CYBER SECURITY AWARENESS
CYBERSECURITY: STUDENT
2016
JOIN THE FIGHT
Against cyber crime
EVER THOUGHT OF A CAREER
in CyberSecurity?
MOVING SOUTH AFRICA TO A HIGHER LEVEL OF INTERNET SAFETY
Department Of Telecommunications & Postal Services
MOVING SOUTH AFRICA TO A HIGHER LEVEL OF INTERNET SAFETY
Department Of Telecommunications & Postal Services CyberSecurity Campaign
MOVING SOUTH AFRICA TO A HIGHER LEVEL OF INTERNET SAFETY
02 SA’S STRONGEST LINE OF DEFENCE against cybercrime
20 SURF safe
04 14 WAYS to live a safer life online
22 PROTECT YOUR BUSINESS online
07 ONLINE BANKING at the ATM
24 SAVE YOUR MEMORIES from disaster
08 CATFISHED Don’t be fooled
25 AVOID BEING A VICTIM of hacking
11 PROTECTION FROM CYBER CRIMINALS on social media 12 HAVE YOU EVER THOUGHT ABOUT studying CyberSecurity? 14 E-IDENTITY Protect your password at all times 15 CHILD APPROPRIATE Products
CYBER SECURITY AWARENESS
CONTENTS
Editor Malaika Mahlatsi Art Director Ashley van der Merwe ashley@creativeboost.co.za 073 935 0056 Advertising Sales Tokologo Phetla commodore@thecommodoremedia.com 073 684 8874 Contact Information Physical address: 39 Rivonia Road Building 4, Commerce Square Sandhurst, 2196 (011) 268 0179 / (073) 684 8874 www.thecommodoremedia.com
16 DETECT and remove a computer virus 17 ONLINE GROOMING Don’t be preyed upon
Printed by Business Print
2016
1
CYBERSECURITY AWARENESS
SA’S STRONGEST LINE OF DEFENCE
The introduction of the Cybersecurity Hub provides a meaningful solution to cyber attacks against the state and ordinary South Africans.
he Department of Telecommunications and Postal Services has recognised the rising threat of cybercrime and is taking action. The imminent establishment of the Cybersecurity Hub will be the nation’s strongest line of defence against cyberattacks and online fraud, under the control of the national Computer Security and Incident Response Team (CSIRT). The hub will also share information and collaborate with local and national government, industry and international partners. On July 16 2014, Minister of Telecommunications and Postal Services, Dr Siyabonga Cwele reiterated the importance of having a secure online environment for individuals and business to prosper. “In ensuring that our network infrastructure is safe, secure and robust and that individuals and businesses have confidence in using ICT infrastructure, we will finalise the establishment of the Cybersecurity Hub. … The function of the hub is to promote best practice, compliance with standards, procedures and develop related cybersecurity policies that affect the public and private sectors,” Cwele said. The Council for Scientific and Industrial Research (CSIR) has been contracted to help establish the Cybersecurity Hub. 2
2016
The Cybersecurity Hub will be the preferred port of call for cybersecurity advice and public comment regarding incidents, making it a major contributor to a cyber safe South Africa. The Hub’s mission is to be the central point of collaboration for cybersecurity incidents.
The Hub will support incident resolution but will not be responsible for doing incident handling on site. The Cybersecurity Hub has the welfare of the country and its citizens at heart and is not established to generate revenue for interested parties. OTHER SERVICES PROVIDED BY THE CYBERSECURITY HUB: 1. Sending alerts and warnings to constituencies; 2. Make announcements on threats; 3. Ensure proper incident handling; 4. Conduct incident response support; and 5. Ensure security related-information dissemination
to our constituencies are executed accordingly; 6. Conduct cybersecurity awareness programmes.
CYBERSECURITY AWARENESS
The Cybersecurity Hub will be operated within the Department of Telecommunications and Postal Services and will give input into government policy and procedures for incident response and cyber risk mitigation.
A fully fledged Cybersecurity Hub will ensure that its policies and standard operating procedures conform to ISO 20071 and 20732 standards and will guarantee that its physical and information infrastructure and system complies with Minimum Information Security Standards (MISS), Minimum Physical Security Standards (MPSS), and the Forum for Incident Response Security Teams (FIRST) requirements. The Cybersecurity Hub will maintain a world recognised reputation and trusted contact network of computer security experts around the world and will provide prevention, response and mitigation strategies for members.
