Patching up our cybersecurity

27 August 2019

Interview with 

Adrian Winckles, Anglia Rusking University

PADLOCK-HACKING

A padlock, superimposed over a map of the world, with binary code written across it.

Share

Most of us probably aren’t as secure online as we’d like. But hope is not lost. Even the weakest security can be shored up and patched together! Adam Murphy went back to Adrian Winckles, who had some much needed advice about keeping ourselves secure...

Adrian - Follow the general advice. Make sure that you have antivirus, firewalls, anti-spyware, all the usual tools you’d expect. Whilst they might become less effective, they still offer a level of protection. But also always be suspicious. Think about the websites that you’re visiting. Websites can harbour drive-by download code, they can redirect you to phishing sites, and these sort of things. So always examine, look at the address bar, make sure there's a green padlock obviously for making sure your data is encrypted.

Also be suspicious of what you receive as well. Everyone at some point will be a target of either a generic or a spear phishing-type attack to try and get you to visit websites, to get either login credentials or financial details to basically scam you. So always be suspicious of what you receive, look at, “is it a genuine link?” If you are suspicious of someone, “that's not the usual response that I get from someone that I know,” be prepared to ring them up, contact them separately before you follow out the instructions on that email. Knowing that your bank shouldn't contact you to immediately log in. Always use other forms of communication if you can. Look at the spelling, the English. Does it look like a genuine email? Sometimes it's difficult to tell, sometimes there are little tell tales. But if in doubt seek some sort of a confirmation that it's another form of a way of doing things.

Adam - And the advice for USBs is: don't plug in ones if you're not completely sure of where they came from.

Adrian - Many, many organisations will ban the use of USBs within the organisation because of data going out or data being left. You can get secure USBs. Know where a USB has come from. Or you can get the ones that have a high level of encryption on them, so if you lose them somebody can't get the data off them anyway.

Adam - There are sites that can tell you if your data has been breached from any website or leak. We did it in the office and most of us had been. So chances are you have too. So what do you do if you know your information has been compromised?

Adrian - If you found it’s been breached, obviously change your login credentials. If you can change your username do that, but certainly change the password. It comes back to what I said before: don't use the same password on each system. So if it's just one system that's compromised, it's only accessed that's system, it’s not multiple systems. Find out if you can what data has been exposed. And so if you need to make changes to necessary credit cards or other personal details then do so.

Adam - And these days there's more than one way to secure any given login you use.

Adrian - Two-factor and multiple-factor authentication, whereby it's a bit of something you know, something you have, something that’s part of you. So whether it be a username-password plus a code on a phone, or it’s biometric data, they are intrinsically more secure - not infallible - but definitely easier to protect.

Adam - And one last thing to think about. Pretty much everyone I've spoken to while making this who isn't a computer pro gives themselves administrator privileges on their own computer. It's convenient, you don't need a password to install something. But is it a good idea?

Adrian - No. Because if someone gets the login credentials and can remotely access, because most computer systems have a form of remote access, whether it be remote desktop, whether it be Skype-type sessions or one of those sort of things. You shouldn't use privileged accounts for genuine user access.

Comments

Add a comment