Computer and information security is critical in the modern world. Cyber Crime is now a multi-billion pound “industry” and is something that everyone that uses IT should be aware of.
The problem is that companies try and make computers and related hardware simple to use. This is excellent for those that have (or desire) little knowledge of IT, but it means that people are often ignorant of how computers can be exploited and information “hacked”.
Most people have a broadband router at home. They acquire the router and simply plug it in, gaining internet access but are you aware that the administration password needs to be changed? Are you aware that there are web sites that will list the default administration passwords for most major routers on the market? Anyone that can gain access to your router as an administrator can make several changes that can hack your systems without you even knowing!
As an example, your router directs you to your on-line banking and other secure on-line services. A hacked router may direct you via a hacking site – most of the time nothing is different and the site simply sends you onto your expected web site, but occasionally it will send you to a spoof site that looks like the site that you were expecting. If you enter your logon and password then the hackers have your account details. Follow this with a simple “connection error” message and then pass you back to the real site. You will not know that your details have been hacked until after they are used.
There are many examples of how computer systems can be compromised and it is worth taking time to protect yourself. A simple, yet robust, scheme is Cyber Essentials.
Cyber Essentials is an IT industry scheme backed by the UK government. It covers five areas of security and also has the option to gain certification via Cyber Essentials Plus.
The five areas are:
- Boundary firewalls and internet gateways – these are devices designed to prevent unauthorised access to or from private networks, but good setup of these devices either in hardware or software form is important for them to be fully effective.
- Secure configuration – ensuring that systems are configured in the most secure way for the needs of the organisation.
- Access control – Ensuring only those who should have access to systems to have access and at the appropriate level.
- Malware protection – ensuring that virus and malware protection is installed and is it up to date.
- Patch management – ensuring the latest supported version of applications is used and all the necessary patches supplied by the vendor been applied.
This can seem complex and is some areas it can be, but it can be summarised in general terms as:
- Make sure that your router is secure and that the firewall within it (i.e. the rules for communication) only allows essential services to have access. Open firewall connections can leave “back doors” open that can be attacked at any time from the internet.
- Do not run or install software that you do not need.
- Make sure that all passwords are strong – at least 8 characters in length and a combination of letters, numbers and symbols. Do not use common words or words and numbers associated with you. Change your password regularly – at least two or three times per year.
- Remove any “guest” or “default” accounts from all software and computers.
- If a user leaves or no longer requires access then remove their account.
- Install Antivirus Software and allow it to automatically update itself. Also allow it to automatically scan your computer. Commercial Antivirus is better than free Antivirus.
- Make sure that all of your software – including Windows itself – is kept up to date. Hackers exploit known gaps in software.
There is more that can be done very simply and it is worth reading the Cyber Essentials documentation or seeking advice.