How to keep data safe from cyberattacks

Norton blocks more than 900 million threats on an average every 100 days globally. Between January 2021 and March 2021, it blocked 49.6 million phishing attempts, 46.3 million file-based malware, 686,000 mobile malware files and 536,137 ransomware detections. To put things in the Indian context, 80% of Indians had been victims of cybercrime at some point in their lives (Norton in its 2021 Norton Cyber Safety Insights Report).

The two main concerns reported by the respondents were that their sensitive personal information would be sold to unknown parties and be used in decision-making processes without their consent (as voiced by 41% of Indian respondents) and that their personal information would be exposed in a data breach and misused by cybercriminals (as said by 40% of respondents).

We often hear about cybercrimes but continue to live under the assumption that ‘this-can-never-happen-to-me’. A big misconception, which needs our attention now.  Agrees American software company NortonLifeLock Inc that provides cybersecurity solutions.

“Consumers need to be aware that data on their internet-enabled devices is vulnerable to theft and misuse and that they need to take active steps to keep it out of the reach of cybercriminals,” says Ritesh Chopra, Director Sales and Field Marketing, India & SAARC Countries, NortonLifeLock.

Also read: Cyber-attacks: What is hybrid warfare and why is it a threat?
 
Beware of Phishing attacks:

For the past many years, phishing has continued to be the most common form of online scams today to either steal personal data, login information or install malware or spyware on the device. Cybercriminals send out fake emails and messages, which often contain a link that when clicked leads to a malicious website, compromising your device and account. A recent example being users receiving messages asking for KYC verification failing which they will lose access to their mobile number in 24 hours.

However, Airtel says it never asks users to share eKYC details/ Aadhaar numbers, download any app, call from any mobile number for verification of Airtel number or any SMS that your SIM has expired. “Phishing has been there since more than 15 years. As we become more aware, phishing techniques will become more and more sophisticated. It's the same thing as chain snatching. As long as we will wear gold there would be people who would snatch! Similarly, as long as we have digital footprint, we would have bad actors trying to phish for our data and credentials” explains Gautam Kapoor, Partner, Deloitte.

Also read: Banks engage global cos to enhance online security infra amid rising cyber attacks

Identity Theft:

Social media platforms such as Facebook and Instagram are a big fad. Call it peer pressure, feel-good factor, or show-off, we enjoy sharing some of the most important and precious moments of our lives online, without realising that someone might be keeping an eye or stealing our data for identity theft or simply selling it to prospective advertisers. All this data, including your birth date, mobile number and information such as your anniversary date, child’s name, your first school amongst others – which can be easily obtained out of the social networking profiles – can be an easy gateway to steal your identity to commit fraud.

For instance, details can be easily used to obtain a duplicate SIM which can be used to cause financial harm such as shopping or transferring funds without your knowledge. “The concept of paying for data is fairly new and without realising that our data is out there we feel it won’t cause us any trouble financially. However, identity gets stolen without even us realising it. Users do not understand any value of data being sold through various means, but indirectly can fall victim to ID theft,” explains Ritesh Chopra of NortonLifeLock.

Be cautious of the data you share online.  Whatever you post online remains there forever, even if you delete it from where it was originally posted. A digital footprint is like a digital paper trail. So, tread carefully online.
 
Also read: Malicious software spreading through WhatsApp, warns Kaspersky

Ransomware Attacks:

Just like phishing and identity theft, ransomware attacks to are designed to cause financial damage but it happens upfront. Ransomware is a form of malware that encrypts system files. In a ransomware attack, the hackers gain access to your computer or device, locks it and ask for a fee (ransom mostly in Dollars or Bitcoins) to give you back the key to unlock it. Hackers give instructions on how to pay the fees and access the decryption key.

The ransomware attacks are most prevalent amongst enterprises. It’s not a very common practice with consumers as most never end up paying.  Yet one should be cautious about this too.
 
Also read: Tech firms pledge billions to bolster cybersecurity defences, train skilled workers

Precaution and action

While the best way to protect yourself from online threats is to be mindful of what messages/emails and email attachments you open, which websites you visit, and what personal information you divulge online; there are some hygiene practices that you should adopt.
While it might be difficult for you to identify such attacks, there are some basic things you can take care of.  The first and foremost being – being cautious. The famous proverb - precaution is better than the cure - holds for these attacks too.
 
Also read: How a ransomware attack paralysed businesses globally

Device Protection:

A few things that you can do on the hardware level can be the first barrier between your data and the hacker. Be it a laptop, tablet or smartphone – always add a screen lock to gain access. Most of the new age devices support biometric lock – be it a fingerprint or face recognition. Activate it followed by not four but six-digit pin.