GRAPHIC DEMONSTRATION OF THE CYBERSECURITY HUB
Civil Society
Communities
Business/Private Sector
JCPS Cluster 2016
3
CYBERSECURITY AWARENESS
WAYS
TO LIVE A SAFER LIFE ONLINE Are you being careful while surfing the net? Have you locked down your devices so no one can access it but you? Here are some crucial tips to make you less vulnerable.
yber criminals are not just targeting your personal desktop computer anymore. They can cunningly gain access to your phone, tablet or laptop. If they can do that they can get access to your pocket or your personal material. 1. Keep your system, browsers, applications and security software patched and updated. An out of date browser is always vulnerable to viruses and hackers. Antivirus software is plentiful online but be sure to choose a good one. The good ones are worth paying for. 2. Lock your cellphone, tablet and PC when they’re not in use. Most devices have an option to set a password or even a fingerprint pass to unlock. Do yourself a favour and do this. You’ll save yourself a world of trouble. Just don’t forget your password.
5. Use official app stores to find new software for your mobile devices. There’s an app for everything, but be sure to download them from a reputable source. Do your research and find out as much about the company as possible. Some apps are designed to spy on your device and you don’t want that. Check the reviews on any app before you install it and look at your app’s permissions to see what you’re sharing. 6. T here’s no such thing as “private” on a social network. Your friends can share whatever you post. Think twice before bearing your heart on these accounts. It may come back to haunt you. 7. U se a VPN when connecting through an unsecured WiFi. It is the safest form of connectivity.
3. Use unique, complex passwords for all of your most important accounts. The best passwords contain capital letters, numbers and symbols.
8. A re you sharing your location without even realising it? Your photos and your social media accounts may be announcing where you are to strangers. Check your settings.
4. Keep your e-mail inbox organised. If you are able to spot spam or suspicious e-mails that’s half the battle won. A crowded inbox is the hiding place of many scoundrels.
9. S et up a separate, Java-free browser dedicated just for shopping and banking. This way there is less chance of hacking or tracking online.
4
2016
CYBERSECURITY AWARENESS
10. A lways check your URLS before filling out a form. A padlock and https means the site is secured, and that you’re where you’re supposed to be. 11. D elete old WiFi access points that you’ve used and don’t allow your device to automatically connect to public WiFi. 12. C heck the credit card you use for online shopping regularly for unusual activity. As a matter of
principle, even if you don’t shop online you should be doing this. 13. When using a business’s WiFi network, check that the network you log onto is really theirs, and not a shady character trying to con you. 14. P ut masking tape over your webcam when you’re not using it. A smart hacker can infiltrate your computer and use the camera to spy on you. 2016
5
6
2016
CYBERSECURITY AWARENESS
CYBER SECURITY AWARENESS
ONLINE The world uses mobile devices now more than ever before to perform every day tasks like banking, business and socialising. So it stands to reason that criminals and trolls are just as active online. The need to protect yourself and your belongings while browsing the world wide web is now more critical than ever.
