Stay­ing safe in cy­berspace

A cy­ber­se­cu­rity ex­pert de­bunks the myth about pass­word and PIN se­cu­rity but cau­tions against click­ing on just about any­thing that’s avail­able for free out there.

The Star Malaysia - - Focus - Sto­ries by SHAHANAAZ HABIB

ROD­NEY Lee has been in the cy­ber­se­cu­rity pro­tec­tion for about 20 years. Un­like oth­ers in the in­dus­try who ad­vise peo­ple to change their pass­word ev­ery three months to avoid hack­ers, he hasn’t changed his pass­word for over a decade. His pass­word is the same for all his email ac­counts.

He even uses a sim­i­lar PIN for all his ATM, debit and credit cards.

It’s “non­sense” to cre­ate a dif­fer­ent PIN for the bank cards, he says.

“How are you go­ing to re­mem­ber it all? For me, the more dif­fi­cult your pass­word, the more dif­fi­cult it is to re­mem­ber it and this makes it eas­ier to breach.”

“It is eas­ier to cre­ate one solid pass­word that you re­mem­ber. I’ve had the same pass­word for 14 years and – touch wood – I’ve never been breached,” says Lee who is the CEO of Dnex Technology Sdn Bhd, a busi­ness in IT ser­vices and en­ergy.

For him, ex­perts keep telling peo­ple to change their pass­words be­cause “that is the easy way out.”

“They are not the ones who have to re­mem­ber it. And be­cause you can­not re­mem­ber it, you’d have to put it down in your phone or in a piece of pa­per in your wal­let. You’ve made it eas­ier for the pass­word to be stolen,” he says.

So how does one cre­ate a strong pass­word or PIN?

Lee sug­gests us­ing in­for­ma­tion about your­self that is no longer linked to you. It could be the num­ber plate of the first car you have driven or the hos­pi­tal iden­ti­fi­ca­tion tag on the wrist when you or your child was born, he says.

“Or you could use state­ments that ap­peal to only you. For ex­am­ple, if your Chi­nese name is Kok (coun­try) Long (dragon) and you are born in 1969, then your pass­word could be ‘I am the coun­try dragon of 1969’.”

“Or you could use per­sonal as­pi­ra­tions and stuff that don’t ap­pear in pub­lic like emo­tions; the non-tan­gi­ble stuff.”

But isn’t it risky hav­ing one PIN for all your bank cards?

“Yes, it is dan­ger­ous. But then didn’t all those big firms (which have fallen victim to breaches, In­ter­net fraud and ran­somware) have mul­ti­ple lay­ers of se­cu­rity? Did that stop them from be­ing hacked or com­pro­mised?”

“Some things are meant as a con­ve­nience. If you put in a lit­tle bit of ‘first-time ef­fort’ and cre­ate a good pass­word, then it re­ally is con­ve­nient. How­ever, if you have to stress your­self, is that con­ve­nient?”

“In the case of cloned cards, re­mem­ber that there’s a two fac­tor SMS TAG that ‘ap­proves’ any pur­chase. Use that,” he says.

Lee points out that cy­ber threats are be­com­ing more so­phis­ti­cated in­volv­ing huge sums of money and breaches of peo­ple’s per­sonal data. He cites the re­cent hack of Equifax Inc which saw the names, birthdays, ad­dresses, so­cial se­cu­rity and driv­ing li­cence num­bers of about 140 mil­lion Amer­i­cans – about half the US pop­u­la­tion - out in cy­berspace.

An­other case, he says, was a cy­ber­at­tack in Sin­ga­pore on an in­sur­ance com­pany which com­pro­mised the per­sonal data of 5,400 cus­tomers. A few months ago, an LA col­lege paid US$28,000 (RM118,000) to re­gain ac­cess to its locked com­puter sys­tems in­fected by ran­somware.

Lee says peo­ple used to talk about a friend’s com­puter be­ing in­fected “in those days” but “now we are talk­ing about mil­lions, not one or two any­more.”

“It’s like you are hold­ing a bal­loon and the hack­ers are hold­ing 200,000 nee­dles. They start throw­ing nee­dles at you and you have to with­stand it. “They only need to get lucky once. You need to be lucky every­time.”

He says in the first eight months of the year, there was an av­er­age of 30 cy­berthreat in­ci­dents each month. Last month, it spiked to 50. This, he says, had some­thing to do with Malaysia in­ad­ver­tently print­ing an up­side down flag of In­done­sia in its SEA Games sou­venir book­let which an­gered In­done­sians and hack­ers there hit out.

“Dur­ing the SEA Games, there was a lot of at­tacks on the banks here. The IP ad­dresses were from In­done­sia. We ad­vised the banks not to worry. These guys are ‘script kid­dies’ – the low­est level of hack­ers. They just want to show re­venge. They had no ma­li­cious in­tent. So we told the banks not to re­act. They just have to stand strong un­til the typhoon goes away.”

As for per­sonal data and emails, Lee of­fers some cy­ber­se­cu­rity tips.

“When you travel, you can use the ho­tel’s free WiFi but just don’t use it for bank­ing trans­ac­tions. Nine out of 10 times, its WiFi is su­per weak. It takes only about five min­utes for hack­ers to break in.”

He sug­gests us­ing the mo­bile phone for bank­ing trans­ac­tions be­cause that is more se­cure.

“Make sure you have anti-virus soft­ware for your phone. If you can’t af­ford one, there are free ones.”

He says peo­ple should log in and out of their email wher­ever they go.

“Don’t re­spond or click on emails from sources you don’t recog­nise. Don’t suc­cumb to greed and lust be­cause those are the el­e­ments that hack­ers base their tricks on. The free and fun stuff is where the bad stuff is also.” And there’s no such thing as a free lunch. “Pay for songs, pay for movies, don’t go down­load­ing from tor­rent sites,” he says.

Lee also cau­tions against pick­ing up calls from un­fa­mil­iar num­bers. And stop for­ward­ing What­sApp mes­sages with­out ver­i­fi­ca­tion.

“Don’t think you are do­ing me a favour by for­ward­ing me a free ticket on Malaysia Air­lines, Air-Asia or Malindo Air. Check first if it’s true. If some­one sends you some­thing for free, don’t be­lieve it. Don’t be too quick to click on it. They (hack­ers) al­ways wait for you to take the bait. Then you can’t blame any­one be­cause you clicked will­ingly.”

Ram­pant: From Jan­uary to Au­gust this year, there has been an av­er­age of 30 cy­berthreat in­ci­dents a month.

Lee: ‘ There is no need to change your pass­word ev­ery three months. Just make sure you have a very strong one.’

Newspapers in English

Newspapers from Malaysia

© PressReader. All rights reserved.