When your Home should be your CyberCastle…
…and don’t forget your office too!
Technology is undoubtedly a boon to our lives. How did we ever live without wall-to-wall Netflix, YouTube, e-mail, Social Media and endless videos of cats doing silly things?
Yet that very same ultra-connected society has made it both easy for criminals & predators to move silently amongst us whilst isolating us from normal interactions. Big Corporate is very keen that we should do all our businesses with them through web portals, it’s cheaper for them — but is it better? That’s something I’ll explore in a future article but for now, I’m thinking about the nasty folk out there. The ones that swim silently through cyberspace looking for their victim — So let’s make sure it’s not you!
Crime. Thievery. Banditry. It’s always been part of us. One of the oldest professions after Lawyers and ladies of negotiable virtue; It used to be little old ladies collecting their pension that were the victim of choice but these days you’re more likely to be targeted by a cybercrook sitting at a laptop many thousands of miles away, living the high life far from the long arm of Dixon of Dock Green.
I’m very protective of my readership. I know you’re out there in sheds, garages & spare rooms up & down the country, guarding your pennies like slightly grizzled, greying dragons curled around their cave gold and as a onetime GCHQ certified CyberSecurity Auditor (which can be as boring or as interesting as it sounds) I’m going to give you a few easy-to-do tips to help keep you safe from those nasty Internet sharks.
So what is it that they actually do to part you from your savings? Quite a few tactics actually and it’s not uncommon for people to be scammed out of tens of thousands of Pounds. There’s viruses and other nasty software that can infect your computer, that could then open up a backdoor so they can find out your credit card details or your bank logins. Or it could be that their infections try and redirect you to their sites selling fake sunglasses or dodgy Viagra cut with anything from flour to rat poison.
Ever had an email promising you untold riches from a Nigerian Prince? Admit it, of course you have, we all have! We’ll look at how that one plays out in a moment but I’ve yet to meet anyone who ended up with more money than when they started. And if you get a message from a stunning young lady offering to move into your spare room and keep you warm at night then you really need to take a long, hard look in the mirror and work out the odds…
Start at the Castle Walls. If your home is your castle, then let’s start with the walls themselves, your Internet Router. Your router does many wonderous things, it takes that lovely, high-speed Internet connection and distributes it in turn to all your devices. The Tablets. The phones. The laptop. The Firestick and maybe even your doorbell.
It’s probably got wi-fi built in and some nice flashing lights. But the great thing is that it will also contain a firewall. A pretty basic one to be sure but perfectly good enough for home use. And what does a firewall do? It maintains those castle walls, only letting people in & out through certain doorways (called Ports) and making sure that no-one sneaks round the back of the castle and gets in through an unlocked kitchen door.
One of the things that bad guys do is look for insecure ports so by having a firewall, you’ve made a good start but improve on it in just five minutes by logging into your router and changing a couple of things. Change the Wi-Fi name to something that doesn’t say which internet provider you use, their routers will have known vulnerabilities so don’t make it easy for the crooks to know which one you have. And change the passwords for Wi-Fi & admin access. They should be random from the factory but always change default passwords to be sure. If you’re IT-savvy, you can check which of those doorways are actually open ports and decide to close them, but beware, altering router settings if you don’t know what you’re doing could leave you in a bit of a pickle.
It goes without saying that only you & your family should use your Wi-Fi, no matter how much you like your neighbour, don’t give out your passwords otherwise all their browsing could come back and point to you.
The good news is that when your antivirus software tries to sell you a firewall service, you don’t really need it! The router will do just fine although if you feel like adding an extra layer of protection then by all means go ahead.
If you want an extra layer of protection though, consider a VPN — particularly if you travel around a lot and use public Wi-Fi in your favourite coffee shop or hotel chain. It’s not at all unknown for the bad guys to set up fake Wi-Fi networks in the hope of you connecting and they can then see your traffic. Which may contain email, banking logins and all sorts of other things that they’d love to get their hands on! And a VPN is often a necessity if working from home and connecting to your office systems.
What’s a VPN? Think of it as your secure, encrypted personal tunnel connecting you to the far end. At the far end might be your business’ servers or a private VPN server that then connects you to the internet, keeping your browsing safe & anonymous.
Call out the Guards! That’ll be your antivirus software. Think of it as the guards on top of your castle wall, all ready with the boiling oil & pitchforks should anything nasty be spotted. Lots of free ones for home use with AVG, Avast & Bitdefender amongst the most popular. McAfee comes bundled on lots of high Street computers. Get rid of it, it’ll only slow you down and don’t rely on Windows Defender either, just don’t.
Safe Surfing. Remember those heady days before lockdown when you’d head into town on market day? How happy would you be handing over your card to some scruffy looking bloke who nips off to his van with it to take payment?
You simply wouldn’t do it so why do so many people persist on doing it online? Take a look for the little padlock symbol although that only stops eavesdropping — retailers using PayPal are good if in doubt as they’re good at refunding buyers and do use a credit rather than a debit card, there’s more protection in case of disputes.
Should your browsing take you to the seamier side of the web, use large well-known sites otherwise be prepared for the websites to try very hard indeed to infect your computer with trojan horse software that could really ruin your day.