here are more cellphones than people in South Africa. We use mobile devices for sensitive activities, including banking, online shopping and social networking. Some of these activities require users to provide personal information such as their names, account numbers, addresses, e-mail addresses and passwords. Moreover, apps routinely ask for access to information stored on the device, including location information. In addition, the use of unsecured, public Wi-Fi hotspots has increased dramatically over the past few years. These networks are accessible on airplanes, in coffee shops, shopping malls and at sporting events. While continued access provides us with more flexibility and convenience to stay connected no matter where we are, it can also make us more susceptible to exposure. The more we travel and access the internet on the go, the more risks we face on our mobile devices. No one is exempt from the threat of cyber crime, at home or on the go, but you can follow these
simple tips to stay safe online when connecting to the internet from a mobile device: • Think Before You Connect - Before you connect to any public Wi-Fi hotspot like on an airplane or in an airport, hotel, train/bus station or café be sure to confirm the name of the network and exact login procedures with appropriate staff to ensure that the network is legitimate. Using your mobile network connection is generally more secure than using a public Wi-Fi network. • Guard Your Mobile Device - In order to prevent theft, unauthorised access and loss of sensitive information, never leave your mobile devices–including any USB or external storage devices– unattended in a public place. While on travel, if you plan on leaving any devices in your hotel room, be sure those items are appropriately secured. • Keep It Locked - The United States Computer Emergency Readiness Team (US-CERT) recommends locking your device when you are not using it. Even if you only
step away for a few minutes, that is enough time for someone to steal or destroy your information. Use strong PINs and passwords to prevent others from accessing your device. • Update Your Mobile Software Treat your mobile device like your home or work computer. Keep your operating system software and apps updated, which will improve your device’s ability to defend against malware. • Only Connect to the Internet if Needed - Disconnect your device from the Internet when you aren’t using it and make sure your device isn’t programmed to automatically connect to Wi-Fi. The likelihood that attackers will target you becomes much higher if your device is always connected. • Know Your Apps - Be sure to thoroughly review the details and specifications of an application before you download it. Be aware that the app may request that you share your personal information and permissions. Delete any apps that you are not using to increase your security. 2016
7
CYBERSECURITY AWARENESS
DON’T BE FOOLED If it sounds too good to be true, steer clear. Fake accounts can lure you into a dangerous world.
ou may have seen it on MTV and laughed at the victim being so silly to not know they were being tricked, but falling prey to catfish is not that uncommon in South Africa. A rarely used term here, the urban dictionary defines it as someone who pretends to be someone they’re not using Facebook or other social media to create false identities, particularly to pursue deceptive online romances. The key to not being a victim is to understand how vast the internet is, you can connect with someone thousands of kilometres away, on another continent by simply logging into your social media account. Sadly, there are predators out there who are waiting to pounce on unsuspecting people. HERE ARE A FEW TIPS TO AVOID BEING CATFISHED: 1. U se Google. It is very easy to fact check anyone on google these days. Don’t be afraid to use your search engine and find out all that you can about the person. Google also has a nifty feature called search by image where you can check if the person has 8
2016
multiple accounts, that is a sure giveaway that you are being hoaxed. 2. C heck the number of friends they have. Fake accounts have a small number of friends and are not tagged in pictures. Regular users have a fair amount of everyday posts and family members commenting on pictures. If they are not socially active then you can be sure that is a fake account. 3. K eep your private information to yourself. Make sure your privacy settings are activated so your personal information like phone number and other information is not available to the public. 4. Meet the person if your relationship online has progressed. If they make too many excuses then that is a red flag. 5. Do not send images of yourself to anyone you do not know. If someone confesses their love for you soon after you start chatting then you are possibly being catfished. If it’s too good to be true, chances are it is. 6. A lways follow your gut. If you feel uneasy don’t shrug off your intuition.
CYBERSECURITY AWARENESS
A CATFISHER GENERALLY: 1. Uses false identification. 2. Will ask you for money or ask you to go to a paying website. 3. Is very romantic and easy to talk to, they will be anything you want them to be. 4. Will make up excuse upon excuse to not video chat or skype.
2016
9
10
2016
CYBERSECURITY AWARENESS
CYBERSECURITY AWARENESS
PROTECTION FROM CYBER CRIMINALS Now more than ever, consumers spend increasing amounts of time on the internet. With every social media account you sign up for, every picture you post and status you update, you are sharing information about yourself with these social media companies and the world.
ow can you make sure you and your information stay safe online? Navigating security features and the pitfalls of the online world can be a bit daunting but it needn’t be. Facebook has become an integral part of many people’s daily lives. It allows us to stay in touch with friends and relatives irrespective of where we live. Unfortunately, using Facebook can also expose us to various risks. NEVER ADD UNNECESSARY PERSONAL DETAILS TO YOUR PROFILE. Identity theft is one of the biggest problems of the digital age. Never provide any personals details you do not absolutely “have to” on any online forum. If you “have to” add your birthdate, at least do not share the year in which you were born. USE A STRONG PASSWORD A good password should contain UPPER and lower case alphabetic characters, numbers, and some special characters. Try using the first letter of every word in a sentence combined with a few “twists” like using the last word in full. For example: My name is Bob and I like to eat = MniBaIl2e@t.
