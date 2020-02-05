How to protect yourself against cybercrime









Cyber Crime. (File Photo: IANS) Durban - When reporting the top 10 risks worldwide in terms of likelihood, The World Economic Forum’s 2018 Global Risks Report placed cyberattacks third, behind extreme weather events and natural disasters. (You can download a PDF copy from https://tinyurl.com/WEFGRR2018). Environmentalist advice aside, there might not be a hell of a lot we can do about the weather or natural disasters. That’s not the case when it comes to defending against cyberattacks, malware and similar nasties: there’s plenty that can be done to ensure online safety and the security of connected systems and data. The problem is that these precautions and policies are not always followed, creating opportunities for cybercriminals and fraudsters to exploit and interfere with vulnerable systems. In this series, I’ll look at the most common vulnerabilities and mistakes I’ve encountered over the years which have directly contributed to a breach, attack or similar event. Missing updates

One of the most common targets for cybercrime is outdated, unpatched software. Using such software exposes the user and their network or systems to ever-increasing risks, but many users either at home or in business continue to do this.

A missing patch caused the infamous Equifax data breach in 2017, which leaked the personal details of some 147 million US consumers to criminals. A ServiceNow & Ponemon Institute survey in 2019 found that 60% of data breaches recorded had occurred in situations where a security patch was actually available but had not yet been applied. Many companies have no update or patch management policies in place and only think about implementing one after suffering a breach.

Updates can be inconvenient, nevertheless, a policy to ensure they are installed regularly is a must. The best practice approach is to prioritise updates or patches according to their importance or “criticality”.

Critical updates should be installed following the vendor’s instructions and according to a schedule that is appropriate to the business or particular system. As is always the case before making any sort of system change, reliable backups should be taken prior to installing any sort of update, as updates do occasionally cause unintended problems that necessitate rolling back systems to a prior state, or uninstalling the problematic update.

Weak passwords

Passwords are a huge potential vulnerability for many reasons. Among these are the common bad practices such as using the same password across multiple sites, applications or service, not changing passwords, using common words or names as passwords or leaving default passwords such as “admin” or “1234” on devices such as firewalls, switches, cameras and similar network equipment.

As many will realise, email address accompanied by passwords pose a particularly severe threat as they provide potential access to online accounts.

