How to avoid being hacked
WHY ME: IMPORTANT DO’S AND DON’TS
We’re all online, so we’re all targets – and we have to be more vigilant.
The threat of cyber security is growing at an exponential rate, and most of us expect our banks and other institutions to deal with it. But the time has come for us to be more vigilant. It may take years before a cybersecurity incident surfaces. One of the biggest data beaches was that of Facebook, where a quiz allowed Cambridge Analytica to harvest the data of some 50 million accounts.
The Facebook data breach occurred in 2014, but was only exposed in March 2018. Other major data breaches impacting South Africans include a company that was responsible for online payments of traffic fines (close to a million users affected), the Ster-Kinekor database hack and the Liberty data breach. It may still take some time for the fallout of these cases to reach us.
So how vigilant are we in securing ourselves from data breaches, and how quickly can we react to a cyber threat or data breach affecting us as South Africans? Perhaps we assume such threats will pass us by? How competent are we as individuals in managing the security of the personal information that we’ve put out on the web?
There are many ways in which users freely hand over personal information, from completing “fun” or interesting quizzes and downloading apps – and we tend to assume that paid-for apps are more secure, but are they? Whatever the channel, many of us use an easy-to-remember password across all platforms. This makes individuals the perfect target for hackers.
Fraudulent emails are more invasive in that they come to us, rather than the other way around – and they’re becoming increasingly sophisticated. It’s easy for banks and other service providers to advise us not to open attachments or click on links sent by unknown persons, but it’s becoming less easy to realise when a seemingly official email is in fact fake. It pays to double-check the sender’s email address (your bank, for example, won’t send you mail from a gmail account), and to let your cursor hover over the website address to see if changes have been made to the address.
Trying to navigate the risks is complex and time-consuming, and means we need to learn new jargon. Hence many of us sweep concerns under the carpet, until we are personally at threat.
My Facebook account was recently hacked. I received a threatening extortion email stating that I had been videoed watching porn, and that the video would be sent to all and sundry unless I paid a large sum into a Bitcoin account. My reaction was “Yeah, sure” and I moved on. First step, don’t reply. If you have replied, and the hacker has gained some control over you, you will have to contact someone who specialises in cyber threats.
Ten seconds after reading said nasty email, I set about changing all my passwords, creating long strings of meaningless letters, signs and numbers. Some websites are not very user-friendly, and it was difficult to find the cache of personal information containing the password. Tip – next time you join a website, make a note of where your personal information is so that you can access it when you have to.
If your passwords are old and easy to hack, you are advised to change them. Your data may have been breached on a site that you’ve forgotten about. And never use the same password over all your platforms.
If you use Google Chrome, you will be asked if you want Google to store your password, and it’s so tempting. There are drawbacks, however, as Google will now have your password, and there’s no assurance that Google will not be hacked.
You may wish to use a password manager. A password manager will generally require that you create a master password, and will create all the other passwords that you require for the sites and apps that you use. I am not an expert, but if hackers can get into secure national military sites, they can no doubt hack into anything.