News

Cyber Security for Organisations: How COVID-19 Drew Our Attention to Data Security (+ Test)

COVID-19 and the related changes have made us all revise the rules of life and activity. The shift to the remote work has focused our attention without limitation on the online work security issues. How to protect personal and work information? What rules to comply with so that you personally and your organization will feel safe?  

The material has been prepared by the partners of the Pro Bono Lab Programme and Legal IT Hub, the international organization “PILnet” in cooperation with the global cybersecurity leader, AVAST

“I want to scare you, but my purpose is different. The purpose is to explain the real threats and the need to take them into consideration. If you think in the future whether it is a good idea to join the free Wi-Fi network in a cafe, my purpose will be achieved.” Frantisek Troster, the Engineering Director at AVAST

The best way to protect yourself is to make a hack attack as complex and expensive for the attackers as possible. We suggest several pieces of advice to be followed to protect yourself and your organization from cyber threats.

Internet Security

Technologies make our life more comfortable, but they create new threats we have not faced before. 

  • The main Internet threat is the risk of loss/disclosure of data, the risk of getting vulnerable by losing your confidentiality. 
  • The secondary threat is the imagined complexity of the cybersecurity issue that makes many people ignore the threats.
  1. The first thing you can do is to ensure the physical security of your devices. Smartphones are extremely vulnerable to theft and attacks. You must have a PIN code of sufficient complexity (of eight symbols) or unblock your device with fingerprints or Face ID, or use a token for laptops. Never use the same password for different services. Use the password manager.

Do not forget that a fingerprint reader may be by-passed with a copy of the fingerprint if someone undertakes some efforts to collect it from your wine glass. The Face ID function is the best thing to do for your smartphone security.

2. Always use encryption on the telephone. Encryption means that all the data on the telephone are saved so that they cannot be opened without a password. If your smartphone has been stolen, and you have stuck to this rule, you are safe. Full data encryption is available in almost all the telephones. Find this function in the settings and turn it on.

3. Use the devices by reliable manufacturers. Encryption and biometric security offered by unknown manufacturers will be harmful rather than useful. The price of smartphones with the high-security level starts at $ 200.

4. Never (!) leave your laptop unblocked and unattended for a long time.  

5. Use the software for remote tracking of your devices.

6. Back up all the important information! While analyzing the value of things, we understand that information is the most important matter. Data recovery can be much more expensive.

Data storage
There is no carrier or device that would guarantee the eternal storage of your data. The software installed in the device can ensure its security for several years only. 

Advice:

Keep your data in the cloud, such as Google Drive, Dropbox, OneDrive, etc. The cloud service upgrades its security means on a regular basis and backs up your files. Cloud services are reliable and secure.

Hack attack

Anyone without professional training or major expenses can make a hack attack. Ten dollars are enough for an attack similar to the one in James Bond movies.

Advice:

Never connect unknown devices (flash memories, USB cables etc.) to your computer or laptop. After the device is connected to your computer, the virus is very quick to attack. It can change DNS services, so your traffic will go through the criminal or a harmful server. It can block your digital keys or install malware on your computer. Remember! If you have left your laptop unblocked, you are simply inviting the offender to steal your data.

DoS attacks
When you get connected to the public Wi-Fi network in a restaurant or cafe, remember that the device distributing the Wi-Fi is generally the unsecured cheap router. The dangerous thing is that information is transmitted from the router to your computer or telephone via the unprotected space, so your information can be intercepted easily. No user-level encryption method is reliable enough if you are using the unsecured network.

Advice: 
Never use a public Wi-Fi network if you care about your data security. Use the devices and equipment you trust (home network) or make sure that the router has a high protection level (the cafe owner’s information on this matter might be false).

About attackers and possible “infections”

Attackers can be divided into several groups:

  • Organizations financed at the governmental level (Korean People’s Democratic Republic is famous for such examples: example 1, example 2);
  • Criminal groups disseminating knowledge on hack attacks and sharing tools to make them;
  • Professionals acting on their own for money or revenge;
  • Persons with no qualifications who want to try making a hack attack to entertain themselves.

Software viruses
A computer virus is the type of software that launches itself when downloaded to the computer and changes other programs or launches its own code.

There are several categories that can be treated as viruses:

  • Malware is the software designed to penetrate into your device without notification. The purpose is to get money for unblocking your data.
  • Ransomware is the virus demanding ransom. It is the type of software designed to receive files on your computer. The virus encrypts all your files so that they cannot be opened or used, fully blocks access to the computer and all the photos, videos, account files, working documents, etc. The condition for unblocking is to pay money (in the cryptocurrency in most cases).
  • Adware is an advertising software. The only thing it does is demonstrate you the unwanted advertising. It is safe in most cases, but it is sometimes used to collect your personal data, track the websites you visit, or even record the keys you push.
  • Spyware is the spy software. It is hard to find. It collects information on your habits and search engine history, website and webpage history and personal data (for instance, credit card numbers). Spyware often uses the Internet to transmit this information without your knowledge. 
  • Keyloggers are the spyware tracking which keys you push.
  • Botnet (or zombie army) is the network of numerous computers hacked by the malware for the hacker’s personal goals. It is currently one of the major online threats.

Conclusion:

The old Latin saying “Praemonitus – praemunitus” (which means “forewarned is forearmed”) is always applicable. Use reliable devices with a high-security level. Set reliable passwords for your devices. Avoid using suspicious carriers (flash memories, USB cables). Check the security of the network you are going to join to the possible extent. Turn on the data encryption function in your devices. Use the two-factor authentication of accounts (text message or call for identification purposes). Keep the information in a reliable cloud. 

Useful resources:

  • Shodan — check the security of the network you intend to join.
  • Avast Hack Check – — make sure your password has not been stolen.

Test yourself:

In order to check how you have understood the issue, we suggest that you assess the level of awareness and adherence to the cybersecurity level by you and your organization in Ukrainian or English.

#UA2Jschool #Legal_IT_Hub #probonolab

WRITE TO US




THANK YOU!
We'll get back to you soon!