CONFIGURE PRIVACY SETTINGS Do not leave the privacy settings for Facebook set to the default options, rather configure it to disclose as little about you as possible. Never allow people to “tag” you in photos without your approval. ACCEPT ONLY REAL FRIENDS AND FAMILY AS FACEBOOK CONTACTS If a business associate wants to connect with you, rather invite them to link to your Linked-In account. DON’T USE DEROGATORY REMARKS Many prospective employers nowadays look at your Facebook history to help judge your character. Make sure your history reflects how you would like the world to see you. DON’T TELL THE WORLD WHERE YOU ARE Everything you post on Facebook should be considered public knowledge. Do you really want the thieves who are online to know when you are not at home? BEWARE OF APPS Many Facebook apps share your information with third parties. Only allow access to your information to sources you are sure you can trust. 2016
11
CYBERSECURITY AWARENESS
HAVE YOU EVER THOUGHT ABOUT Rather than listen to experts and trust that they know what they’re talking about, why not study CyberSecurity to learn about it for yourself?
e shop online. We work online. We play online. We live online. As our lives increasingly depend on digital services, the need to protect our information from being maliciously disrupted or misused is really important. An online course will help you to understand online security and start to protect your digital life, whether at home or work. You may want to consider learning how to recognise the threats that could harm you online and the steps you can take to reduce the chances that they will happen to you. With CyberSecurity often in the news today, you will need to learn about malware, including viruses and trojans, as well as concepts such as network security, cryptography, identity theft and risk management. If you want to go a step further you could even seek employment in the CyberSecurity industry. According to a recent report from Burning Glass Technologies, the demand for CyberSecurity professionals has grown more than 3.5 times faster than the demand for other IT jobs over the past five years and more than 12 times faster than the demand for all other non-IT jobs. Current staffing shortages are estimated between 20 000 and 40 000 and are expected to continue for years to come. 12
2016
Experts have confirmed the severe shortage of skilled people in this field. A survey on 2014 IT spending intentions, and results show that 42% of responding organisations intend to increase their headcount in the information security. This is the highest percentage of all IT skillsets in demand. Moreover, 25% of all organisations surveyed claim to have a “problematic shortage” of information security skills. The shortage is especially acute in the government, manufacturing, financial services, retail/ wholesale, and healthcare industries. This is not surprising, given the vast amount of sensitive (and monetisable) data in those organisations, and the high regulatory pressure to secure that data. As the law of supply and demand dictates, people with good CyberSecurity skills have great earning potential. A new survey by Semper Secure, a publicprivate partnership in Virginia formed to advance the CyberSecurity profession, reports the average salary for US security professionals to be $116 000, or approximately $55 per hour. That’s nearly three times the national median income for full-time wage and salary workers, according to the Bureau of Labor Statistics.
CYBERSECURITY AWARENESS
CYBERSECURITY How you can get involved in the fight against cybercrime Join the national campaign to stop cybercrime. The CYBERSECURITY Campaign is a national public awareness campaign aimed at increasing cyber safety amongst South Africans. Help the campaign educate and empower the public to take steps to protect themselves and their families online. To get involved, become a friend of the campaign by visiting www.dss.gov/stopthinkconnect. Once you are a friend, there are many ways to stay involved: • Blog, tweet or post about Stop.Think.Connect. and safe practices when it comes to new technology. • Spread the word. Promote Stop.Think.Connect. messages and resources within your office and social groups. • Volunteer within your community to mentor kids and teens on the basics of online safety. • Consider a career in cybersecurity if you enjoy science, technology, engineering or math.
