Rudi Dicks, a senior specialist at BDO’s Forensics and Cyber Lab, has seen a lot when it comes to the world of online security.
Dicks specialises in offensive security, including penetration testing and vulnerability assessments, and knows what it takes to break down digital defences.
If you are concerned about keeping yourself safe online, Dicks has several fundamentals which you should follow.
Passwords and backups
Dicks said users need to make only one mistake in order for a hacker to exploit a vulnerability, and these mistakes often take the form of a misconfiguration or a lack of software updates.
An example of this is the recent Petya and WannaCry attacks, which affected users who had not updated their Windows OS with a security patch.
Brute force password cracking is another method used by attackers, and Dicks said password length was an important factor here.
It becomes exponentially more difficult to crack a password as the number of characters increase, he said.
“Simply adding .co.za to the end of your password makes it far more secure while remaining easy to remember,” said Dicks.
Users should not use the same password across multiple websites, due to the possibility of data breaches, which can cause login details to be compromised.
Password managers like LastPass are useful for maintaining a number of secure passwords which you don’t have to remember.
Dicks also stressed the importance of backups as protection against attacks.
“Make sure everything is updated and regularly back up your data. If your data is lost and your backup is secure, you can always restore your system to normal,” he said.
Users should use an encrypted hardware backup or a reliable cloud service, and should not leave their backup and active drive in the same location.
Ideally, users should store their backup drive in a fireproof safe.
Browsers and smartphones
Social engineering is an incredibly overlooked field in cybersecurity and users should be aware of attacks from scam emails, said Dicks.
Certain attacks exploit vulnerabilities in the user’s web browser, and it is important to keep your browser updated to avoid becoming a victim.
Dicks said the title of “most secure browser” changes based on what vulnerabilities are discovered and patched.
“I think Firefox and Chrome are ahead of the game, and Microsoft Edge is doing a better job than the old Internet Explorer, but there is no magic bullet and all browsers can be vulnerable if not patched,” he said.
Users must also be careful with the data they store on their smartphone and how their details are secured.
“Your smartphone is the key to the castle. When I get access to your phone, I can access everything. Smartphones are how you control your entire digital life.”
iOS and Android are constantly patching vulnerabilities in addition to monitoring their app stores for content which may conceal an attack on the user’s device, said Dicks.
He recommended that users enable two-factor authentication and keep their device secured against unwanted hardware access.
He added that smartphone users should be careful about what they download, especially third-party apps which are not listed on an app store.
Numerous smartphone file encryption apps are also effective, although if you encrypt data stored on your mobile, it is best to access the device from a PC to check if the files are encrypted.