Being Cyber Aware

Image of person
Ciaran Cunningham

Ciaran Cunningham is our Head of IT and following a number of high-profile cyber attacks this year, he spearheaded our adoption of a cyber secure solution to mobile phone use, the first ETB in the country to do so and recently highlighted in the Irish Times. In this blog, our final one of 2021, he highlights what cyber attacks are and offers some tips for avoiding them.

We are all spending more and more time online. Whether it’s email for work, taxing your car, booking a holiday, posting on social media or shopping for Christmas, being online is now an integral part of how we interact with the wider world.

Cyber crime has been around since the early days of the internet but since lockdown with many of us working from home, the opportunity for hackers to steal our data and our money has increased exponentially. Current statistics show that cybercrime has risen by 600% during COVID-19 Pandemic.

Cyber attacks come in many forms. The most common which affect users are;

  • Malware – a type of software (Virus, Spyware, Ransomware) intentionally designed to cause damage to your computer. This may run in the background and trigger a Ransomware event, locking you out of all your files until you pay a ransom.
  • Phishing – where you are contacted by email, telephone (Vishing) or text message (Smishing) by someone posing as a legitimate institution to lure you into giving away sensitive data such as your banking details, credit card numbers, or account passwords.
  • Man-in-the-Middle Attacks – a type of eavesdropping attack, where someone interrupts your conversation or data transfer. The attacker may pretend to be the person or company you think you are dealing with.
  • Password Attack – where the criminal may access your password by either social engineering, brute force or by simply guessing. If you are unlucky to get caught by one of the above, you risk losing much more than access to your data. You could lose your life’s savings or even your job.

‘THE HSE ransomware attack started when a single user opened a malicious Excel attachment in their email’

There is no 100% method of preventing a cyber attack. The criminals are working full-time and are always looking for weaknesses in systems and software so they can develop new tactics to access your data. Donegal ETB employs a number of tools which hopefully will prevent such attacks but education and awareness are the most important tools of all. We depend on the end user, our staff, to be our first line of defence.

As part of our ongoing Cyber Awareness campaign, Donegal ETB has;

  • Enabled 2 Step Verification on all user accounts.
  • Enforced strong password control.
  • Run Simulated Phishing Campaigns and Awareness training.
  • Deployed a security app to protect our mobile handsets.

How can you Stay Safe Online?

  • Never click on unsafe links: Avoid clicking on links in spam messages or on unknown websites. If you click on malicious links, an automatic download could be started, which could lead to your computer being infected.
  • Avoid disclosing personal information: If you receive a call, text message, or email from an untrusted source requesting personal information, do not reply. Cybercriminals who are planning a ransomware attack might try to collect personal information in advance, which is then used to tailor phishing messages specifically to you.
  • Don’t open suspicious email attachments: Ransomware can also find its way to your device through email attachments. Avoid opening any dubious-looking attachments. To make sure the email is trustworthy, pay close attention to the sender and check that the address is correct.
  • Only download from known and trusted sources: Never download software or media files from unknown sites. If purchasing online, make sure that the browser address bar of the page you are visiting uses “https://” instead of “http://”. A shield or lock symbol in the address bar can also indicate that the page is secure.
  • Enable 2-Step Verification on your email accounts. This should also be enabled on your personal email account.
  • Social Media: Think before you post. If you get a friend request on Facebook from someone you are already friends with, stop, this is likely to be a fake account. Pause before you play online games. Consider what they are asking you – your first pet’s name, your mother’s maiden name? Your answers may be used to hack your account.
  • AntiVirus: Install antivirus software on your computer and your phone.
  • Passwords: Do not use the same password on all the sites you login to. Try using a phrase or a line from a song you know as a password such as, DownAlongTheRockyShores, you will find this easier to remember.
  • Smartphone: A smartphone is a small powerful computer. All of the tips above also apply to your online activities on your phone. Be careful of text messages with links.

If you do click and are prompted to login to your account. Close and delete the message. Please remember, Cyber Security is not just the responsibility of your IT Department. If you get hacked,

  • it’s your data that may be deleted,
  • it’s your money that may be stolen,
  • it’s your job that may be at risk.

If your computer is infected by ransomware, it’s highly likely the IT Department will not be able to help. If you or your business pay a ransom, it’s likely the criminals will come back for more.

Being careful online is your personal responsibility. It’s no longer acceptable to use the excuse that you are not IT savvy. Going online without understanding the basics of how the internet works is like getting behind the wheel of your car without knowing the rules of the road.

Keep in mind the wise words of the 16th President of the USA, Abraham Lincoln –

“Don’t believe everything you read on the internet”