For more information on the Cybersecurity Campaign visit www.cybersecurityhub.gov.za or contact us on incident@cybersecurityhub.co.za. 2016
13
CYBERSECURITY AWARENESS
E sers should ensure that their Credentials (User Password) are kept secret at all times. This is to prevent unauthorized entry to acquire a user’s personal information to commit an unlawful act. • Take time to understand the risks and learn how to spot potential problems • Watch out for warning signs and contemplate how your actions could impact your safety, your kids or family 14
2016
• Enjoy access to internet with all that it is about to offer THE FOLLOWING PASSWORD’S SHOULD BE KEPT SAFE: Computer Password (Local machine, Active Directory); Social Network Account Password (Facebook, Skype, Instagram, Tweeter, Youtube etc); Online e-mail Services Accounts (Gmail, Yahoo, Telkom, etc); e-commerce Account Passwords (Online Banking, iTunes, Amazon, etc)
CYBERSECURITY AWARENESS
CHILD
Not all content or online products contained within this web will just make you laugh or educate you, there is a very serious dark side that young people need to look out for and avoid
he Dawn of the internet has put all kinds of information in reach of anyone, of any age. With just the click of a mouse, you can go from watching videos on how the universe began and the expansion of dark matter, to the top 10 funniest scooter wipe-outs of all time. If you sat on the internet 24 hours a day for your whole life, you would still not consume the content contained within this network of connections all around the globe. Not all content or online products contained within this web will just make you laugh or educate you, there is a very serious dark side that young people need to look out for and avoid, before you are taken advantage of. TYPES OF INAPPROPRIATE ONLINE PRODUCTS: • Sexually Explicit Content • “Get rich quick” scams/gambling sites • Online Dating websites • Violent games WAYS TO DEAL WITH THEM: • Watch out for 18+ or age restriction warnings
• Don’t use your parents credit cards online without their consent • Avoid pop-ups and flashy online advertising In the study, “A review of the research on internet addiction”, negative impacts of internet addiction and overly excessive consumption of inappropriate online products are highlighted clearly. Negative effects on academic ability, family relations, physical health, and mental health are all by-products of this over consumption. Over-excessive use of the internet is often used as an escape mechanism for young people who are still forming opinions around their identity and significantly decreases the quality of friendships and romantic relationships. It has been shown that moderate use of the internet as a leisure activity can be beneficial, and such activities do not always lead to internet addiction. These benefits do however diminish with an increase in usage, with the array of negative effects above. 2016
15
CYBERSECURITY AWARENESS
AND REMOVE A COMPUTER VIRUS Viruses lurk everywhere in cyberspace waiting to attach itself to vulnerable machines and cause havoc with your life.
ntivirus software is non-negotiable if you’re using a Windows operating system. Computer viruses are always looking for a way into your devices. It’s what they are made to do. Needless to say there are several different anti-virus programmes available – some free and others for sale. Free versions are sometimes limited in capability compared to the commercial products. Most antivirus programs will alert you whenever it detects a virus or malware. Write down the names of each malware application your software discovers. It will then try to remove or isolate the intruder for you. This is much easier than removing malware on your own. When a virus or malware is removed, shut down your computer, reboot and run the antivirus software again. If no viruses are detected then you are in the clear. File infector is probably one of the most notorious viruses in cyberspace. It can easily infect any file on your machine. Of all computer viruses this is the one that can cause the most damage. This virus can replicate the malicious code and attack other 16
2016
applications. Files with an .EXE and .COM extension are prone to this virus but any file is at risk. If you want to keep your important documents safe and confidential you must know how to detect a virus and remove it swiftly. You must first know what to look out for and you must have the software that can cope with the virus. If your computer is behaving strangely like resetting itself or shutting down unexpectedly, chances are it has a virus. If you suddenly notice shortcuts or programmes you hadn’t intentionally installed, almost certainly your computer is infected. Detecting a virus manually before it infects your computer is virtually impossible so invest in good antivirus software. Remember to update it regularly. For extra protection you may want to consider a firewall service. It will intercept threats that come via the Internet or another source that has access to your PC.
