Smart But Safe: Preventing Cybercrime
‘It won’t happen to me.’ Has that thought crossed your mind when asked to safeguard your personal information? After all, changing passwords, dealing with two-factor authentication and setting up antiviral software are time-consuming and often irritating processes. But cybersecurity is an area we can’t afford to ignore as we enter the so-called Fourth Industrial Revolution. The pace of technology, including smart IP-loaded devices, is accelerating and our authorities’ regulatory processes are lagging behind. And it’s not going to stop. Consumers’ appetites for technology show no signs of slowing and cybercriminals continue developing new methods of attack.
Whether we choose to ignore it or not, cybercrime costs Australia $4.5 billion per year ($600 billion in the USA). The average cost of a cybercrime to a business in Australia is $276,323 and 60% of all targeted attacks strike small or medium businesses. But these statistics are no reason to avoid smart devices and machine learning. There are plenty of ways to safeguard your personal information and intellectual property.
For Australian government advice, visit the Canberra-based Australian Cyber Security Centre’s (ACSC) website. Created in 2014, the ACSC combines the skills of the Federal Police, Defence Intelligence Organisation, Australian Security Intelligence Organisation and the Department of Home Affairs. The Centre specifies ‘ransomware’ and ‘credential harvesting malware’ as being the two key areas for cybercrime:
- Ransomware — malware that infects your computer if you open a malicious email attachment. The malware locks all systems and files and demands that the user pays a set amount to unlock their content. It’s successful because many companies opt for the quick fix of paying the ‘ransom’ rather than pay far more to have an antifraud expert remove the malware.
- Credential harvesting malware — malware that captures your credentials as you enter your login details. Users are usually unaware that their computer is infected. As with ransomware, the malware generally finds it way on to your machine via email attachment.
What can you do?
Australian government websites such as the ACSC are teeming with cybersecurity resources, as are IT and technology companies’ sites. The extent and detail of information can be overwhelming for those with limited IT expertise. A good place to start is the ACSC’s Easy Steps Guide, designed to help you secure your online information using the following process:
- Secure your email, social media and apps
- Watch out for scam messages
- Secure your mobile and computer
- Check public Wi-Fi before connecting
If your budget allows, you can subscribe to the latest antivirus software from McAfee or Norton. Some companies offer limited free antiviral software e.g. Total AV and Avast but if you’re serious about cybersecurity you’ll need to pay.
Reporting cybercrime is a vital part of keeping regulatory bodies informed as to what everyday internet users are facing. If you need to report a cybercrime go to the ACSC’s ReportCyber page. To report a data breach, use the Notifiable Data Breach form on the Office of the Australian Information Commissioner’s website. Note that you should check the Identifying Eligible Data Breaches guide to assess the breach before reporting. In the future, cybercrime may reach a level that causes mandatory reporting of specific cybercrimes, with fines for users who choose not to cooperate.
For companies, preparing an Incident Response Plan should be a necessary part of any cybercrime risk assessment process.
The plan should include:
- preparing for a cyber incident
- detecting the threat
- assessing the level of threat and impact
- responding to the level of threat
- reviewing the process and improving the incident plan if needed.
It’s also worth being careful what you purchase. For example, of the smart devices on the market, security camera systems rank as the most hacked IoT devices. People want IP cameras; they aren’t prepared to pay top dollar but cheaper cameras are far more vulnerable to attack. Smart hubs and network-attached storage devices are next in line, followed by printers, smart TVs and smartphones. The bottom line is, when you’re tempted by cheap technology, make time to check whether the manufacturer includes any security safeguards.
Government vs Public
As many of us will continue to enter our personal credentials without due care for our intellectual property or privacy, we need to determine our own level of social responsibility. Users prefer convenience over safeguards whether for business or pleasure and that’s not going to change. For some, the fear of intellectual property theft or cost to business is enough to stop investment in smart technology. For others, technodazzle wins over security.
Maybe we trust that the government will fix cybercrime or our insurance company cover any losses. There’s certainly a grey area over where responsibility for cybercrime protection falls. On the one hand, for critical infrastructure such as power, communications systems and banking, we are tied to government supply chains and laws. On the other hand, most of us outside the IT industry are fairly clueless about how cybercrime works beyond the obvious scam emails, but that doesn’t absolve us of responsibility for our private information.
Then there’s the question of ethics. We hate the idea of the government monitoring our cyberactivity. Remote surveillance feels like a massive invasion of privacy. But if it means that our taxes go towards detecting and preventing online crime, is it worth it? A 2018 Australian study showed that participants strongly felt the need for protection of their privacy. They also had relatively low levels of trust in government data management, believing that the government is not transparent about their methods of data acquisition. The study also showed that respondents felt a relatively low need for surveillance and lacked trust in the government.
In terms of ICT used by Australian Government agencies, the ACSC states that ‘All ICT security products implementing cryptography must use ACSC-approved cryptographic algorithms and ACSC-approved cryptographic protocols.’ Most of us have little idea what that means in any detail, which means we’ll just have to trust that the government websites will safeguard our personal information.
Smart Technology is Here to Stay
As the market for IoT devices, machine learning and artificial intelligence grows, it’s easy to imagine that IoT cyberattacks will increase in tandem. But the fact remains, we crave technology – the smarter the better. Whether the Australian and global governments have the time to put realistic regulations in place remains to be seen. But we need to take responsibility for our own information too. As long as we take the time to put our own safeguards in place, we can have our smart technology and play with it.