Written by: Don Okereke
Comparable to the cold war, cybersecurity has been dubbed the ‘’the
arms race of the current and future generations’’.
The term cybersecurity is
coined by prefixing ‘’cyber’ before security. As we know, ‘’cyber’’ generally relates
to information technology, computers and the internet. Hence we define
cybersecurity as measures taken to protect computers, computer systems and devices
against unauthorized or malicious attacks, intrusion. It is valid to say that
no country, establishment or individual is absolutely invulnerable to cyber
risk hence cybersecurity is a collective obligation which calls for awareness
and for citizens to be internet, social media, technology savvy.
The biggest challenge with the cyberspace is that there are no international
boundaries, visas are not needed to travel; intercontinental ballistic missiles
or AK47’s are not needed to wipe out a facility or commit a heist. A hacker can
stay in the comfort of his house or office in say, China and wreak havoc on critical
infrastructures, computers or internet enabled device(s) in far-off United States.
For instance, a malware or Trojan Horse known as ‘’BlackEnergy’’ allegedly
written by a Russian hacker was used to infiltrate critical government
infrastructures in the United States and Ukraine while ‘’Carbanak’’, an ‘’Advanced
Persistent Threat’’ (APT) attack allegedly
deployed via phishing emails was used to electronically steal about $1 billion
from financial institutions around the world.
My previous essay – “Understanding
The Global Proliferation In Cyberattacks, Cybercrime And Data Breaches’’, chronicled
the dexterity of motley trends, specializations
such as cyber-attacks,
attacks-as-a-service, cyber-warfare, cyber-espionage, cyber-crime, Fraud-as-a-service
(FaaS), cyber-extortion via ransomware, massive data breaches and hacking by
state and non-state actors which validates the assertion that the aforementioned
incidents are heightening. To appreciate how bad these threats are, United
States government agencies struggled to rein
in cyber-attacks in the US prompting President Obama’s administration to
brainstorm new cybersecurity
initiatives aimed at protecting consumers. This
explains why some analysts dubbed 2015 as the year of cyber-attacks, data
breaches. The proliferation of innovations, events such: Internet of Things
(IoT), Bring Your Own Device (BYOD), insider threats (Edward Snowden), penetration
and lowering cost of internet enabled mobile devices, are very strong
indications that cybersecurity risks will not ebb but certainly ramp up in 2016,
going forward.
Granted we may not be able to absolutely avert or rule out the
risk of cyber-attacks, unintentional or deliberate data breaches but the good
news is that we can reduce such risks to the barest minimum. As they say, it is better to be safe than
to be sorry and prevention is better than cure. You don’t necessarily have
to be a computer geek to appreciate these techie jargons or to counter aforesaid
spin-off emanating from our increasingly interconnected global village - cyberspace.
Without much ado, here are some cybersecurity, online best practices, and tips.
In no particular order:
1.
Abstain from clicking on links (especially
shortened urls) in emails, on social media platforms unless you know, trust the
sender and you can confirm that s/he deliberately sent the link.
2.
ALWAYS download Application or
software ONLY from trusted websites, sources such as from: Google Play Store,
Apple App Store, and Amazon App Store.
3.
As they say, there’s no free lunch eve in
Freetown and if it looks too good to be true, it is most probably is. Be very mindful of
online offers that seem too good to be true.
4.
Only make online purchases from
websites with SSL certificates (usually indicated by a small icon of a lock in
the lower right-hand side of the window). Confirm order history and shipping
information directly from the online retailer’s website, not through (shortened)
email links.
5.
Don’t use the same password for
more than one website, especially for banking and email platforms.
6.
Install firewalls on your
systems and ensure your Operating System, Applications, anti-spyware and
anti-malware software are up to date.
7.
Regularly back up your
important documents, application preferably on the ‘’Cloud” or an external
storage device. Reformat and reinstall software on your System if you were
exposed to a cyber-attack or had virus on your device.
8.
ONLY
give your computer, electronic device to well-trusted vendors, engineers/technicians
for repairs to forestall them stealing sensitive and private information which
may be used for extortion or blackmail.
9.
Avoid using public computers in libraries, airports, cyber
cafes, Wi-Fi for internet banking as some public computers, Wi-Fi's are
vulnerable. If for any reason you patronize a public computer for online
financial transaction, ensure you scan it for a keylogger, clear the cache,
browsing history and delete all temporary files from the computer after usage.
Very importantly, never allow the browser to remember your log-in ID and
password.
10.
Change your password regularly and use strong but
memorable passwords: The first time you login to your internet banking account,
you will need to use the password provided by the bank but you need to change
this password in order to keep your account safe.
11.
Check your bank accounts regularly: After
making an online transaction. Ascertain that the right amount was deducted from
your account. Inform your bank right away if you notice any discrepancies in
the amount.
12.
ALWAYS
type your bank’s address into your web browser – NEVER click on a link in an email to access you online banking
account. Check for a locked padlock or unbroken key symbol in your browser
window when banking online. The ‘http’ at the beginning of the website address
will automatically change to ‘https’ when a secure connection is established.
13.
Be wary and do not click on any surprising or
fishy looking ‘pop-up’ windows that come out during your online banking
transaction.
14.
Be suspicious of uncalled-for emails or phone
calls purporting to originate from your bank, service providers, the police etc.
and asking you for your PINs or passwords.
15.
Ensure sure your financial institution stores passwords in
an encrypted format. To ascertain this, if you click on the "forgot
password" and the bank sends your password in plain text, it means they
are storing it in plain text (or are using an encryption method that is not
worth a grain of salt)!
