Elizabeth O’Malley asks how vulnerable are we to hacking and what can we do to prevent it?
Young people don’t care much about data security according to a recent study by Norton Antivirus.
Of a poll of 500 people under 35, Norton found that while young people were concerned about their online security and privacy, they were unlikely to do anything to protect themselves online.
72% did not have security software on their device, 49% had low privacy settings on social media sites, 72% did not regularly back up their files and 48% admitted to using variations of the same password for every site.
It is therefore unsurprising that 55% of those polled said that had been affected by a computer virus, 26% by a phishing scam and 14% by ransomware attacks.
Given that young people are the most tech-savvy generation, why are we leaving ourselves open to online attacks?
Part of the answer is that many people believe they are too uninteresting to be a target.
This assumes that hackers directly target people rather than, for example, sending out phishing emails to everyone they can get an email address for, or leaving an infected file ready for someone to download when they’re trying to look at a website with discounted computers.
The vast majority of hacking is for quick financial gain. They will attempt to get bank account or credit card information, information to gain access to your accounts or hold your information hostage in return for a ransom payment.
Hackers also tend to do things just for the sake of it. For example, one tech journalist had his iPad and computer completely wiped and was locked out of his email and Twitter just because a couple of hackers liked his Twitter handle.
Some of the methods of getting your data include:
Phishing: Where emails are sent pretending to be someone else, such as your bank, asking for you to verify your security details. Another common phishing email appears to be from FedEx or UPS saying that there is a package for you that failed to deliver and providing a tracking link.
Trojan horses: You may accidentally download a Trojan horse, a virus which allows a hacker to take control of your computer by opening an email or downloading files off the internet. This can be used to turn on your microphone and webcam and record you.
Key-logging: Installing software or ‘malware’ on your computer which records every keystroke you make, either by downloading it accidentally or someone gaining physical access to your device and installing it.
Brute-force: Using a super-computer to try millions of variations of passwords every second in order to guess yours, thereby gaining access to your accounts.
Security holes: A security hole may exist where it is easy for a hacker to get on to customer service pretending to be you and get access to your account using information that may be available on the web, such as your mother’s maiden name or your address. There may also be holes in your operating system which allow hackers to get into your computer or phone remotely.
Creating Fake Access Points: If you buy a router and someone connects to it, any data that isn’t shared over a secured line will be visible to the router-owner. Although your Facebook account may be shared over a secure server (it has a padlock icon in the address bar), if you reuse your passwords you may give it away by using a less secure site. Similarly, hackers can hack your WiFi router, especially if you haven’t changed the pre-installed password.
Fake apps: You may download an app which looks legitimate but is posing as a different company in order to get passwords and other data.
ISMI Catchers: These are fake phone networks. If your phone connects to one automatically they can block, track, record and listen to phone calls, monitor texts and send texts on your behalf. However this technology is fairly expensive and mostly used by governments and law enforcement.
One of the most important ways to protect yourself online is not to re-use passwords. Don’t make them easy to crack by using words found in the dictionary with maybe a number at the end. Try to vary uppercase and lowercase, include symbols, include spaces and make them longer than 8 letters.
You can use a password manager such as 1Password or Lastpass which comes up with complicated passwords for your accounts which you can access using a (strong) master password.
Don’t open emails attachments or links from people you don’t know or which seem suspicious and be wary of downloading files from the internet, including suspicious apps.
Have a good anti-virus programme as well as a firewall installed on your computer and smart phone. Avast and AVG both offer free applications.
Install two-step verification, especially on your email which links all of your online accounts. This means even if hackers get your password, they won’t be able to get in without also having your phone.
Update all of your software regularly on your devices as this will include patches to fix security holes which have been identified.
Don’t provide verification details over email or phone. Your bank will not ask for these.
Back up all your data so that if it is accidentally wiped, held for ransom, or even if your computer breaks down you have all of your important files stored somewhere else.
Be careful what information you put on the internet. You don’t need to share all your personal details, especially those which you have listed as answers to your security questions.
Most importantly, always assume that all data shared over the internet is unsecure.