Many experts in the field of IT security are predicting that 2016 will be the worst year ever for scammers and hackers. Actually as these activities increase year on year you don’t really need a crystal ball to predict that. However, what is concerning is that the focus is changing and the types of attack are getting far more serious and far reaching. Additionally, there has been a huge investment in developing skills for those intent on stealing information and undertaking computer fraud. Arguably we also seem to be losing the battle to cyber terrorism as the likes of organised crime and IS invest their time and finances into attacking our infrastructure. Since the start of the year we have already witnessed successful attacks at the BBC, HSBC and Lincolnshire County Council amongst others.
The good news is that much of this activity is towards attacking servers rather than people’s home computers. The bad news is that online servers are not only at the heart of our infrastructure but also hold all sorts of information about us and are often where we back up and store our data as we turn more to the ‘cloud’ based solutions.
First and foremost is to ensure that you have multiple copies of all your data; from family photos, to household and business documents.
- Local Backups: Ensure that you have at least one additional set of backups for all your data. There are many programs that can be used. I personally use Iperius Backup (www.iperiusbackup.co.uk) but Windows (8 & 10) includes an excellent utility in the form of Windows File History
- Offsite Backup: Make a seconds ‘offsite’ backup. One way to do this is to use one of the many cloud storage solutions. (e.g. Google Drive, Microsoft Onedrive, BT Cloud all of which at entry level offer free storage.)
- Disconnected Backup: An increasing tactic used by criminals is ransomware. This infection will ‘encrypt’ your data making it unreadable unless you purchase a ‘decryption’ key from the hackers. Sadly, these are getting more virulent and are not only attacking files on the infected system but some can also search out network backup drives. Combat this by carrying out a backup of your data to a device that is disconnected from your network after completion.
- Security Suite: In my opinion these are a must have. The current three top performers are Bitdefender, Kaspersky and Norton. Avast is currently the best of the ‘free antivirus’ tools but I would recommend upgrading from a free solution to a fully paid security suite.
- Email Care: Be careful when using your email as it is a common place for hackers to ‘hook’ you in to a website or attachment that contains malware. Most security suites have email scanners built in but these only offer limited protection. Bottom line, if you are not 100% that an email with a web-link or attachment is valid do not open it. Generally financial organisations do not send email that contains attachments. More common is for them to direct you to the secure message system associated with your bank account, requiring you to login to your account using the usual security access codes.
- Telephone Scam Awareness: A very common tactic is for a hacker to call you and claim they are from a well-known company. They will then persuade you that there is an issue with your system and that they need to log on to correct it. At this point they may load malware onto your system. This is actually an easy one to ‘police’. NONE OF THESE CALLS ARE VALID – IGNORE THEM.
- Password Selection: I know many of you will hate this one but do not use the same password for different services. Also make your password complex (ie. Uppercase, lowercase, a symbol and a number). The common advice from security experts is not to write these down but if that is what you have to do to remember them then do it. The best way of recording them is to have a code that only you know, so what appears on the page is slightly different to the actual password. There are also online cloud based solutions that will store your passwords in an encrypted format so you can access them from any device as needed (e.g. www.passwordbox.com)
If all this makes you concerned about the security of your system then good, you should be. However, if you follow these steps you will greatly reduce your risk of being attacked.