Weekly Program - Everyday cybercrime-- and what you can do about it
This week's program is a TEDTalk published on Sep 16, 2013. How do you pick up a malicious online virus, the kind of malware that snoops on your data and taps your bank account? Often, it's through simple things you do each day without thinking twice. James Lyne reminds us that it's not only the NSA that's watching us, but ever-more-sophisticated cybercriminals, who exploit both weak code and trusting human nature.
In an ever-expanding world of networked mobile devices, security threats -- and our ignorance of them -- are more widespread than ever. James Lyne of security firm Sophos believes that if we continue to ignore basic best practices, security is on a trajectory of failure.
A self-described geek, Lyne spends time ripping apart the latest gadgets and software, builds true random number generators out of tinfoil and smoke alarm parts, among other unlikely objects. But his gift lies in his ability to explain complicated concepts and abstract threats to diverse audiences around the world.
A self-described geek, Lyne spends time ripping apart the latest gadgets and software, builds true random number generators out of tinfoil and smoke alarm parts, among other unlikely objects. But his gift lies in his ability to explain complicated concepts and abstract threats to diverse audiences around the world.
If everyone who watches this talk (and the friends and family members they share it with) were to apply the following practices, we would massively improve security. Here are six pointers for you:
1. Update your system. It is very common for exploit tools to use old attacks that have subsequently been fixed. For example, out of date Java or PDF software are very commonly targeted. And still, a large number of users won’t update. Make sure you have the latest version of all software.
.
2. Get a decent password. There are plenty of great articles out there that suggest how to generate a good password. And yet, it is amazing when you review password lists for large public websites that have been leaked how common it is for people to use basic passwords like ‘password2013′ or ‘linkedinpassword.’ You should also make sure you use different passwords for different sites and services, or consider using a password manager to look after them for you.
.
3. Be a little suspicious. A very large number of attacks rely on simple social engineering. Ask yourself next time you receive an e-mail claiming you have won an iPad or received a FedEx package — is this probably real? Would it happen to me walking down the street? Scams today aren’t all identifiable by poor grammar and spelling mistakes, as they once were.
.
4. Keep a backup. Some attacks now do permanent damage that cannot be reversed. Whilst most attacks are still focused on reputation damage or fraud, these attacks can be extremely damaging. A tried and tested backup procedure can save you severe pain.
.
5. Make sure you run basic security controls. Lots of people run severely out-of-date anti-virus software. Whilst there is no 100% in security, and AV won’t block everything, it remains a good basic step for keeping your system clean.
.
6. Make sure you look up best practice for devices other than just your PC. You may have secured your computer, only to put very similar data on your mobile device with no security checks at all. There is an increasing amount of malicious code focused on Android mobile phones. And I find a lot of people don’t bother to protect their iPhone with a pin or lock screen. (It will be interesting to see how many people use the new fingerprint feature.) Check out the security best practices for each and every one of your devices.
.
2. Get a decent password. There are plenty of great articles out there that suggest how to generate a good password. And yet, it is amazing when you review password lists for large public websites that have been leaked how common it is for people to use basic passwords like ‘password2013′ or ‘linkedinpassword.’ You should also make sure you use different passwords for different sites and services, or consider using a password manager to look after them for you.
.
3. Be a little suspicious. A very large number of attacks rely on simple social engineering. Ask yourself next time you receive an e-mail claiming you have won an iPad or received a FedEx package — is this probably real? Would it happen to me walking down the street? Scams today aren’t all identifiable by poor grammar and spelling mistakes, as they once were.
.
4. Keep a backup. Some attacks now do permanent damage that cannot be reversed. Whilst most attacks are still focused on reputation damage or fraud, these attacks can be extremely damaging. A tried and tested backup procedure can save you severe pain.
.
5. Make sure you run basic security controls. Lots of people run severely out-of-date anti-virus software. Whilst there is no 100% in security, and AV won’t block everything, it remains a good basic step for keeping your system clean.
.
6. Make sure you look up best practice for devices other than just your PC. You may have secured your computer, only to put very similar data on your mobile device with no security checks at all. There is an increasing amount of malicious code focused on Android mobile phones. And I find a lot of people don’t bother to protect their iPhone with a pin or lock screen. (It will be interesting to see how many people use the new fingerprint feature.) Check out the security best practices for each and every one of your devices.
James Lyne says, "I hope that my talk inspires you to take an interest in security and apply these most basic measures of protection."