16.
When accessing your bank account from a smart
phone or a mobile device, always use an Application provided by the bank rather than from
a web browser.
17.
Make sure you are logged out of anything else:
Don't access your banking account while simultaneously logged to your Facebook
account or other social networking sites where cybercriminal regularly visit
and try to harvest surreptitiously information from. If possible, use a
different web browser for your online banking and another one for other things.
For instance, if you use Google Chrome for everyday browsing, use Firefox for
online banking or vice versa.
18.
Disconnect the internet connection when not in
use so as to forestall malicious hackers from accessing and stealing your
private information, online banking details via an internet connection.
19.
Financial institutions and companies will nip
insider abuse in the bud by watching out for warning signs like employees
living above their means, frequent manipulation of data by employees and
continuous, excessive use and abuse of privileged and systems account. Banks
will be able to combat electronic fraud by filtering out predatory employees,
reviewing upwards, the required reliability status for all staff who need
privileged roles to work as well as deploying appropriate prevention and
detection technologies like CCTV monitoring and access cards with
authorizations
20.
Specific
cybersecurity best practices for organizations:
(a) Create
a data breach response plan or policy.
(b) Insider threat is a big problem; learn from the National Security
Agency and Edward Snowden debacle. Individuals are the first
line of defense; educate, enlighten and train staff on basic cybersecurity best
practices, especially new employees and vendors. Such trainings should
encompass how to create strong passwords, recognizing social engineering
tactics and phishing emails, avoiding installing unwanted or risky Applications
on company systems. Here are 10 ways employees can cause data breaches
in an organization.
(c) Establishments will do well to have a Social Media and Bring
Your Own Device (BYOD) policy to forestall staff posting certain information on
social media or connecting personal devices, flash drives to workplace systems,
networks.
(d)Monitor Applications with
access to your data, maintain security patches and ensure software security and
antimalware are up to date.
(e) Limit
staff access to sensitive data by creating specific access controls for all
users and restricting access to ONLY specific systems they need for their
tasks. Organizations should implement system logging and also consider installing
user monitoring software to uncover suspicious activities.
(f)
Routinely
back up your information, data and ensure the backup is secure. GSM provider - T-Mobile
purportedly lost its customers data because it did not have a backup. Very embarrassing.
(g) Ensure
your establishment patronizes a credible Cloud Services provider to store your
data and ascertain precisely where/which country your data lives or are
domiciled and legal issues surrounding ownership and management of your data to
forestall losing your data should you terminate your services with your data
services provider or if the company suddenly goes out of business. Research the
data storage provider and if you are in doubt, ask for references from your
cloud provider and contact the reference to ascertain the veracity of the
claims of the data storage provider
(h) Ensure
your cloud storage provider takes security critically and that they are HIPAA
or PCI certified, SSAE 16, SAS 70 and SOC 2 audited and that they employ the
best antivirus, firewalls and intrusion detection services programs.
(i)
Don’t just go to sleep, engage the services
of an ethical hacker to run a vulnerability or intrusion detection scan and
access the security system of your data storage provider.
February,
2016
© Don Okereke
Follow Don on
Twitter: @DonOkereke
****************************************************************************************
Bio:
Don Okereke is a passionate, innovative, Information Technology, Social
Media-Savvy, proven Security Adviser/Consultant, Entrepreneur, Writer, Public
Speaker and Change agent with over 17 years combined Military (Air Force),
Private/Industrial Security, entrepreneurial, management skills/experience
distilled from Nigeria and the United kingdom. Don loves entrepreneurship, brainstorming
solutions to societal challenges and rendering altruistic service to humanity.
He is the Founder/CEO of Forenovate Technologies Limited (RC 755695). Inter alia, Don completed
postgraduate modules in Forensic Engineering & Science from Cranfield
University (Defense Academy), Shrivenham, United Kingdom, a first degree in
Industrial Chemistry, a Professional Certificate/training in Communication and
Conflict Management from the United Kingdom National Open College Network, a
Certificate in Security Practice & Safety Management and a Certificate of
Accomplishment in Terrorism & Counter-terrorism: Comparing Theory &
Practice
from Leiden University (MOOC), Netherlands. His interest and expertise span Security/Safety/ICT/Cultural
Awareness Training, Threat/Travel Advisory, Risk Assessments & mitigation, Security
survey/mapping, Loss/Fraud Prevention, Due Diligence and Investigations, Executive/Asset Protection, Business
Continuity & Emergency Planning, Background Screening/Vetting, Competitive Intelligence, Research and Open-Source
Intelligence (OSINT) Information Retrieval, Countering Violent Extremism
Advocacy and Public Speaking, amongst others. His passion for writing, researching,
innovations, sharing information, knowledge, training and mentoring galvanized
him into blogging. His passion, knack for writing has seen his articles
published on major Nigerian newspapers such The Guardian, The Nation,
NewsWatch, Tell Magazine and various reputable local and international online
platforms. Don has featured on conferences/seminars as a Guest Speaker and he
is routinely consulted by foreign, local, print/electronic organizations for
his expert opinion on issues impinging national, personal security and
geopolitics. Disappointed with the pervading insecurity, terrorism and
insurgency currently stifling Nigeria, Don champions an Advocacy Cause against
vestiges of insecurity under the aegis of ‘’Nigerians Unite Against Insecurity
and Terrorism’’ and ‘’Say No To Terrorism and Insurgency’’.
No comments:
Post a Comment
What are your thoughts on this post?