Digitisation: there has been hardly another topic this year, that has polarised our attention more. Quite rightly so! Because digitisation is not just another passing fad; rather the opposite, on one side it changes our personal behaviour, and on the other, our daily work activities have also changed for good. It brings countless advantages, makes our day easier, simplifies communication and shortens reaction times. People and enterprises go hand in hand in taking advantage of digitisation. However, we must look out: the advantages are clearly visible before our eyes, but often cyber risks hide in the background. Let me show you where the security risks lie in your everyday activities, and give good practical examples; and let us see together how you can handle them effectively.
Anywhere information is processed or transmitted, dangers lurk. Sounds plausible; however, what does it mean in concrete? To what cyber risks are we exposed daily? I will show you now, based upon my own personal everyday experience. I can assure you that you will be surprised, and you will look at cyber security in your enterprise from a different angle.
My alarm goes off short after six o’clock. Out of bed, shower, breakfast. As I enjoy my muesli, I check my inbox on my smartphone, and connect to the company network. Then I quickly surf the Internet, and use several different apps. Just before seven, I walk out in the cool morning air, to catch the train. At the station, or at the café nearby, I log almost automatically into the public – and unprotected (!) – WLAN, just like 99% of all commuters. In the train, the person sitting next to me talks in his handy, apparently discussing with a colleague the issues of the first meeting of the day; some of the information he exchanges is quite hot, and I should definitely not be hearing it.
As you see, I have not yet been around for an hour, nor have I even reached my workplace, and I have already been exposed to a host of cyber risks.
Once I reach my workplace, the next danger zone awaits me. For instance, e-mails. You cannot possibly think of removing e-mails from today’s business world; but they do bring dangers with them. I have just received an e-mail with an invoice attached, as a Word document. The invoice relates to a service, which I never used. But as an employee of InfoGuard, I know very well that I must be extremely careful with this thing: it could be a phishing mail with a dangerous attachment.
E-mails are not the only factor of risk: file sharing services offer very little security – if any at all. This is really annoying, because file sharing has grown in importance nowadays, and cloud services such as Dropbox, iCloud or OneDrive are used daily by countless people, in particular for private personal use. I want to exchange files, holiday pictures or videos with friends and family, I know how to use file exchange services, but I also know that they offer an opportunity to attackers to read the files without being found.
File sharing is widely used in business, too; and in this case there is a risk of disclosing company or customer data, which might be confidential or sensitive, into the wrong hands. Therefore, data exchange over public services for business use is a no-go. This kind of espionage, and the breach of the Data Protection Law which might ensue, can lead to huge losses of reputation. And the breach of regulations such as the GDPR can have the effect that your company will have to pay extravagantly high penalties.
The workday comes to an ending. I shut my computer down, pack my things together. Yes, cleaning up the workplace before leaving is a must – even at midday. On one side this makes your boss happy; on the other, you leave no chance to sticky-fingered people to get hold of confidential information left lying on your desk. Do not leave any document lying around: lock them safe away, or destroy them in the paper shredder.
Back home, but the pleasures of the end of the evening lie yet ahead of me. I still have chores to do – and they all carry their cyber risks with them. First thing, I pay some bills through my e-banking; banks are well aware of the dangers, and they have developed reasonably secure login functions. On my side, as a user I must be aware that these solutions carry some residual risk, especially when I do not behave correctly, and I neglect the basic best practice approach. It is important that any (good old and well-known) advice on password generation is taken seriously (there is more ahead). In this way, you can minimise the risk that hackers reach your user data, and access the system and your personal data in your name. And it is so easy for hackers… You don’t believe me? Have a look at this video, then.
Further danger is hidden in online shopping, or even just booking your holidays. Hackers can force their way into the system, and steal data from the provider, or directly from your computer. In the case of booking holidays, something more might happen, which is possibly even worse than just having my credit card data stolen: the criminals can make a note of the days in which I shall be on holiday, and burgle my house while I’m away. And we can go yet one step beyond. Let’s consider IoT, which might mean TV, coffee machine, monitoring camera or baby-phone. All these devices can be easily used via an app, are connected to the Internet, and therefore they are easy victims of an attack (thingbots, malware, DDoS).
I have put together a list for you, of course it is not exhaustive, but it helps you protect yourself in your daily activities by adopting a few simple ideas.
Do not fail to install a firewall and an antivirus software, especially on devices you do not use in one single place only.
Install software updates on all your devices (PCs, tablets and smartphones), as soon as possible.
Be wary in your choice of passwords! Use at least eight characters, including upper- and lower-case letters, special characters, numbers and spaces. Never (!) use the same password for different accounts. Protect your mobile devices with a PIN.
Do not click on any link you find in a suspicious e-mail; and do not open any attachment in such e-mails.
Make sure that when you use critical applications (for instance e-banking or online shops) you are on an SSL-encrypted connection (i.e. the address starts with https://) and check the certificate.
Before entering confidential information, like credit card data, make sure you are on a secure site of a reliable provider; never save your access data for an automatic login to any online site.
Protect your own private WLAN with strong encryption (WPA2) and a strong password. In view of the latest events in the news, never forget to upgrade the involved WLAN access points as soon as possible.
Take any security warning from your PC seriously, and read the warning carefully.
Regularly delete any «trace» from your devices (cookies, history).
Perform regular back-up copies of your data.
Turn location services off, and only use them when you really need them, and you are aware of what you are doing.
Keep wireless networking switched off (WLAN, Bluetooth etc.); only turn it on when you need it, and deactivate automatic connections.
Never install any app, unless it comes from the official stores.
Only use suitable and secure sharing platforms.
Only use encrypted messaging services, such as Threema or Signal.
There is no question that we are exposed to cyber risks all day long. The latest devices and gadgets, and networked technologies, open up larger attack surfaces; and the trend is on the rise. According to reliable estimates, in the year 2020 the number of networked devices could be anywhere between 25 and 50 billion devices. Therefore, it is ever more important that you are aware of the risks, and you act accordingly: that is, carefully and responsibly.