Hacking and what it means to you

Are you confident that you and your network are protected against hacking?  Are you fully up-to-speed on intrusion detection and how to deter network hacking?

Online crime now makes up half of all crime recorded in the UK and a week doesn’t seem to go by without news of another data breach or hack, either against a big corporation or an individual’s personal identity being stolen and used in some sinister way. If you are on the receiving end the consequences can be extremely severe and in many respects it is the digital equivalent of a burglary and your house being ransacked, along with your most prized possessions being taken away. Needless to say the impact can be painful, upsetting and long-lasting.

Who are hackers and what are they looking for?

The threat of being hacked comes from other people, not computers – although that is the tool they use to gain entry into your online platforms. Ultimately hackers want to break into computer systems to steal, destroy information or to change someone’s details usually without their consent or knowledge. Anyone who has a computer and is connected to the internet can be targeted and in nearly all cases it is not until after the event that the victim discovers they have been on the receiving end of being hacked; by which time it is too late to do anything.

How easy is it to be hacked?

Over the past few years the ability to hack has become a lot easier. At the outset it was a highly skilled art and the hacker needed detailed knowledge of computer security and programming languages. But as methods and software have improved so has the ease and ability to hack and like most industries it has moved with the times and is becoming automated. AutoSploit is a programme that automatically looks for vulnerable devices and once set up and running disappears into the web and hacks anything it can.

How can someone hack me and what is pshing?

As a starting point you might receive spam email or be ‘phished’ (a fraudulent attempt to gain information about you) through a fake, but very real looking website or an instant message. The aim is to discover private information about you via your computer such as usernames, passwords or credit card details. Three years ago hackers managed to shut down power stations in Ukraine with the result that 250,000 people lost their power; and it came about because employees at the plant were targeted with phishing emails that had suspect word documents attached which they opened.

How can I protect myself from being hacked?

Individuals are just as attractive to hack as a business or government website and in some cases are easier targets, so don’t be fooled into thinking it can’t happen to you.  Technology is taking us down a route where many household appliances are connected to the internet and all of them can be hacked.

But it’s not all doom and gloom because there are steps that can be taken to protect yourself and a lot of anti-hacking procedures are common sense and include:

  • Installation of antivirus and antispyware software
  • Don’t open emails you are unfamiliar with
  • Delete emails you think might be spam
  • Don’t visit websites you are unfamiliar with
  • Don’t divulge personal information in the online public domain
  • Limit the personal information you put on your social media pages
  • Monitor your ‘friends’ lists and ensure those you are connected to are real
  • Increase online security

Cyber security audit

Without doubt being prepared and having contingencies in place is the most preferable situation to be in. In the first instance a risk assessment needs to be carried out that identifies any weaknesses in your IT system and online profile. Once it is clear where and what the vulnerabilities are an in-depth report can be produced categorising the findings and recommending an appropriate risk management strategy to address solving the issues that have been identified.

Cyber strategy implementation and review

Once the mitigation strategies have been assessed, the most appropriate solution would be implemented and the strategy would then be evaluated to ensure it provided the expected results. When the security controls and safeguards have been incorporated, the security of the information, IT assets and IT services must be maintained and reviewed regularly.