World Password Day: How to keep digital lives safe and secure
On World Password Day, 2016, Intel Security would shares pointers to avoid being a victim of cyber attack.
By Venkat Krishnapur
India is already home to the second largest internet savvy population in the world and Intel Security’s Digital Assets Survey from 2014 indicated that almost half of the surveyed respondents from India personally owned three-to four devices in their homes. Today, almost everybody has access to the internet and this increases the threat landscape tremendously. Given this device explosion and the growing sophistication of cyber threats, there is a strong need to have cross device security.
Mobile users have become an easy target for cybercrimes as most consumers have a tendency to download multiple applications and there is always a risk of downloading malware from the app stores. In fact, the Mobile Threat Report issued in February 2016 indicated that almost 37 million malware samples were detected on app stores for mobile OS. Additionally, India registered the highest number of total unique infections in Q4, 2015 among 10 countries for malware detected on mobile Operating Systems. Moreover the Intel Security’s Quarter Threat Report issued in March 2016 found a 26% increase in new ransomware samples in Q4 2015. Ransomware campaigns are financially lucrative with little chance of arrest. Ransomware has now become an extremely popular means of extortion from innocent victims.
On World Password Day, 2016, Intel Security would like to share some pointers to avoid being a victim. In order to keep their digital lives as well as confidential data safe and secure, consumers should:
Use strong, unique passwords across devices and account: Ensure to configure the device to automatically lock after a certain period of time, post which it requires a personal identification number (PIN) or password to be unlocked. Even if the device is locked, don’t leave the device unattended in public as lost and stolen devices can be a big threat to personal data
Update systems with latest OS and application updates: This prevents cybercriminals from getting a foothold on devices
Use only official app Stores and legitimate software: App stores are alerted when new malicious applications are found, so even if something slips through, consumers are still safe going through a trusted app store or software than going through an unverified source
Act responsibly: Be aware that as we adopt more wearable or implanted technologies they will be connected and transmitting information. It is therefore critical to check that they have security and privacy settings built in by default
Use comprehensive security software: Keeping internet connected devices up to date will help them to stay safe from older viruses, but you should also install anti-virus software on the devices to protect against new threats or older threats that haven’t yet been fixed by OS or application updates.
Be suspicious: When in doubt, remember the mantra- “Stop, Think, Connect.”. It is better that you be suspicious and check files and messages before opening them than to be too trusting and fall prey to a cyberattack.
In case someone suspects that their account has been hacked, they should look at taking the following steps:
Change password and security questions immediately: in case account is not blocked, do update the details immediately and use a new password with a mix of characters, alphabets and numbers. Also ensure to change the password frequently
Install and update the security software: This will help secure account details against malware
Notify relevant authorities (including the ISP and employers) and personal contacts about the hacking: Just so that they can be wary of receiving any suspicious looking communication from the account
Double check account settings: Look for changes in account signature, auto-forwarding, filter settings etc., so that mails or information is not being auto sent to a different contact without explicit permission
Organisations and their security teams too can improve their security posture considerably by learning from colleagues with more experience and also implement the following best practices:
- Invest in world class security tools across endpoints, servers and the network. In addition use products that can detect, protect and correct in a continuous cycle across the entire stack.
- Invest in employee security training and developing a security operations center
- Increase the frequency of network monitoring for unusual or anomalous traffic from weekly or monthly to at least daily or continuously. Almost 70 percent of security professionals with five years or more experience monitored the organisations network at least daily, compared to 57 percent of those with less than five years of experience
- Increase their knowledge by reading more privacy and security publications, attending association meetings and conferences, soliciting input from external experts, and paying attention to the business publications relevant to their industry sector to understand what is valuable
- Most importantly, they have to decide what part of their business data is absolutely critical towards developing a robust risk assessment and incident response plan
- Focusing on basic security practices, such as employee training and awareness. Those with more experience realise that poor user security practices are still the biggest single threat to enterprises
- Security has to become a pivotal concern in the boardroom and senior executives should seek to ensure that technology and data are used to drive growth securely across the enterprise
The author is Head of Operations for Intel Security Group's India Engineering Centre.
Two Hizbul Mujahideen terrorists were killed in an encounter with security forces in Anantnag district of Jammu and Kashmir
The attack in Elad, a central city mainly populated by ultra-Orthodox Jews, was the sixth in which Israelis have been targeted since 22 March
Strengthen and augment intelligence as well as security grids in areas, J&K police chief tells officers
Dilbag Singh also pressed for quick disposal of cases under Unlawful Activities (Prevention) Act to ensure that cases are submitted for judicial determination within the prescribed period