Experts say – four-digit pins are easy to crack, unlike six digits. Extend this pin/password protection to your important banking/wallet apps amongst others if support. Even if you lose your device and the thief can unlock the hardware, they won’t be able to access your app data right away. This could give you enough time to find your lost device or wipe your data – but only if you have turned on the ‘Find My’ feature.

Be it Apple, Google or Microsoft, all have their versions of this feature that can act as a saviour. But in most cases, for this feature to work, the device should continue to be connected to the internet.
 
Also read: Centre mulls power islands to thwart cyber, terror attacks; what are they?

Avoid clicking on unknown links

As soon as you get online, the first thing most of us are likely to do is either check our emails or browse the web. Whatever it may be of these two, chances are you might end up clicking on a malicious link. The first step is to be careful about the links you are opening. Everything that lands in your inbox might not be a genuine email meant for you.

There could be emails that impersonate your bank and create a sense of urgency, not giving you enough time to think rationally. Do not click on those links and enter your login details. Generally, phishing emails and messages will have generic greetings like ‘Dear sir or madam’ and are unlikely to address you by your name.

These also often try to create a false sense of urgency.  You should avoid reacting to such communications from unknown senders that urge you to take any sort of immediate action. If you receive such a communication from anyone with any of these tell-tale signs, do a quick background check or delete it.
 
Install updates

The malware or “malicious software” are designed to damage or gain access to your hardware without your consent. Hackers often try to leverage the weak, vulnerable patches such as defects in the operating system design, applications or software running on the hardware. To address these issues, companies are constantly updating and releasing security patches. Even the system updates aren’t just mean to introduce new features but could also fix some bugs. Be it Windows, Mac OS, Android or iOS or any other platform - be it a security patch or software update – install them without any delay.
 
2FA

Rising cyber-attacks had paved the way for multi-factor authentication, which today is accessible for almost most accounts. Be it Gmail, social media accounts like Twitter or LinkedIn, or even your banking accounts – most of them support multi-factor authentication.  

"Multi-factor is using more than one credentials to login. It is typically 'something which you know' and 'something which you have'. Passwords (something which you know) can be combined with OTP or Biometrics (something which you have) to make it multi-factor and more secure for us" explains Gautam Kapoor, Partner at Deloitte India. This can become a barrier between the hacker and your account.

If 2FA is activated, even if a cybercriminal has gained access to your passwords, it alone won’t just act as a gateway to your account. The second authentication factor will save you from being hacked. Also, if the hacker is trying to gain access to your account and you receive an OTP to log in, do not share it with anyone. Instead, consider it as a warning sign and change the password.
 
Hard to crack Password

When it comes to passwords, you have two choices – create a complicated one that is hard to remember and difficult to hack or have a simple one that is easy to remember and even easier to hack.  Using a combination of your name, date of birth, house number or digits from mobile numbers belong to the latter lot. Given the number of accounts we have, opting for a former for every single account can be a challenge.  There are dedicated password generation and storage apps that you can use. “Any password which is changed please make sure that you're keeping a very complex password. And there are techniques to remember complex passwords as well. The password can be your favourite song or a favourite phrase of yours” adds Gautam Kapoor of Deloitte.  
 
Cookie selection:

What you do on a website should be your business and nobody else. But that’s not how it works. There are third-party tracking cookies that can cause security concerns, as they make it easier for parties you don’t know to watch your online activities.

But not all cookies are bad. Different types of cookies keep track of different online activities. Session cookies are used only when a person is actively navigating a website; once you leave the site, the session cookies disappear.

Authentication cookies track whether a user is logged in, and if so, under what name. Tracking cookies are used to create long-term records of multiple visits to the same site. The simple solution to get around this problem is to limit or block third-party and tracking cookies while allowing us to carry our online activities. “India doesn't have a cookie framework. This cookie acceptance is coming more from Europe’s GDPR. Europeans believe cookies give away a lot of private information about an individual and his or her browsing habits,” adds Gautam Kapoor.
 
Safe Banking

Banking online is convenient, especially given the current scenario. But we must bring some good practices from the real world into the virtual one. Just as how we lock the main door before going to sleep, we must log out of all our online sessions such as emails, social media accounts and online banking. It is recommended to have two-factor authentication while using banking apps on phone and read the terms and conditions carefully, rather than accepting them blindly. Passwords protect the banking app and if using net banking on the web browser, always do it either in Incognito mode or private mode because once the browser is closed, it does not leave any data behind.

Disclaimer: Quotes in paragraph 6 and 22 have been updated