TCF Logo

Published Wednesday 20 Oct 2021


It’s Cyber Smart week again and never has it been more important to focus on the problem that exists between chair and keyboard – the user.

 

Software solutions, like firewalls and anti-virus applications, have worked well at preventing hackers from accessing our networks. So well, in fact, that the preferred vector for infecting your computer these days is, well, you. Users clicking on links and opening things up is about the only way ransomware, viruses and all the rest get into your computers these days and that’s both a curse and a blessing. 

 

In the first case, it’s a curse because of course we’ve trained everyone up to do exactly that – open attachments, click on links, download apps. It’s what the internet was built for (not really, but that’s what it’s become) and unfortunately security was not baked in. There’s no double-check system, no assessment of risk prior to opening a link – you just click and wammo! It’s done. 

 

But that’s also the solution to the problem. You have to choose to click on a link, or download something, and that gives you a critical decision-making point about whether or not this is a good idea. You are the human firewall, and you are the last line of defence between your network and the potentially nasty outside world. 

 

Of course, computers come in many shapes and sizes these days and the most popular and widespread is the mobile device. The Commerce Commission says there are more than six million mobile devices in use in Aotearoa at any given time. Not bad for a nation of only five million people, but that’s a lot of potential attack vectors to consider, and when you factor in everyone working from home, studying from home, entertaining from home, there’s even more risk than usual. 

 

Mobile devices (phones, tablets and all the rest) are a newly emerging problem in this regard. We’re used to having software to protect us on laptops and PCs but what about our mobiles? There’s a clear rise in the number of security apps you can install but likewise there’s a rise in the use of mobiles to gain access to your network.  

 

Of course, these days a lot of us use our mobile phones for everything from messaging (email, text, app-based and all the rest) to video calls, playing music, playing games, reading books, finding our way, ordering food, booking accommodation, banking and much more. This means the ‘network’ we’re protecting is in our pocket is much more personal to us as individuals and with access to address books, banking apps and so much more, any damage done can be catastrophic. 

 

Just last month we saw the “Flubot” text message scam hit New Zealand users at a time when we were most vulnerable to it. Flubot sends a message to your mobile claiming to be from a courier firm about a late delivery. Click on the link to find out more, it promised, but users were asked to download an app that then sent the same scam to all members of your address book and tried to scam you out of money to ‘release’ the package. 

 

Unfortunately, many people did click on the link – and who can blame them when you are in Level 3 and a courier delivery can be the highlight of your day. But some went so far as to hand over money (and in a digital world that means also your credentials – giving the thieves access to your account details). 

 

To survive out there you need to develop a particular set of skills. You must be canny to the ways of the ratbag hackers, ensure your data is kept as securely as possible and you should always double check before you click on that link. Have a look at the spelling – does it sound right? Is the link to the actual company or some short, strange looking thing that could be anything? Does your provider use this kind of language?  

 

Consider getting a password manager so you can make your “Summer2021” passwords into something unguessable like “AofEA@fXhf7K” and remember to never share passwords between accounts. 

 

But above all, learn to be that human firewall and if there’s any doubt about the site or the app or even the link, don’t click. 

 

Click here for more information on how to keep yourself and your information safe online.  

 

By Paul Brislen, TCF CEO