October is international cybersecurity awareness month. But I would suggest that every month is cybersecurity awareness month since we should at all times be on the alert against the relentless efforts of cybercriminals to exploit whomever they can through technical or non-technical means. Of note is the increasing sophistication of social engineering attacks, as well as the millions of people now working remotely from home instead of from secured office environments due to the COVID-19 pandemic. The following basic precautions can significantly reduce your risk of becoming a victim of a cyberattack.    

1. Secure yourself

The easiest way for cybercriminals to get hold of your personal information, for example, your bank account details, contact lists, passwords for apps etc, is to phish for it by email, SMS or phone.

If an email does not seem right or too good to be true or requires you to click on a link or open an attachment, stop a moment to consider whether it makes sense and if it agrees with what you would expect from the sender. Always check the email address of the sender for deviations from what you would have expected it to be. If in doubt, ignore the message or ask advice from a knowledgeable source. 

Apply similar, appropriate measures when you receive a suspicious SMS or phone call. Do not respond in a hurry because you are tired or under pressure, but stop to consider the validity of the message or call. Don’t be afraid to ask counter questions but refrain from becoming entangled in long, fruitless discussions. Instead, end the call and hang up.

2. Secure your home network  

Your Wi-Fi router is the device that you use to connect to the internet from your home. To configure it securely, you need to:

• Change the default administrator password on your router to a strong password that only you know.
• Change the default name of your Wi-Fi network (the SSID name) and set a strong password to allow only people who know this password to join your network. This password should not be the same as your administrator password.
• When the router offers you security options, select WPA2 (potentially labelled as WPA-PSK) which is the best standard for Wi-Fi network security currently available.
• Ensure that your router’s firmware is up to date using functionalities in the router software.

For advice on how to do the above, see the document ‘How to secure your personal Wi-Fi router’ on the UP website.

3. Secure your computers and devices 

• Use strong passwords or passcodes on all your devices. Experts advise that using a pin is more secure than using a swipe pattern, which may leave a fingerprint trail and is easier to guess than a passcode.
• Install and run an antivirus application on your device. Ensure that the virus definitions of the app are regularly updated.
• Ensure that updates to your device’s operating system are implemented as they become available.
• Have separate devices for work and leisure purposes, as typical behaviours for leisure activities and websites visited are potentially riskier than for work purposes.

4. Secure your accounts

• The key to secured accounts is using strong passwords – the longer, the better. Keep away from commonly used passwords, which can be found on the internet by searching for ‘the most used passwords’ or ‘the most hacked passwords’.  
• Use different passwords for different sites and use a password manager to keep track of these.
• Use two-factor authentication whenever possible. This adds another level of security and uses a PIN, your fingerprint, face or another factor, in combination with your password for identification.

5. Secure your data     

Cybercriminals are increasing their attempts to spread ransomware and doing it using very sophisticated methods and tools. When a device is infected with ransomware, all data on the device are encrypted. The user of the device is promised a decryption key on payment of a substantial ransom. However, there is no guarantee that the criminals will keep their side of the agreement.

The only sure way to prevent having to pay the ransom or losing all your data is when you have a recent backup of your data available. Making regular backups of your data will also prevent data losses due to failure of storage devices, accidental deletion of files and loss or theft of a device.