I’m the Press Officer for Cybersecurity at TÜV Rheinland. It’s not the easiest of jobs, since we often have to talk about highly complex topics or solutions we offer to business users. Time and again, we need to make difficult ideas as easy to understand as possible. Such as how a company can ensure its servers have enough protection against hackers, for example. So I’m not just talking about using antivirus software but about individual solutions – like the ones that are used in industrial applications. Now while the average person in the street might think this is all irrelevant to them,
it’s not, as I’ll explain. Let’s stay with our industrial customers for a minute. Here, we often talk about ‘OT’ security. OT stands for ‘operational technology’ and describes the large systems used by utility companies, for example. The cyberattack protection these systems have is very specialized and unlike that needed by, say, an office equipment wholesaler.
Cybersecurity at home: ignorance is not bliss
So what does this mean for the average consumer in day-to-day life? Well, if our utility company falls victim to a large-scale cyberattack, it’s possible that this will also take down computerized systems and result in a power outage. If we just take a minute to consider the sheer variety of electrical devices we now use, it’s easy to imagine the kinds of dangerous situations that people will then be facing.
So cybersecurity really is a practical problem. And all of us can help to make life more difficult for hackers when they plan an attack – even in a world that is now increasingly digital. Since my work often involves dealing with cybersecurity issues, I notice how people often take very little interest or care in protecting their data. Such carelessness is always at the expense of proper safeguards, however. So here are just a few examples of some important do’s and don’ts.
Lock down your wireless network
Always use the strongest encryption standard available to secure your private Wi-Fi network. Your router usually comes with a password set up by the manufacturer (typically a long string of digits). For the non-technical among us, I’d recommend simply keeping this number as-is. However, I’d advise more advanced users to change this to a complex and even longer password including alphanumeric and special characters. Whatever you do, don’t make it ‘user-friendly’. Don’t change the string of digits into a short, easily remembered password. While it might be a pain to enter a long password string into your devices, the effort is worth it. Your guests might grumble at having to type the whole thing out – but the pair of cybercriminals sitting in a car outside your house with a high-end laptop will ultimately drive away because they know they can find an easier target: your Wi-Fi password would take too long to crack.
When you work with your bank accounts on a PC, always make sure that your computer has all of the latest safety updates installed. Updates for your PC’s antivirus software in particular should always be kept up-to-date. And you should also make sure that you are running the latest version of your web browser. While plugging a network cable into your laptop beforehand is certainly the most secure approach to online banking, it’s often theoretical rather than practical, since people don’t tend to have network cables lying around – and their mobile device might not have a port anyway. Wi-Fi is normally used instead. So make sure your wireless network is as secure as possible (see above). Always use the best encryption standard available, paired with as long a password as possible. You should also use a wireless network you trust: never use a public Wi-Fi access point (at a railway station or café, for example) for online banking.
Yes, passwords are a pain. We always seem to be typing them in, everywhere we go. Even worse, we (ideally) need to use a different one each time. The password has to include letters (uppercase and lowercase), digits and special characters, and must be between 8 and 15 characters long. And we can’t use our own name, we can’t reuse one of our last ten passwords and – last but not least – we should also change it every three months. Like I said, a pain. But it’s just the way things are right now. Increasingly, we now have the option of using sentences as passwords. Like: ‘!start3dhatinglongpasswordsbackin1999!’ But please don’t use ‘Password123’.
New technologies like fingerprint scanning or face recognition have slowly started to become mainstream in recent years but are a long way from becoming standard. So if one of your devices now offers a face recognition option, you’re bound to have a couple of other devices or applications that are still using passwords. Password managers like 1password, KeePassX or LastPass are also available and now offer very high levels of encryption. These managers can be useful tools for both managing and creating passwords.
A free USB flash drive?
Sounds good, doesn’t it? A USB stick lying on the floor, in the stairwell or next to the lift. Did it fall out of someone’s bag? Would be a shame: it’s really slim and chic with tons of memory. OK, someone might have lost it. But it could also be a sophisticated trap. So don’t plug it into your computer at home or in the office. If the pen drive has malware on it, it takes just a few seconds to infect your computer with a virus, which may then quickly spread itself all over the local network. I know it’s tempting, but… just throw it away.
I could go on to list a lot more examples but I don’t want to bore you or end up giving you a lecture. The idea is just to make you a bit more aware of the fact that the next cyberattack could strike a lot closer to home than you might think. And that convenience and carelessness (online banking in the café or short passwords) are regularly exploited by criminals when executing cyberattacks. So it’s certainly worth your while to make cybersecurity more a part of your daily routine. After all, it’s less effort than would be needed to get your device back once it’s been locked with ransomware.