Don’t tell ’em your Password Pike! Birthdays. Pet Names. Kids’ names. All commonly in use as passwords as is the most widely used password on breached accounts - according to the UK’s National Cyber Security Centre; 123456! Don’t get me started on how many times I’ve seen post-it notes with passwords on next to the keyboard. It’s not big & it’s not clever so please don’t do it!
So pick a password. Make it unique and make it strong. Here’s a couple of ideas.
Three simple words. Look on your desk. Look around you. Easy to remember but very hard for brute force attacks to get through. BookPenBeer makes a good password — so what can you see?
How about an easy to remember but nonsense word? Can you remember the phrase “I went to Paris in 2017”? Use the initials and make it Iwtpi2017 — that works!
But the really important bit about passwords is not to use the same one everywhere — and you all do it don’t you? But just think… You use your favourite password to set up your account with an online shop to buy your long-suffering other half something nice. You forget about it but months later, their server gets hacked and a list of email & password combinations is sold on the black market.
Passwords are like underwear: don’t let people see it, change it very often, and you shouldn’t share it with strangers.”
– Chris Pirillo
A week later, a computer expert working for a criminal gang in Eastern Europe uses your email & password to try logging in to anything they can think of. They get lucky and promptly order a camera, to be sent to an address you’ve never heard of. In a different country. They then try to log in to your email with it — and it works! They’re overjoyed and promptly change your banking passwords. Looks like it may be baked beans on toast for you until you get this all sorted out…
So always use a unique password for each site, that way if they’re compromised, the damage is controlled. But it’s hard to remember so many passwords I know, so rather than a black book, consider a Password Manager like LastPass.com which you secure with one strong, unique password and then it remembers — and can generate — all the others for you.
But what about my business?
I’ve mentioned lots of things with a slant towards home computing but really, they’re all equally applicable to the office too. And let’s face it, these days, many of us work from home just as much as we work from commercial premises.
The cost & impact of a cyber attack against your business could be incalculable and even put you out of business. So think about everything we’ve mentioned and at the very least…
- Use a VPN if using a laptop out & about in coffee shops, hotels & airports. Not all Wi-Fi points are legit and bad guys will sniff for unsecured data.
- Use firewalls (hardware or software). Hardware firewalls at your boundary to the outside world are really important but make sure you configure their ‘rules’ correctly and change any default usernames and admin passwords.
- Don’t even think about routinely logging in as administrator! If you do get compromised and a hacker gains access then you’ve just given them free rein. Log in with reduced user-level rights and escalate to admin rights as needed for admin tasks such as configuration changes.
- Make sure you have antivirus software in place so that if something nasty comes from a website, network or email then it’ll be spotted and dealt with — with the utmost prejudice!
- Be aware of social engineering scammers trying to get you to part with sensitive information such as logins. This could be a phishing website, an email, a text message or even an old fashioned phone call!
- If you owe someone money and you receive a message saying they’ve changed bank accounts, then verify it — it may well be fake and you’d lose it all!
- Keep your software updated. Apply Windows updates promptly and keep an eye out for updates on other software too. Don’t even think of using or downloading ‘cracked’ software, it may well contain something nasty buried within.
These measures are the core technical controls of a Government backed certification for SME businesses called CyberEssentials. It’s a relatively straightforward step towards the basics of cyber security and makes a huge difference in keeping businesses & organisations safe from cyber criminals & state actors. (You’d be surprised how much hacker activity is actually state-sponsored and originates from places like North Korea, China & Russia. And they don’t care that you’re only a butcher, baker or candlestick maker, they’ll still get in if they can as that may be a stepping stone to bigger fish).
I really do recommend that any business considers Cyber Essentials Certification, it’s low cost but massive benefit — and it’s a great USP when you’re going after contracts with local government or public sector bodies.
There’s a more advanced version (CyberEssentialsPlus) that involves an auditor actually checking that what you say you do is actually in place and works. The good news is that you won’t get me turning up on your doorstep any more but I’d recommend the guys at CyberSecuritiesUK who deliver lots of Cyber Security, Information Governance & GDPR goodness to businesses up & down the UK.
It’d be remiss of me to sign off without mentioning our old friend, the Nigerian Prince promising you a cut of the deal for helping him get his hands on a bank account that happens to be available after a mysterious accident.
Ever wondered about the bad spelling & grammar? It’s deliberate and acts as a filter so they don’t waste their time on people who might be clued up.
Instead they prey on the weak, elderly & vulnerable and once they’ve suckered them in, the requests for money to ease the passage of items through Customs will appear and if paid, will just keep on coming — preying on naivety, vulnerability & greed in equal measure.
If some shifty bloke came up to you with such a tale in the pub, you’d not give it a moment’s notice so don’t do anything different online. As Grumpy Old Men (& Women), such cynicism should come naturally…
The Internet is a wonderful place. It’s like a majestic City full of parks, leisure centres, communities, art galleries, story tellers & museums. But like any big city, there’s also the odd dark alleyway that you really shouldn’t wander down late at night, by accident, on your own so get out there & start exploring!
Words By Duncan Reid, a self-professed Internet Geek earning a living in the virtual World. Also known for advising on cybersecurity, IT, electronics & RF tech, writing, fettling & more.
This article inspired by & built upon previous word globs written by Duncan Reid & published at the now sadly defunct fiftyfiveup magazine.
