(There is a glossary at the bottom of this article as I use a few acronyms and technical cyber security jargon which is unavoidable.)
You have no doubt seen the recent press about the Government committing to spend almost £2bn on a new cyber security strategy. It is encouraging to see the Government take this topic so seriously after the recent spate of company security breaches (TalkTalk, Tesco Bank) and large scale attacks on the Internet infrastructure (DDoS on Dyn). This is only going to get worse, and the population at large have a huge part to play in ensuring that the criminals don’t win.
Cyber Security is no longer the concern of governments and large corporate companies trying to keep their secrets safe from spying foreign entities and competition.
Wessex Internet have recently signed up to the National Cyber Security Centre’s Cyber Information Sharing Partnership. That is a bit of a mouthful, and with anything in our industry there is a shorter acronym – NCSC CiSP. What this means is that if other CiSP partners who participate in the scheme find that our customers are targeting their networks with a botnet attack, or they see that our customers or our network have some kind of vulnerability, they will share this information with us. It’s a collaborative partnership that helps the CiSP partnership, downstream customers, and therefore on a larger scale, the Internet. It’s worth stressing that this is not a government filtering scheme, there are no blackboxes on our network, and we of course are not inspecting customer data.
How much of our lives now revolve around using the Internet?
We watch our TV. We use online banking. We share our private lives with family and friends on social media. We send E-mails to loved ones, friends, colleagues, customers and suppliers. We make telephone calls. We backup and share files using services like Dropbox. We share our credit/debit cards with tens, if not hundreds of companies; eCommerce websites like Amazon, paying for groceries with your supermarket, paying for auctions we’ve won on eBay, paying for the school photographs, and so many other examples.
You leave a digital footprint of your activity wherever you go, and the information you share such as your personal details, files, payment details all increase the attack surface, the surface area from which criminals can target.
The first advice to provide you is that there are things you can do to ensure that you minimise your risk of being a victim of a cyber-attack and crime. In fact, we humble humans are the weak point. ‘We’re’ often the ones that stupidly click on obvious spam links that then end up loading a virus onto our computers. ‘We’re’ often the ones that hand over our credit card details on websites that don’t have “https” or SSL encryption in their online store. ‘We’re’ often the ones that fail to keep our computers, smartphones, tablets up to date with security updates, and fail to ensure we have anti-virus software that works on all computers that is up to date. And it goes on.
What I am saying is that we have responsibilities to ensure that we are looking out for ourselves, and make sure that we’re not going to be victims of cyber-crime.
Matt’s top Cyber Security tips:
- Keep your computers, phones and tablets up to date; download the latest software updates recommended by the manufacturer. Be these Windows, Mac OSX, iOS or Android updates.
- Keep your apps updated too. If you are not keeping your mobile apps updated too, then you’re at risk if those apps have fixed security holes. With some mobile operating systems such as Apple iOS, you can make it so your phone downloads and updates automatically overnight when connected to Wi-Fi and charging.
- Make sure you have an anti-virus program installed onto your PCs and Macs. No excuses. Make sure it’s updated, and respond to any alerts and take remedial action as recommended.
- Don’t run Windows XP. Microsoft have withdrawn all support and future updates for this. Go to PC World or a local IT company and upgrade to Windows 10 immediately. If you have Windows XP – do not connect this to the Internet.
- Be Cyber Streetwise – this is a government campaign. Please check out their website for tips. https://www.cyberaware.gov.uk/
- Don’t share the same password for every website you use because if one website got hacked, and they stored your password insecurely, the criminals could then guess that your Amazon, PayPal and other website logins all share the same E-mail address and password!
- Use a Password manager such as 1Password, LastPass or RoboForm. These can help you manage your various passwords securely. Use a very complex master password for the main password manager.
- Don’t share your passwords with family, friends or colleagues as you have no idea how they will treat your security.
- Don’t buy cheap Internet of Things devices such as unheard of CCTV cameras, smart thermostats, and connected domestic devices. The recent attack on the Internet used compromised CTTV cameras in people’s homes around the world to launch an attack that prevented access to some of the best-known websites like Netflix and Twitter a couple of weeks ago. Make sure these Internet of Things devices are kept updated too!
The above list is not exhaustive, and there are more complicated ways to future help prevent compromise, however it’s a list which covers off the most common reasons why consumers fall victim to cyber-crime.
Conclusions
We all have a responsibility to take when using the Internet. It shouldn’t be overwhelming to the extent you give up and stop using it, or use less of it, but if you follow the simple steps, you can safely go about your business. Of course, the criminals will always step up their activities and try new methods to attack of our systems and steal our data, however that’s why it’s important to keep our systems up to date and ensure you aren’t the easy target. The criminals will go after the easy targets before they target you, and as there are so many of these, they won’t be quiet.
Wessex Internet will share any information from the CiSP partnership where we believe you need to take remedial action, such as remove a botnet virus from your machine, or implement firewall rules to lock down your Internet connection.
Wessex Internet also has a duty to ensure our core network is safe and secure, and this extends to any devices that we manage, so we’re taking proactive steps to keep this up. Unfortunately, we don’t live in the land of utopia, so nothing can be 100% bullet proof, but we will do all we can.
Our network engineers will make contact with any customer where we believe they need to take steps to improve their Internet-facing network hygiene and/or patch systems against botnets/viruses. Don’t be too alarmed to receive these, but you must do everything in your power to act immediately if something has been identified, it is in your interest after all.
Glossary
Botnet is a virus on your computer or Internet connected device that is being controlled remotely by a criminal for the intent of either using your computer & Internet connection to launch attacks on other websites, such as DDoS, or for gleaming information off your systems such as logging your passwords or other private data.
DDoS stands of Distributed Denial of Service. These are attacks that are orchestrated usually by Botnets. The Botnet could have thousands or more likely hundreds of thousands or millions of compromised devices as part of it. These compromised machines then send arbitrary data to the victim which could be a website of a very well-known company which overloads it and effectively takes it offline. Most recent attacks have targeted the infrastructure and system that helps run the Internet such as the DNS. This means that a DDoS attack can “take down” access to hundreds of websites and services.
DNS stands of Domain Name Service. This is the critical Internet system that converts a website name like www.bbc.co.uk to an IP address like 212.58.244.67. It means you don’t have to know the IP address when browsing to websites amongst other uses.
By Matthew Skipsey, Technical Director