CYBERSECURITY AWARENESS
17
2016
CYBERSECURITY AWARENESS
would u o y If alk to t o t like act t n o c e someon line on child 55. 5 5 5 0 0800
18
2016
CYBERSECURITY AWARENESS
ONLINE GROOMING:
The internet is an exciting place for young minds, but right in front of you are predators looking for their next victim.
ellphones are readily available. As a teenager your parents trust that you will use the device responsibly but in doing so you open yourself up to a world of possibilities, and trouble, every time you log onto the internet. We are all curious about chat sites and how they operate. At a teenage level all you might be looking for is someone to intrigue you. What you might find however is someone who is grooming you to engage in sexual activities. Grooming is a real threat and recent studies show that the first contact is generally made online via cellphones. The term grooming, or child grooming refers to befriending and establishing a relationship with a child and their family in order to gain their trust and later use them in sexual activities, prostitution and worst of all to traffic them as child sex slaves. The groomer usually trolls the internet to find their victims; teens and children who have little supervision online are their ideal targets. They engage in conversation and become best friends very quickly. In some cases they will later try to befriend the child’s parents in order for the parents to trust their child with them. As the relationship grows, the groomer begins showing the child pornography in order to ease the child into the game. This is called normalising the behaviour. Once it is not repulsive to
the child it becomes easier to engage the child in sexual behaviour. According to a study released by the Youth Research Unit (YRU) of the Bureau of Market Research (BMR) at the University of SA recently, about 31.4% of secondary school children surveyed in Gauteng have come across people who have tried to get them to talk online about sex against their will, 22.8% were asked online to perform sexual acts and 59.6% photographed and sent pictures of themselves naked or semi-naked. Those are shocking statistics surveyed over 1 500 secondary pupils in Gauteng. More shocking is that only 31.8% who experienced online sexual grooming actually reported the incident. It is a sick depraved world we live in and a single tap of a button can get you into so much of trouble. Be careful when you see an unfamiliar link, do not pay attention to people who are trying to engage with you on sexual conversations. And if you are a victim, do not feel alone, there are thousands of people who have gone through this experience. Report the incident. If victims do not speak up the chances are greater that more unsuspecting, younger children, will fall prey to these predators. 2016
19
CYBERSECURITY AWARENESS
SURF
If you are transparent about your internet activities it is more likely that your parents will allow you to use the it more often.
ith the number of sexual predators and negative incidents that happen online it is very important for parents to police their children’s internet use. Responsible use of the web can help with homework and even allow you to connect with penpals from across the globe but don’t be fooled, the internet can be a big bad place if you are young an impressionable. Use these tips to make sure you and your parents are protected and aware of what it happening online: DO NOT REPLY TO RUDE OR NASTY COMMENTS. • Immediately tell an adult if you feel uncomfortable or worried online. • If someone is being mean or nasty on MSN – block them. • Have your computer in a common area of the house NOT IN THE BEDROOM! • Do not have a ‘flirty’ or ‘nasty’ log on name. • Help your parents to learn about the internet. Teach your parents the language of the cyberspace. • Let your parents know where you go online, just as you would in real life. • Ask your parents to spend time online with you learn and explore together • Make sure that there are filters and other monitoring/blocking software to minimise dangers. • Together with mum or dad, set house rules about what information you can put onto websites or share with others. 20
2016
• Never ever share PERSONAL INFORMATION such as your name, address, phone number or school! • Social Networking profiles such as MySpace, Facebook and Bebo MUST BE SET TO PRIVATE. • MSN contacts and social networking site friends should be people that you know in real life. This is one way to reduce possible risks. • An ‘online friend’ that you don’t know in real life is a STRANGER. • Passwords MUST NOT BE SHARED!!!!! Choose passwords that others can’t guess…..not your favourite food or pets name. • Change passwords 4 times per year (last day of every term) • Be aware that information on the internet is not always reliable. • Your parents should check your hotmail/msn/ social networking lists. • If you are playing games online, YOUR parents should know how to play the game too in case of problems. Play online games together. • Learn about search engines and how they work. • The internet and the various applications are a lot of fun..surf safely together with your parents! Please note that this list is by no means exhaustive and that there is no guarantee that adherence to these tips will provide 100% protection or safety for those using the various applications of the internet. www.stopbullying.org www.netsmartz.org
CYBERSECURITY AWARENESS
A QUICK BREAKDOWN OF CYBER THREATS: In order to combat computer viruses you need to know the tell tale signs, and what to do about it. Spyware: software that literally spies on your computer and your activities. A cyber spy can get hold of your banking details, credit card information or just about any other personal information from your PC. Viruses: This is software that disables your computer. It can change information, add information or destroy all information on your computer. Adware: The popup advertisements when you are surfing the internet are called adware. Scareware: This looks like and acts like anti-virus software, it will coax you into believing that your computer is at risk and you need to click on the link to download a fake security solution. When you download the software it manifests as spyware. Botnets: These are responsible for sending spam e-mails and other illegal e-mails.
