Technology continues to drive both positive and concerning changes in our world and the need for even greater cyber-security is one of the concerns. In the LSE spirit of addressing major social problems of our time, in her latest post Sanjana Rathi clarifies some of the most common terms in the cyber-security world and presents basic ‘cyber-hygiene’ practices everyone should follow to protect their online world from cyber-attack.
“We should all be concerned about the future because we will have to spend the rest of our lives there” ~Charles F. Kettering
In 1988, the computer worm ‘Morris’ was transmitted through the Internet by a student at a reputed college in the USA, wreaking havoc in the cyber-infrastructure. The cost of recovery from the large scale attack was massive. This was the first detected large scale attack in the internet’s young history but ever since, there have been a steady series of cyber-attacks that have set a gloomy tone for the digital world that we live in.
The ‘Stuxnet Attack’ on Iran’s nuclear programme, brought about by a complex piece of malware, was an incident that reminded how lives could be jeopard-ized by such incidents. And if Stuxnet represents the intensity of impact of a cyber-attack, then the re-cent WannaCry Virus Attack on the National Health Service, in which more 700000 devices were compromised, highlights the massive scale on which these attacks can take place.
So what is Malware, Virus, Worm, Trojan, and Ransomware in cyber security?
A ‘worm’ and ‘virus’ are both malicious programs that replicate themselves through user interaction. However, a ‘virus’ causes destruction to files held locally within the computer while a worm is a standalone software.
Malware is a short-hand term for any kind of malicious software created to pilfer your personal information or harm your computer. Trojans are programs that act as a medium for backdoor attacks. Just like the Trojan horse of old, they come in an innocent package but have malicious code embedded in them.
Ransomware is a catchall term for anything- a worm, virus or Trojan- that takes control of sensitive information within a computer until the victim pays a ransom.
However, good cyber-security is not achieved purely by installing a technical program. It is an ecosystem where laws, management, skills, cooperation and technical implementation must be in harmony to be most effective. This is especially when in comes to cyber-security on a company level. Good management practices can assure accountability in case of an attack. Strong laws and policy compliance helps maintain a standard security practice in all organizations and helps build fear among attackers.
Despite the gravity of the situation and several warnings, there is still an evident gap between countries in terms of awareness, understanding, knowledge, and capacity to deploy the proper strategies, according to the latest survey by the United Nations. This calls for building awareness on cyber security issues to help netizens, organizations, and governments create a unified strategic framework for protecting against cyber-attacks.
What can we do on an individual level to maintain security?
On a personal level, we can keep our information and online-assets safe by maintaining cyber-hygiene. Cyber hygiene is defined as “the establishment and maintenance of an individual’s online safety”. It is the online analog of personal hygiene, and encapsulates the daily routines, occasional checks and general behavior required to maintain a user’s online “health”.
Some top tips to cyber hygiene include:
1. Never click a link before you authenticate the source: Before you click you can search for the source name online to check for the authenticity of the source. For example, if you see a link with an attractive title or picture on social-media sites or any networking app, don’t click on the link immediately before checking where it leads to. Be very critical as the link may contain malware!
2. Install anti-virus software that is set to automatically update and keep your computer soft-ware updated. This is important as it will allow your computer access to the security bugs fixed by the company.
3. Maintain e-mail hygiene: We use emails every day for personal and profession conversations. Therefore, maintaining good cyber hygiene while using emails will ensure all your information is safe. While it is common knowledge that strong password is needed, the two-step verification must also be activated. Also, it is important to check the sender name and email ID before opening any email or downloading any attachment.
4. Be very cautious before giving out the answer to security questions: Many websites, especially the online net banking sites ask for secret questions to retrieve the password. Sometimes, they will go to extraordinary lengths to do so. For example, if your security question was, “What is the name of your pet?”. An attacker may actually take the initiative to call you pretending to be from an NGO that takes care of Homeless Dogs, for example, and starts constructively using this conversation to discover the name of your pet. That could be enough to hack into crucial information.
5. Beware of what you share and with who you share information on a social media site: Sometimes social engineering attackers deploy fake social media profiles and connect with you to gain information on your everyday activities. Therefore, sharing appropriate information with the appropriate set of people is important.
6. Backup all the devices: In case of a ransomware attack, the backups will allow you to access all of your important documents and data.
It is not only the government, organizations, and businesses that are expected to secure our online world, we must take action to maintain our own cyber-hygiene. Just as the internet has made information readily accessible to everyone, it has also become important for every person to be critical of the information they read online, links they click, and conversation they engage in.
If you practice any cyber-hygiene not mentioned here, please comment below!
ABOUT THE AUTHOR
Sanjana Rathi is currently a Cybersecurity Research Intern at the Institute for National Security Studies, Israel and a graduate of the MSc Management of Information Systems and Digital Innovation in the Department of Management at LSE. Having done undergraduate studies in Computer Engineering and a Diploma in Cyber Law, she hopes use her knowledge and abilities to work for a safer cyberspace.