CYBERCRIME: Minimise the risk of becoming a victim

What is Cybercrime?
CYBERCRIME is a term that covers a broad scope of criminal activity using a computer. Some common examples of cybercrime include identity theft, financial fraud, website defacements and cyber bullying. At an organisational level, cybercrime may involve the hacking of databases and theft of intellectual property or confidential information.

Many users think they can protect themselves, their accounts, and their computers at home with just anti-spyware and anti-virus software. At work, many employees believe that the organisation will provide all the protection needed, so they think they don’t need to be concerned about their cyber-activity. Cyber criminals are becoming more sophisticated and they are targeting consumers as well as public, private and state organisations. Therefore, additional layers of defence are needed.

An example of Cybercrime
An example of one type of cybercrime is an “account takeover.” This happens when cyber criminals compromise your computer (by getting you to click on a link for example) and install malicious software, such as “keyloggers” which record key strokes, passwords, and other private information. This in turn allows the hacker access to data using your log-in credentials. Once these criminals steal your password, they may be able to breach your work networks or, if at home, your personal online bank account. These criminals can be anywhere in the world.

What are the effects of Cybercrime?
The effects of a single, successful cyber-attack can have far-reaching implications including financial losses, theft of intellectual property and loss of customer confidence and trust. The overall monetary impact of cybercrime on society and government is estimated to be billions of dollars per year.

So . . . What can you do to minimise the risk of becoming a cybercrime victim?

1 Use strong passwords
Use unique passwords for EVERY account and avoid writing them down. If you must write them down, keep them in a secure place. Make the passwords more complicated by combining letters, numbers, special characters, and by changing them on a regular basis. NEVER share your password with anyone! Banks, credit card companies and your IT department will not ask you for your password. If someone does, do not provide it.

2 Secure your computer
(This information is for your home use only. Your IT department will take care of this on your work machines.)

– Enable your firewall
Firewalls are the first line of cyber defence; they block connections from suspicious traffic and will keep out some types of viruses and hackers.

– Use anti-virus/malware software
Prevent viruses from infecting your computer by installing and regularly updating anti-virus software.

– Block spyware attacks
Prevent spyware from infiltrating your computer by installing and updating anti-spyware software.

– Secure your mobile devices
Be aware that your mobile device is vulnerable to viruses and hackers. Download applications only from trusted sources. Do not store unnecessary or sensitive information on your mobile device. Do not store state data on any mobile device cloud services. It is also important to keep the device physically secure; millions of mobile devices are lost each year. If you do lose your device, it should immediately be reported to your mobile carrier network if this is your personal device. There are some devices that allow remote erasing of data. Be sure to keep your mobile device password protected.

– Install the latest operating system updates
Keep your applications and operating system (eg Windows, Mac, Linux) current with the latest system updates. Turn on automatic updates to prevent potential attacks on older software.

– Protect data
Use encryption for confidential data such as health records, tax returns and financial records and other confidential data that you may work with. Make regular back-ups of all your important data and store it securely.

– Protect your e-identity
Be cautious when giving out personal information such as your name, address, phone number or financial information on the Internet. DO NOT click on links that are sent to you via e-mail or respond to persons who call you asking for personal information. These could be phishing scams to get your personal information. Make sure that websites are secure especially when making online purchases (look for the https in the URL), or that you’ve enabled privacy settings (eg when accessing/using social networking sites, such as Facebook, Twitter, YouTube, etc). Once something is posted on the Internet, it may be there forever.

– Avoid being scammed
Never reply to emails that ask you to verify your information or confirm your user ID or password. Don’t click on a link or file of unknown origin. Check the source of the message; when in doubt, verify the source.

What should we do?
We can follow the above steps to minimise the risk of being a victim of cybercrime, however training and equipping yourself or your ICT Security personal is the best way to avoid cybercrime attacks. Personnel in charge of systems security for all institutions whether private or public need to be trained on ways they can avoid cyber-attacks on their systems. All citizens, consumers, and state employees should be aware of cyber threats and the actions they can take to protect their own information, as well as the information within their organisation.

The International Council of Electronic Commerce Consultants (EC-Council) provides a course called Certified Ethical Hacker (CEH) which provides skills on avoiding and fighting cybercrime. Trust Academy ICT School is currently enrolling for the internationally recognised CEH. Financial Institutions, bank personnel, criminal investigation officers, ICT personnel and all those who support systems and networks need CEH certification if they are to maintain their systems secure. The course will also help them know and understand how hackers gain access to their systems and learn ways they can avoid them.

The Trust Academy ICT School registration for the following courses offered in collaboration with the Midlands State University is also in progress:

— Diploma in Management Information Systems
— Diploma in Telecommunications
— Diploma in Network and PC Engineering

All the other ICT courses can be enrolled for throughout the year.

For more information contact: Godwishes Simbanegavi on 09-883 690/74, mobile: 0778617015,
Email: [email protected]. Or visit us at 3rd Floor, Haddon & Sly Building, Corner 8th Ave/Five Street, Bulawayo.