Keeping Safe Online

New Zealand’s first Cyber-Security Awareness Week is on now. It's been organised by NetSafe and the Government, with support from businesses including Microsoft and MSN New Zealand Ltd. It’s a time for everyone to work together to help all Kiwis be safer online.

Unfortunately, criminals are using the Internet to scam and cheat thousands of Kiwis each year. But a little bit of knowledge can do a lot to protect you.

Online safety matters

Crime has gone online, so we need to be smart about what the criminals are doing. Malicious software and fraudulent websites have become widespread tools of crime. They are used to get sensitive information from people – things like credit card details, passwords, and business secrets.

Once criminals have this information, they will use it for their own purposes, to try to make money at your expense. Or they might try to get at your friends and family, or your employer. Malware can also give criminals control of people’s computers. Usually people whose computers have been infected don’t even realise their computers could be rented out by underground networks to spread spam and scams to new victims.

Microsoft’s data for New Zealand shows that Kiwis continue a trend of less malware on computers than the global average, which is a good result. But there is still room for improvement. The data suggests that in New Zealand roughly 1 in 250 PCs is infected with malware. The nations with the lowest infection rates have that down to as few as 1 in 1,000. Of course, malware is only the tip of the iceberg. Much of the money and time that is wasted on cyber-crime relates to online scams that don't rely on malware.

So, what are some of the top tips to help people stay safer online?

Be alert

Scams trick people into visiting malicious websites or installing malicious software. One of the most important steps you can take to avoid these scams is to learn how to check you’re on a website you can trust.
If you are going to type in sensitive information such as passwords or credit card details, always type in the address of the website yourself. Use an https:// (with an “s” for secure) connection for these websites if you can. Check you’re on the correct website, and that it’s secure, before you start typing.

If you are going to download any software, make sure it’s something you can trust. Criminals often trick people into installing malicious software by saying it’s needed for some reason. Maybe they’ll say it’s needed to watch a movie, or that your computer has a problem. The fake software could try to trick you into paying money, and it could take control of your computer.

So make sure that you only get software from reputable services. Type in the address yourself. Check it’s what you expected before you install it.

Microsoft offers free software that can help provide an extra line of defence against scams.

Microsoft Security Essentials anti-virus software for Windows is a free download for home use.

Internet Explorer 9 includes SmartScreen to warn about suspicious websites and downloads – and it can help to protect against fraudulent software as soon when it hits the Internet, even before most anti-virus products can detect it.

Webmail services like filter more than 90% of spam emails, many of which promote scams. Using a good spam filter means you never even need to think about those scams.

You can keep track of current scams by visiting every now and then. Being alert to scams can save you a lot of money, so it’s worth taking the time.

Update all your software

Software uses some of the most advanced technology that people have invented. But this complexity also means that just about any software has some mistakes in it. Some of those mistakes can be used as a back door by criminals, to get malicious software onto computers.

It’s not just theoretical, Microsoft detects millions of attacks that try to use these vulnerabilities every year. Any software on any platform is potentially a target - whether it be Windows, Apple OSX, or Android.

To deal with this problem, the people that made the software usually provide at least a few years of free security updates to go with it. It’s really important that you apply those updates to all your software. If you're investing in new software, devices, or services, it can be worth your while to check the support lifecycle that is available before a paid upgrade is likely to be needed. Here are the categories of software that come under the heaviest attack today:

  • Web browsers (e.g., Windows Internet Explorer, Mozilla Firefox, Google Chrome, Apple Safari)
  • Web browser plug-ins (e.g., Oracle Java, Adobe Flash, Silverlight)
  • Document readers (e.g., Adobe PDF Reader, Microsoft Office)
  • Operating systems (e.g., Windows, Mac OSX, iOS, Android)

It is highly recommended to turn on automatic updates for all of them, and the latest versions of software are usually the most secure.

On a PC, turn on Microsoft update. You could consider using Secunia PSI (free for personal use) to help you make sure everything else on your PC is up to date.

Use strong passwords

Criminals use software to help them guess people’s passwords. Depending on the situation, they can make thousands of guesses very quickly. The first passwords they try are the ones that people use most often. It doesn’t take them long to try every word in a dictionary, every name, and every date. So using an unusual password is critical.

But it’s not difficult to make passwords they’ll find hard to crack.

Use a different password on each service, and change your passwords periodically.

The recent exposure of 6.4 million LinkedIn passwords provides an unfortunate but timely illustration of why good passwords count.

Use secure connections

Wireless (Wi-Fi) and public Internet is convenient, but if these connections are not secure it means your Internet traffic, including passwords, could be all too easy for criminals to see.

If it’s your network, you could be letting others use your bandwidth, to do who knows what.

Always use https:// (with the “s” for secure) for sites that support it.

For home Wi-Fi, use at least “WPA2” encryption, a strong password, and a unique name for your Wi-Fi connection. And think twice before using public computers and open Wi-Fi for sensitive transactions.

Backup important information

Backups can be invaluable if things go wrong.

You can buy a portable external hard-drive for less than $100 to use for backups. They’re simple to use, and backup software is often included with your computer.

You can also keep a copy on SkyDrive, which is a service from Microsoft that provides 7GB of cloud storage free of charge. It also has free apps that can help you keep your information in sync automatically.

More information

If you’re interested in more information on this, a PDF presentation that can be used for reading and to help others get more secure online is provided below.

NetSafe have also put together an excellent guide at Security Central.

I have also prepared a PowerPoint presentation covering the same material that you may find useful for training if you want to spread the word about online safety at your organisation.

Article by Waldo Kuipers, Corporate Affairs Manager, Microsoft New Zealand Ltd