, if you have access to sensitive information, or something to that effect, you are at higher risk. But many attacks are opportunistic and not specifically designed to target you. This is evident in an email or text message that you can blatantly see is fake because it doesn’t quite add up. What the criminals hope is that you are too panicked or distracted to really pay attention. Anyone can be a target if caught off guard so don’t become complacent, pay attention to your security habits daily,” says Sherf.

¹https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/674046/understanding-costs-of-cyber-crime-horr96.pdf

²https://www.amnesty.org/en/latest/press-release/2019/08/killer-facts-2019-the-scale-of-the-global-arms-trade/

ABOUT PERFORMANTA

Performanta was founded in 2010 and has over 150 staff worldwide, including former CIOs/CISOs from large enterprises. It has a global footprint with a team of 80 analysts working in two SOCs, helping to secure customers across 50 countries, from offices in the United Kingdom, Australia, Germany, South Africa and the USA. Performanta offers a consultative approach to people, process and technology, focusing on security projects in line with adversarial, accidental and environmental business risk. With a holistic cybersecurity view, we understand the modus operandi of the perpetrator and accordingly build an intelligent defence mechanism to make customer environments less susceptible to attacks.

Press Contact:

Mantis Communications

Kerry Simpson

Tel: 079 438 3252

Email: [email protected]