Becoming digital security guards: avoiding cybercrime in the online age
By Colin James Head of Cybersecurity, Vodafone NZ
In today’s digital world, organised crime has moved online. Where the drug trade was once the most lucrative illegal cross-border pursuit, international estimates suggest that cyber crime may have surpassed it. With cyber crime there are many more potential targets and a lower risk of being caught - but most importantly, the financial returns can be incredibly significant.
But when one party (the cyber criminal) stands to make significant financial gain, the other (unsuspecting Kiwi) stands to see a considerable loss - and local businesses and individuals are increasingly under threat from international bad actors trying to make a few (million) bucks.
Cyber crime is often a numbers game - and while millions of emails can be sent in seconds, criminals generally only require a small number of people to be convinced to ‘click on a link’ to make their windfall.
I believe security should be an enabler, because if it’s a roadblock then people will try to find a way to get around it - rendering the security controls ineffective. So businesses, and cyber security professionals, need to look at the bigger picture when implementing protectionary measures.
Here are five suggestions to help New Zealanders avoid the poisonous spiders in the World Wide Web.
1. Multi-factor authentication should almost be invisible to users
A key objective of most security measures is to make it harder for people to get in the door. Just as a swipe card makes it harder to get inside an office block, an extra virtual layer can help protect an online business. But to be successful, it should almost be invisible to users.
At Vodafone, we use an enterprise tool supplied by Symantec, which uses another device (generally a mobile phone) to authenticate a user after they’ve entered their password to allow access to corporate systems. Smaller businesses may instead choose to use cloud-based tools to run their applications, which when bought from a reputable source have a number of inbuilt security elements. Good examples include the Microsoft Office 365 environment and Xero.
2. A Password Safe is the safest place to store credentials
We all know that a more complex password is a more secure password, but it can be incredibly hard to remember 20, 50, or even 100 unique passwords.
A password management tool can help - but it’s even better if it’s a ‘password safe’ that both stores your passwords and lets you know if any of your accounts have been compromised. This means you can proactively change any passwords when notified of a potential breach.
Great options in this space include One Password, Last Pass, and Dash Lane.
3. Make your challenge questions even more challenging
We’ve all used the ‘forgotten password’ button when we forget a password to one of our often-hundreds of online accounts. But you need to make sure your ‘challenge question’ isn’t easily found on the internet…. Your mother’s maiden name may be easily determined if she doesn’t share your father’s name. Or if your Facebook profile contains a photo of you with your first car, and that’s the most common reminder question!
Another way of doing it is coming up with a fake answer i.e. a ‘fake Mother’s maiden name’ that you use whenever you get that question, as an extra layer to try to trick the tricksters.
4. Customer data protection should be a business’s greatest concern
When speaking to Vodafone Business customers, they often say: ‘I’m a florist/online retailer/electrician, why would a hacker what to steal my information?’ But cyber criminals most likely don’t want to access your information… they want that of your customers.
There was a high profile customer data breach recently reported in New Zealand, of a property firm keeping all its customer’s information in a public place, which would have been gold for cyber criminals. And the potential impacts of what could happen when that data was used to access bank accounts, or example, could be massive - both from a financial as well as reputational aspect for a small business.
Likewise, if you store credit card details to process monthly payments for gym membership, for example, you have some incredibly important customer information that could potentially be lucrative if obtained by the wrong people. So making sure your systems are robust is incredibly important.
5. Having just one extra security layer could make all the difference
In the offline world, making your house harder to break into than the neighbours can be the deciding factor in who gets robbed (a robber will choose the open window any day). It’s the same in the online world.
Having just one extra digital security layer can be the difference between whether you get targeted, or if the cyber criminals target a business or person in Lithuania, Mexico, Singapore or somewhere else. That’s where harder passwords, multi-factor authentication and additional back-end monitoring can make all the difference.
Really, cybersecurity can be both simple and complex - but it’s increasingly important for businesses. Over in the UK, Aon’s 2019 Global Risk Management Survey rated damage to reputation/brand and cyber as the number one and number three risks respectively for businesses - and we could expect similar results here in New Zealand.
As cyber crime is often lower risk and higher reward than other forms of organised crime, the criminals will keep getting smarter in their quest to swindle money. Don’t be the business that gets caught with the door unlocked.
For more information about Vodafone NZ’s security services, please visit www.vodafone.co.nz