We live our lives in an always-on digital world these days. Medical, banking, shopping, services, mobile, multimedia – all of these are engaged with and executed on-line. Along with a whole host of threats including viruses, malware, phishing, pharming, advanced persistent threats and more. Not only do we have to deal with threats from the bad guys, but now it seems we have to deal with these threats from the good guys as well ( our governments ).
Former NSA contractor Edward Snowden’s world-wide expose and whistle-blowing on the NSA and other US government organisations has everyone up in arms and scurrying for answers. It’s clear now that
- the national intelligence’s then director lied to Congress about whether or not they were spying on US citizens
- communications companies and Internet Service Providers have been unwitting ( or not ) participants in the collection of data and the access of that data by the US government
- the UK’s GCHQ bugged and tapped G20 summit visitors for email and phone traffic in 2009
- on-line sites and services are being compromised at a phenomenal rate
And we’re getting a bigger picture of how bad things are on a daily basis as more and more documents are released regarding the alleged spying fracas. Yesterday, it was reported that Microsoft ( and I’m sure they’re not alone ) has assisted US authorities with large scale interception of data running on Microsoft networks and services including but not limited to:
- Skype audio and video chats
- Outlook.com emails and chats
- SkyDrive cloud storage
This puts security agencies’ complaints, about not being able to do their work due to encrypted communications, in a new light – they’ve circumvented the issues by going to the source of the data!
So what are the issues facing Internet users and businesses today?
- global, connected and organised criminals
- advanced persistent threats where an entity is persistently targeted through a number of different methods
- breaches affecting well-known and used services
- increase in enforcement risk
- reduction in on-line privacy
- identity theft
- more digital devices and technology
- business naivety
With all the talk about IT security issues reaching mainstream news, it’s surprising that the last one is still on the table but there is definitely a sense of lacking in the broader business community when it comes to IT security. Why?
- I don’t need or want to know about IT security
- I don’t have the skills
- It doesn’t affect me
- My IT operations are already secure
Burying your head in the sand, ostrich-style, is not going to make the problem go away. You need to meet it head on and make the necessary changes and improvements to safeguard your digital identity, systems and data. If you’re uncomfortable making the changes yourself, then ask someone to assist.The cost of a loss or compromise of data is likely to be far more than the cost of protecting yourself properly. An average rebuild of a single infected PC is about R2000. Basic security and common sense costs a lot less. So how can you go about this?
Start with a good Internet Security package; one that includes Anti-virus, malware protection, firewall and web filtering. Good choices are BitDefender, AVG and Nod32. Next, practice safe internet access – choose your websites carefully; use complex passwords for service access; update your applications and operating system regularly; do not download applications that are not well-known including browser plugins and tool-bars, and virus-removal apps; do not click on advertising banners; make sure your security package is updating regularly; use private-mode browsing for Internet Banking. And finally, practice good email etiquette and management – archive your email regularly; do not click on links in emails; do not respond to emails from senders you don’t know. In general, never offer information when it’s not related to you, or offer more information than necessary. Question everything. Follow this through to mobile and landline use, when someone approaches you in the street or knocks on your door.
Even when we think the information we have is unimportant or not relevant to others, that information can still be used in a number of malicious ways. Security is half maintenance and half common sense. Together, these can keep you reasonably safe.
ID Experts have an interesting graphic showing current security issues – find it here.
