Member Insights: How to Secure Your Virtual World
Simon Jankowski, a cybersecurity expert, shines a light on the internet’s dark side. By Morgan M Davis
As long as faxes and emails have existed, so too have phishing scams. By now, most people know better than to send their bank account details to a stranger asking for financial support. But scammers are always looking for new victims, as well as increasingly sophisticated ways to access personal information – be that for financial gain, trade secrets, intellectual property or espionage.
We’d all like to assume that we would never personally fall for a cybersecurity attack, however, our networks are extra vulnerable in a work-from-home world. FCC member Simon Jankowski, a security director at BT Group, a communications services company, works with customers around the world to improve security, risk and compliance standards.
Jankowski spoke with The Correspondent about recent cyberattack trends and how individuals can protect themselves online.
How did you begin your career in cybersecurity?
Simon Jankowski: I have been interested in computers from a young age, pulling them apart and figuring out how they work. My first experience with security was reading Underground: Tales of Hacking, Madness and Obsession on the Electronic Frontier by Suelette Dreyfus, which covers the exploits of international hackers in the 1980s and ‘90s.
What new risks have arisen during COVID-19?
SJ: Before COVID-19, a lot of organisations had built a perimeter around their networks. With COVID-19 and work from home, people are sitting outside the network, so there needs to be a change in how we think about security controls. We’ve also seen more cyberattacks on VPNs [Virtual Private Networks] since more companies and individuals have started using them during the pandemic.
Meanwhile, more traditional attacks are still taking place. For example, a large number of attacks still originate via email in the form of malicious links or phishing campaigns that try to convince people to give personal details or money.
What are some ways we can protect ourselves?
SJ: Both individuals and companies should use VPNs, as well as a good anti-virus application and email spam filter. VPNs are important because they encrypt the traffic between your device and the VPN provider, making it harder for people to intercept or redirect.
They can also grant access to resources within your company’s networks that wouldn’t be available otherwise. However, it is important to use a trusted service, such as the one provided by your company. Be sure to research the VPN company to see who owns it and if they collect information from their users.
The average person also needs to be careful about what emails they’re opening and links they’re clicking. It is also important to pay attention to networks before connecting. Is that free Wi-Fi really safe enough for you to access your work or bank accounts?
How do we know if a Wi-Fi network is safe?
SJ: Generally, unless you control the Wi-Fi or your company does, it is best to treat it as untrusted and use something like a VPN to protect the traffic running through it. While it is generally not necessary to avoid
Wi-Fi totally if precautions are taken, there are alternatives such as using a pocket Wi-Fi with a SIM card.
The next most important thing is to keep all of your devices updated across both the operating system and applications. Learn to encrypt any external media devices to protect data against theft or loss. This is especially important if your devices contain personal, identifiable information.
There are commercial and free applications to encrypt data. Microsoft Windows (BitLocker) and macOS (FileVault) have options built into them as well.
What can we learn from the cyberattacks we’ve seen in the headlines?
SJ: Cyberattacks are taking place all the time. Within seconds of a new server going online, it is already being probed and attacked. This is a reflection of our growing societal dependence on technology. Since governments and businesses depend on these technologies, ill-intentioned people will try to use them to gain an advantage financially, professionally or politically.
Each attack reveals new methods and vulnerabilities. The lessons we learn from them can then be used to drive protection back into businesses. For example, ransomware has taught the importance of robust backup practices.
Where do you see the greatest vulnerability?
SJ: The most vulnerable targets are people. People make mistakes and can be tricked or manipulated. A large number of attacks still originate via email, where someone has replied with personal details or clicked on a link that allows a sophisticated attack to start.
It is important for organisations to invest in user education around cybersecurity. One of my greatest achievements was teaching my mum how to distinguish between a fake and a real email!
What are the red flags?
SJ: Look at the minute details. Does the website and sender’s email address match the company it claims to be from? Or is there a discrepancy? For example, “1BM” instead of “IBM”. In addition, such emails commonly have a sense of urgency, such as “your account will be charged US$1,000 unless you cancel now.”
Are governments and businesses doing enough to keep up?
SJ: These threats are emerging fast. It is essential to inform people about the potential threats. You will have noticed over the years that many organisations, such as banks, send notifications and warnings regarding fake emails or phone calls about their organisations in order to help protect their customers.
Globally, we are seeing regulations catch up with technology and threats, however, with the speed of cybercriminals, it’s challenging to keep pace.
SIMON’S TOOLKIT
Learn more and protect yourself with these resources.
KBKast
Cyber security experts explore information security on a strategic level in this podcast.
podcasts.apple.com:“KBKast”
Dark Reading
Security professionals post the latest news about cyber threats and technology trends.
darkreading.com
The Register
Your source for global tech initiatives, the latest gadgets, cutting-edge engineering.
theregister.com/security
