Five things everyone should know about cybersecurity
Text by Antti Kivimäki
1. Make backups - both in the cloud and locally
Some cybercriminals try to break into your computer and lock away your data, demanding a ransom to unlock it. Ransomware can be hidden in a file you download and then only become active later. Backing up your data, both locally and in the cloud, prevents it from being held ransom.
Automated cloud backups offer the benefit of virus checks and versioning. That means that even if the last ten backup versions are all infected, a clean eleventh version could still be available.
It’s also worth making local backups yourself. From time to time, backup your important files and folders to an external hard drive or memory card. If you select the files and manage the transfer yourself, you’re less likely to back up something harmful. This might feel old-fashioned and be a bit inconvenient, but it offers significant additional security.
2. Use a payment method that lets you file a complaint if something goes wrong
When you buy something online, it can be a hassle to find all the terms of the transaction. Will you get your money back if the product is faulty or if it doesn't arrive? What’s the notification procedure? Where will the money be returned?
For extra security, make sure to use a payment method that gives you the right to complain about a problem and get a refund. If you’re using a combined debit/credit card, remember that the option to get refunded due to a complaint is usually only available when paying with the credit card.
In general, it’s best to avoid dubious online shops. If you find a very cheap offer on a strange site, it’s often actually a scam.
3. Hackers stalk remote workers – keep your work and home devices separate
Hackers use weak points in work-from-home systems to break into your employer’s IT systems. Many people work remotely on their personal computer, which can have their personal software and social media open alongside their employer’s programs and systems. Hackers can use vulnerabilities in the personal accounts and software used for leisure to get personal information and passwords, which they can then use to try and break into your employer’s systems.
It’s better to do remote work on a computer provided by your employer. This practice keeps the work separate and safe on a work computer, and you can use your own device for personal matters. Never use the same passwords on work systems and personal devices or software.
4. Be careful about the browser’s search bar and fake websites
One way to collect passwords and other sensitive information is by tricking people into using fake websites which look like the real thing. For example, you might think you’re on your bank’s webpage while you’re actually on a page that has an address ending in ‘.org’ instead of the bank’s real address, which might end in ‘.com’ or ‘.fi’.
One way you can end up in that situation is if you don’t go directly to the bank’s webpage by typing it into the address bar but instead search for it via a search engine. The first result might not be the bank’s real page but something else instead. Even if the search engine gives the correct address first, you might click on one of the other results.
Problems can also arise when a browser’s address bar has been surreptitiously converted into a search bar. Some search engine companies do this to collect data for advertisers. The result is that you aren’t taken to the address you entered but instead to a list of results from the search engine. To check if this is the case, enter a specific web address and see whether you end up on that page or get a list of search results instead.
If your address bar is a search bar, try changing it into an address bar. If you can’t, then you can try using a different browser or ask someone to help remove the advertising and tracking components from your browser.
5. Remember that your device is probably listening to you
Your smartphone and computer can record and respond to speech. That’s handy because it means you can control them with voice commands. But it also means they can be used to target advertisements to you based on what you talk about.
You can check this with an easy experiment. Just start talking about a specific topic around the device – make it something that you don't normally talk about and would never look up online, like rowan seeds or the taillights of a tractor-trailer. Then keep an eye on the ads you get and see if seeds and tractor-trailers start appearing in them.
If you are being listened to, it’s unfortunately hard to do anything about it. You can try to turn off the microphones on a computer, but that’s usually difficult or impossible on a phone, especially since you need the mic to talk during calls. A smartphone is a tightly integrated device, and it’s difficult to reliably and comprehensively switch off individual functions.
You’ve probably also allowed the phone to listen to you. Nowadays, devices and software ask permission for everything, and users generally accept these requests without reading them. You might not even be able to use a device or program without agreeing to a license agreement which allows data collection to improve your ‘customer experience’.
Mikko Kiviharju's research delves into the cybersecurity of critical infrastructure
Aalto University’s new Professor of Practice Mikko Kiviharju thinks information security should be integral to organisations and not just another software product