2016
21
CYBERSECURITY AWARENESS
PROTECT YOUR BUSINESS Taking your company live could be the best thing you have do but without the proper cybersecurity you are putting yourself and your customer at risk
ensitive information is continuously transmitted over the internet every second of every day. The need to protect this data has never been more crucial, especially for small and medium enterprises. A business must protect its corporate network and clients from intruders. That is a given. Most customers worry about identity theft. Buying online requires customers to give up certain personal information that is important to complete a transaction. The onus is on the business owner to guarantee the safety of that information or risk losing customers and ultimately the business. Setting up an e-commerce business involves creating a website, choosing a trustworthy internet service provider (ISP), access to the internet and then registering a domain name. It also relies on a wide range of technologies such as the World Wide Web delivery system, networks, privacy of data, SSL, reliable payment gateway and e-mail. When you buy a house, you do a security assessment and perhaps hire a company to install beams and panic buttons based on the size and dimensions of your property. In the same way if you are trading online, digital certificates, certificate authorities and your internet service providers form a complex relationship that guards against cyber criminals. Any weakness in the system will be exploited and expose your customers to a dark world of crime. 22
2016
Choosing the right internet service provider is the first step and is often your first line of defence. Other ways of securing your e-commerce business are firewalls, user authentication, data encryption, key management and digital certificates. The three elements needed to secure an e-commerce business are: merchant, transport and customer security. The perception of the risk of cybercrime has increased from 38% in 2011 to 48% in 2014 in South Africa. Very few e-commerce businesses have implemented anything close to a cybersecurity strategy to counter attacks against their networks. Typically an e-commerce business would hold information on employees, vendors and customers. What happens when that information is exposed to an outside party, or worse, people with criminal intentions? In South Africa a breach could cost a small business on average R1.1-million to R2million. In an ideal world you as an owner should consult an IT expert to assess how vulnerable your business is to cyber attacks. Financially, that may be outside of your budget so there are ways you can prevent any security breaches. Keep your software up to date: Gaps in software are common areas where hackers can access your network.
An unsecured wifi is an invitation to a hacker to gain access to your network. Just as you close your windows and doors to strangers to prevent an intrusion, it is as important to prevent hackers and the like from infiltrating your computer through your wifi network. KEEPING YOUR ROUTER OR MODEM SAFE IS CRITICAL TO YOUR COMPUTER’S WELLBEING. These six tips can help you be safer: Always change passwords: Manufacturers place a setup code on your device so you can maneuver easily through the initial process. The default login is very easy to guess so make sure that as soon as you are setup you change all codes and pins.
CYBERSECURITY AWARENESS
HOW TO SECURE YOUR WIRELESS FACILITY Keep your access point away from the window: It is always a better idea to keep your access point towards the centre of the house rather than near a window. If the access point is near the window it is easy for outsiders to access your network. Turn off your wireless when not in use: If you are not going to be using your wifi for an extended period of time then turn it off. You are less likely to be hacked if your wifi is off when you are away on holiday. Never connect automatically to outside networks: Most computers and cellphones have the capability to connect automatically to open WiFi networks. This leaves your device open to hackers and security risks. Make sure you turn off this facility on your device.
Set up firewalls on your router and computer: Routers generally have firewalls that are built into them, make sure they are active. Also enable the firewalls on all computers connected to the router.
Minimise your transmitter power: Many routers have an option where you can turn down the range of your network, turn it lower so it does not extend to unwanted users.
Install an anti-virus on all your computers and servers: The ideal anti-virus should be able to detect, remove and protect your machines against malware.
grace, so having them backed up would give you peace of mind.
