Government issues urgent cyber security to-do list

Cyprus’ cyber security response unit on Wednesday warned that cyberattacks and cybercrime were becoming more common, and the public needed to become more aware of how to protect their online information because criminals were always one step ahead.

“These attacks by third parties are aimed at gaining access, destroying sensitive and important information, extorting money from users or interrupting the business flow of companies,” the National Computer Security Incident Response Team (National CSIRT-CY) said.

The cyber unit, a government arm, is tasked with ensuring and enhancing cyber protection of national critical information infrastructures and to respond to such incidents when they occur. Making the public aware of the dangers is also within its mandate.

“Attackers are always well read and one step ahead,” it said in its announcement on Wednesday, adding that there were many ways people could reduce their own risk of attack and keep their data safe.

The main one, CSIRT said, was to back up personal data such as using an external hard drive or subscribe to a cloud service.

Keeping devices and apps up to date also helps and people should not ignore notifications for updates when they appear as updates are not just about adding new features, but are also about fixing vulnerabilities in a device or application that attackers could find and use to gain access to a person’s device.

People should also remove any apps they don’t use. If a device can no longer receive updates, CSIRT recommends that people invest in a newer model.

“If you are targeted by a cyber attack, you may not be able to access or use your computer, phone, or any other device. However, if you have backed up your data, you will not lose any of it, no matter what happens to your device,” it said.

Another area where most people are vulnerable is with passwords, which need to be “strong and unique”.

“We all have a lot of online accounts that are hard to remember. To combat this, many of us use the same password for all our accounts or stick to two or three different ones that we usually use. The problem with this is that if an attacker gains access to one of your account passwords, they are more likely to have access to many of your other accounts,” CSIRT said.

It recommends totally different passwords for each account created. For instance Google has  a “password manager” account that stores and manages passwords and only one login is needed to access them, the announcement said.

It is also recommended to add a combination of letters, numbers and symbols to make the passphrase more complex.

Users should also enable two-factor authentication where people can choose to send or generate a password on their device, such as a phone, which they can use to verify who you are each time they log in.

“This way, even if someone accesses the account password, they will not be able to log in to your account unless they receive a verification code,” CSIRT said.

It also recommends that people avoid sensitive transactions and use of personal accounts on any free wifi connection.

“If you’re connecting to a cafe, for example – most of the time these networks are not secure. When a network is not secure, anyone can access it and keep your data.”

Antivirus software can also help detect and remove malware and viruses from a computer. Just make sure it is from a legitimate company as many advertised online are fake and gives access to those behind the sites.

Social media is also a problem.

“Did you know that the information you post on your Facebook, Twitter, Linkedin or Instagram account could be used to steal your identity or hack your online accounts?” said CSIRT.

“We are so used to sharing things on the internet that we no longer think about it. Everyone knows your pet’s name, where you went to school, where you work and even when you are away on holiday. Unfortunately, this window into your life not only lets your friends and family know what you are doing, but also provides cybercriminals with information that they can use to gain access to your data or steal your identity.”

People should check the privacy controls on their social media accounts and adjust them to friends and families, and limit the personal information they provide online.

Fraud, spam and phishing, another issue, are used by many criminals, both online and offline, to trick unsuspecting users into giving out their personal information and/or installing malicious software on them. computers, devices or even their networks. Usually criminals do what they can to make their fraud look and sound legal, which makes it easier for users to be deceived.

“For example, a bank will never send you an email with links to log in to your personal account. If you receive any online requests for personal or financial information that you are unsure about, do a few checks before giving your details,” the announcement said.

People should also regularly check bank account transactions for suspicious activities.