In today’s talk, Lyne talks cybercrime, revealing some of the new methods that hackers and malicious code writers are using to grab our data. And he shows how we accidentally share that data — without even realizing it. James Lyne: Everyday cybercrime -- and what you can do about itFor example, did you know that most smartphones embed GPS data in the photos we take? He asks, “As we play with these shiny new toys, how much are we trading off convenience for privacy and security?”
We asked Lyne, a cybersecurity specialist with SophosLabs, to share some simple tips to greatly improve your computer security. Below, here’s what he had to say:
Security is becoming a very complex topic with many different actors and issues — the recent NSA revelations adding to the pile of discussion. But an astonishing number of cybercrime attacks still play on some basic — and preventable — failures to protect personal data.
If everyone who watches this talk (and the friends and family members they share it with) were to apply the following practices, we would massively improve security. Here are six pointers for you.
- Update your system. It is very common for exploit tools to use old attacks that have subsequently been fixed. For example, out of date Java or PDF software are very commonly targeted. And still, a large number of users won’t update. Make sure you have the latest version of all software.
- Get a decent password. There are plenty of great articles out there that suggest how to generate a good password. And yet, it is amazing when you review password lists for large public websites that have been leaked how common it is for people to use basic passwords like ‘password2013′ or ‘linkedinpassword.’ You should also make sure you use different passwords for different sites and services, or consider using a password manager to look after them for you.
- Be a little suspicious. A very large number of attacks rely on simple social engineering. Ask yourself next time you receive an e-mail claiming you have won an iPad or received a FedEx package — is this probably real? Would it happen to me walking down the street? Scams today aren’t all identifiable by poor grammar and spelling mistakes, as they once were.
- Keep a backup. Some attacks now do permanent damage that cannot be reversed. Whilst most attacks are still focused on reputation damage or fraud, these attacks can be extremely damaging. A tried and tested backup procedure can save you severe pain.
- Make sure you run basic security controls. Lots of people run severely out-of-date anti-virus software. Whilst there is no 100% in security, and AV won’t block everything, it remains a good basic step for keeping your system clean.
- Make sure you look up best practice for devices other than just your PC. You may have secured your computer, only to put very similar data on your mobile device with no security checks at all. There is an increasing amount of malicious code focused on Android mobile phones. And I find a lot of people don’t bother to protect their iPhone with a pin or lock screen. (It will be interesting to see how many people use the new fingerprint feature.) Check out the security best practices for each and every one of your devices.
I hope that my talk inspires you to take an interest in security and apply these most basic measures of protection. I also hope that some who watch the talk will be interested in getting into the security profession. It is a really fascinating area, one which will increasingly underpin every aspect of our personal and professional lives. I’m involved in some initiatives—like the UK Cyber Security Challenge—that try to provide young people with a path into the industry. There are initiatives like this all over the globe.