Scan you website and applications for malware: Not only are computers vulnerable, but so are websites and web applications. Back up critical data: If you’ve been a victim of cybercrime, restoring your data is your only saving
Equip your network to handle attacks: Distributed Denial of Services (DDoS) attacks target unsophisticated networks. Preventing these requires big budgets, but if you opt for cloud computing and a reputable cloud computing partner you could spare the expense while protecting your system at the same time. 2016
23
CYBERSECURITY AWARENESS
MEMORIES FROM DISASTER Not only is backing up your computer good online practice, it is just common sense. You wouldn’t jump out of a plane without a parachute or walk the tightrope without a net, so why in the world would you store all your life’s memories on an electronic device without backing it up somewhere safe?
acking up your computer has become the simplest and easiest way to protect your valuable information - so make sure you do it regularly. It means simply making a copy of all the files on your computer and keeping them in a safe place, either on an external hard drive, a server or in the cloud. This way, if your computer is damaged along with the files, you are able to recover them and continue with life as normal without the pain of having lost sentimental pictures or critical business documents. You may back up your computer monthly, weekly or daily. Common practice is to do one large back up followed by smaller back ups when needed, after files have been updated or been modified. First, find the right storage device. Preferably an external, free standing hard drive. It must have enough free space to hold all your data - actually it should be twice the size of the information you want to back up. You have to find the Windows 7 back-up program. Press the ‘Windows’ button on the left-hand side of the taskbar and type in ‘backup’ in the search box that appears. On the results you now see, click Backup and Restore.
You should now have arrived on a page headed ‘Back up or restore your files’. On this, click Set up backup. This will open a series of pages. The first page is ‘Select where you want to save your backup’. This is where you’ll tell the computer to send copies of all your files and programmes/applications. You’re given a number of choices, depending on which back-up method you’ve set up. Here the choices are: to send copies to a DVD in the DVD drive; or, as Microsoft recommends, to send them to an external hard drive. Click on the option that suits you and then click Next. You’ll now see the ‘What do you want to back up?’ page. Here you can choose what Windows recommends – that is, a combination of a system copy and back-ups of all your data files – or you can opt for ‘Let me choose’ and pick only those items you want Windows to copy. Make your choice and then click Next.
Alternatively, press the ‘Windows’ button and click Control Panel in the right-hand column.
You’ve now reached the ‘How often do you want to back up?’ page, where you can set up a schedule for regular back-ups. This is highly recommended – it’s very easy to forget to do a back-up.
Then click Back up your computer on the ‘System and Security’ menu.
Make your choices and then click OK.
24
2016
CYBERSECURITY AWARENESS
AVOID BEING A VICTIM The most experienced online experts still somehow become victims of hackers, so don’t beat yourself up about it if it happens to you. There are, however, ways to lessen your chances of getting caught off guard.
t is impossible to keep track of the sites you visit in a day, so when you become a victim of hacking you might not know exactly when you were infiltrated. Even the most cautious techies fall prey to being hacked. THERE ARE WAYS TO DIMINISH THE CHANCES: 1. A lways have a unique, strong password. You should include a sentence if you can, for example: I Like Strong Passwords So I Cant Get Hacked (take the first letters from a sentence that you are familiar with and create the password) ILSPSICGH, also use a symbol and a number to make it more complex. Using birthdays, family names and easily guessed names are not a great idea. If you are being hacked the spy already has all your personal information so guessing passwords becomes easier for them. Update your passwords regularly as well. 2. L og out of all your accounts: Never close your computer with all you’re accounts open, your laptop does not automatically log you off, Leaving your
accounts open is a hacker’s paradise. Try not to make it too easy for them to get into your personal details. 3. Make sure you log on to the right website: Phishing scams use URLs that are so close to the popular ones. One mistype and you are entering a false page. The pages are also designed to replicate the original. Always check the web address. 4. Never click on links that you are not familiar with: Spam e-mails are the biggest culprits, if you do not recognise the sender, delete the e-mail immediately. If it does not look legitimate do not click on the links or download attachments. 5. Don’t download from unknown sites: If you are prompted to download free information, movies or printables rather give it a miss. This is the quickest way for hackers to get into your computer. If you want to check if the site is trustable they should have a download policy. If they do not then, don’t take a chance. 2016
25
MOVING SOUTH AFRICA TO A HIGHER LEVEL OF INTERNET SAFETY
Department Of Telecommunications & Postal Services CyberSecurity Campaign
MOVING SOUTH AFRICA TO A HIGHER LEVEL OF INTERNET SAFETY