There’s a lot to learn when it comes to cyber-safety: can facebook give you a virus? What’s the safest browser? How do you know when your smartphone has been hacked? So we invited lloyd borrett, security evangelist for avg (au/nz), to answer some of the most commonly asked questions about cyber-safety on the world wide web and beyond.
1. What are some of the current emerging security threats?
It’s not so much that the threats change; it’s more that the cyber criminals change the ways they try to get to us. They are always looking for the easiest way to get to the most people.
In 2010 we saw a huge increase in the frequency and intensity of utility application software attacks (eg: Adobe Reader, Flash, iTunes, Quicktime, etc.) and various Facebook application attacks. The bad guys realised that most people had these applications and that there were plenty of security holes to exploit.
Identity theft continues to rise because of how easily cyber thieves can steal it, sell it, and get away with it. Especially now that so many people are so totally careless about the information they share and who they share it with via social networks.
Smartphones are taking over many of the functions of a computer, yet few users have installed even basic mobile security. Thus we see the bad guys targeting this fast-growing and vulnerable platform even more in 2011.
2. How has social media affected computer security?
Social networking sites are a cyber criminal’s playground. People engaging in social networking with people they do know will inevitably be followed by and receive friend requests from people they don’t know. Is it really an 18-year-old girl from Wellington? Don’t leave yourself open to attack by going onto social networks unprotected — and always log out of sites as soon as you’re done. AVG research shows the top 50 social networking sites have 20,000 compromised pages containing web threats or illegal content that could harm your computer or lead to their personal data. More than half of those pages were on Facebook, and one-third on YouTube.
3. Where do the biggest internet threats come from? Are there places on the web you just shouldn’t go?
The biggest Internet threats come from organised cyber criminals, who can be based anywhere in the world and appear to be operating anywhere else in the world. Nowhere can be guaranteed to be safe online. Major government and financial web sites have been compromised. However, accessing ‘adult’ web sites is the best way of getting hit by a security threat. A recent report found that more than 60% of web surfers attempting to access porn compromised their security on multiple occasions (see page 12). Accessing sites that host illegal movie, music and software is also likely to cause security issues.
4. When it comes to internet security, are all browsers created equal?
All browsers and all operating system platforms are pretty much as strong and as weak as the others when it comes to security. But cyber criminals are simple creatures, really. They will go where the money is and follow the path of least resistance to get there. Thus if the majority of people are using MS IE, then that’s the browser the bad guys will target the most.
While the bad guys will target security flaws in most of the major browsers as they become aware of them, they more often target security lapses in operating systems and other utility software like Adobe Acrobat Reader, Adobe Flash, Apple iTunes, etc.
This is why it’s essential that you keep your security software, your operating system, your software utility and applications up to date. Make it easy on yourself and use the automatic update features now commonly available to achieve this.
5. Are smartphones the new point of entry for hackers?
Smartphones and tablet computers are becoming and more important target for cyber criminals. Mobile devices are constantly connected and substantially less protected than a personal computer as users shrug off mobile security solutions and carelessly broadcast financial, account and other personal data such as their exact location while on the go. That’s why it’s important to protect your smartphones with security software. If you haven’t already, check out AVG Anti Virus for Android.
6. How has spam changed - what do people need to beware of now?
Certainly email-based spam has changed. For a start it’s now a huge percentage of all email delivered over the Internet, which is why we all need good anti-spam protection.
There was a time when the bulk of spam email had files attached that contained various forms of malware. This attack vector is now less used by the cyber criminals, as even basic email security software protects people from it. Today the email is more likely to have a link off to a web page hosting malware, or off to a phishing web page where you’ll be asked to provide identity and/or financial account details. Often tiny URLs are used to make it hard for you to identify the real URL of the page you’ll be taken to.
There is also a new form of spam — search spam. The bad guys now manipulate search results via social networking web sites and other means to pollute search results with malicious links.
7. What is the best password strategy?
Follow these steps to creating secure passwords:
- Think illogically; computers rely on logic to operate.
- Don’t use cardinal numbers in order: 1,2,3,4,5 etc. is not clever.
- Be obtuse, think outside the box. Don’t use dictionary words – invent new words!
- Never use your mother’s maiden name or any password that your bank might use.
- Mix keyboard characters such as the asterisk with letters and numbers.
- Use a mixture of upper and lower case letters.
- Always change default passwords from ‘password’ or ‘admin’.
- Make sure the password is at least eight characters long. The longer the better.
Then make sure you log out of any user account, web service or program you are logged in to. Use different passwords and email addresses to register for different services. Change your passwords regularly.
Don’t keep your passwords on a Post-It note on your desk! If you can’t remember them, write them down and put them in your wallet. Then if you lose your wallet, you’ll be replacing your credit cards, identification licences, and changing all of your passwords.