Dear South Africa, it is no longer okay not to understand how the internet works
Anybody familiar with technology knows the trauma of being tech support for friends and family.
More than once I’ve been tapped up by a friend or family member to fix something wrong with their PC, and you know what? I’m sick of it.
It’s not that I’m sick of helping my parents and friends – I love helping folks get closer to tech. What I am sick of, however, is the blasé approach to things like cyber security by said friends and family.
If you’re reading this and nodding your head, you’ve likely heard “Why would they hack me?” when asked why a person doesn’t have an anti-virus installed.
The truth is that a cyber criminal will hack you because they can. And yes, it really is that simple.
Consider this for a moment.
A black-hat hacker could spend months trying to bust through a bank’s security system to silently siphon off funds or they could take a scatter-shot approach and send malware to thousands of people. Say then that 1% of those people “accidentally” download the malware and the hacker guy starts recording every keystroke. Online banking passwords, Facebook profile credentials, company emails, all of it is now known to the attacker because someone clicked a link they shouldn’t have.
You’d assume that “don’t click dodgy links” is good enough advice, but it isn’t, especially when we have things like ransomware tearing through critical organisations.
To quote the late Aaron Swartz, “It’s no longer OK not to understand how the internet works”. And South Africa, that includes you.
Just this week the Department of Basic Education was hacked. I’m not saying that this was the fault of the DBE, but it should serve as a reminder that hacking is not some problem in a far away land: it is right here, too, and we should be concerned.
Ignorant citizens are ignorant employees
Following the ExPetr ransomware attacks last week I contacted ESET, the creators of the Nod32 Antivirus program to chat about cyber security and whether South Africans should be worried about cybercrime.
“People are not necessarily naive, they might just think that people don’t want their information or don’t think they’re important enough to be hacked,” director of marketing at ESET Steven Flynn tells us. “The fact of the matter is that we all have value and your data is worth something on the (black) market whether it be your credit card details, personal identifiable information, compromising pictures, security information pertaining to your family or business. That is all of value to somebody.”
I learned how much effort cyber criminals are willing to put into a hack last year when Jenny Radcliffe explained how criminals will use any means necessary to get into a target.
The point is that we are all essentially walking vulnerabilities, and assuming otherwise can be dangerous not only to you but the firm that signs your pay-cheque every month as well.
Click that suspicious link at home while browsing through memes and you might be unknowingly infecting your entire home network, even your mobile phone. The very same mobile phone you take to work everyday and connect to the office Wifi.
This is not an embellishment, either: in 2014 Ponemon (commissioned by AT&T) surveyed 618 IT professionals, and 63% of them “believe data breaches involving mobile devices occurred in their organisations.”
“I don’t think individuals realise the responsibility they have towards companies and what they’re taking in. The human side of technology is what is causing these high infection rates and I really don’t think people are taking it seriously,” chief executive officer of ESET South Africa Carey Vlaanderen told me.
And anyone typing “I don’t need to worry, I have a Mac” in the comments can stop right now. Sure, the chances of your computer being infected are lower than they are for the average Windows PC, but it might still serve as a conduit through which malware is passed through the network.
Tinfoil hats at the ready
Of course putting it like this, I expect a number of people to seriously consider disconnecting from the internet and never using it again. But that attitude is about as useful as claiming that we’re all vulnerable to sickness caused by leaving the house so we should never go outside.
The point I’m trying to make here is not that we need to be living in fear, but rather that we should all be taking greater precautions online than studies suggest we collectively do.
We need to educate ourselves and be aware that when “Aunt Gemima” sends along an email about cute cats containing a file called cats.exe, the email might, in fact, be malicious. And in case you missed it, pro tip, never open any files attached to emails that have a .exe extension – those are executable files and they are super dangerous.
The point is that the battle against malware is a constant struggle, but there are things you can do to protect against it. Just like us South Africans do in other areas of our lives, for instance by installing burglar guards and security systems that protect us from criminals, so too do we need to institute safeguards on our computers.
Internet security software is essential
The easiest way to do this at home is to make sure your software – all of your software – is up to date. These updates often contain fixes to security loopholes that could be exploited by cyber criminals, as we saw with WannaCry in May.
The next thing you should do is get a good antivirus. While many users will take issue with this “because it slows my PC down”, I would challenge you to do a bit of research. There are a number of good, free anti-virus solutions (Avast is one we’ve had great experiences with) out there and many paid solutions offer a free trial, one of which is ESET. Download and install these and run the benchmarks for yourself to see how much it impacts your system. You’ll find that there is minimal impact, if there’s even any at all.
For instance I use Sophos Home at the moment, and I know that while scanning my hard drive, my PC is slow. To solve that I only run scans when I’m not using my PC for work or games. The rest of the time I don’t even notice the AV is running but I know I have Sophos and Windows Defender protecting me.
No more excuses, South Africa. We need everyone to be onboard with this, because any cyber defence strategy is only as strong as its weakest link.[Image – CC BY SA Jason Taellious]