News of two top universities in Singapore being the target of a sophisticated cyber attack would have dominated the headlines over the weekend here, but this was overshadowed the same Friday by a malicious attack that hit computers globally and locked thousands of users out.
The two attacks are different but both of them will surely get users wondering what they can do to avoid being victims of the growing cyber threat.
For a quick low-down on the ransomware attack on Friday that crippled computers, including those at hospitals in Britain, here’s a good summary from cyber security firm Sophos.
Essentially, victims find themselves locked out of their computers after hackers gain entry and encrypt the data. They ask for a ransom to return victims’ digital data (read a first-person account here).
How do you avoid being a victim? Just like there’s no surefire way to avoid being mugged, even in a safe city like Singapore, there are some ways to reduce the likelihood and limit the damage.
Here are five quick ways to do so, before you become a victim.
1. Back up your data
This goes without saying, but is a task that everyone puts off until it’s too late. These days, you have to assume your computer will be hit by malware at one point or another, so it’s prudent to have your most precious data stored somewhere secure.
You can use tools such as Acronis’ backup software or set up your own backup machine on your network attached storage (NAS) drive. Some users might prefer to have a copy on cloud services such as OneDrive or Dropbox. Bear in mind that a hacker who has access to your e-mail may also try to get into those accounts.
Just make sure you have a backup which you can turn to if your PC is locked out by ransomware.
2. Use a password that’s hard to guess
You’ll often be prompted to save passwords in both upper and lower cases, or to include numbers and even punctuation marks, which help throw off automated password guessing bots. However, the best way is probably to have a password that doesn’t resemble an English word, for example.
Definitely avoid using a name or date of birth as these things can be found out from, say, your entries in a social media account or when you inadvertently share them with another organisation. If you are allowed to, use a space in between words – it can help throw off password guessing bots.
3. Update your device software
Again, this goes without saying, but many of us don’t have the habit of doing so. It’s interesting that the latest ransomware scourge hit Windows PCs that did not patch up a vulnerability that Microsoft first offered a patch for in March.
It’s also prudent to get on the latest version of your operating system, where possible. The issue this weekend was so serious that Microsoft took the unusual step of releasing a security update for the old Windows XP, 8 and Server 2003, which the company had stopped supporting three years ago.
4. Set up two-factor authentication
If your e-mail is key to your everyday life, make sure to turn on two-factor authentication (2FA). This means that even if someone manages to steal your password, they still have to key in another pass code – usually on your phone – to get into your account.
Gmail offers this, for example, so you should have it turned on. It may be a little troublesome logging in from a new computer, but how often do you do that? It’s a small inconvenience to have to make it tougher for your account to be broken into.
5. Beware of phishing links and attachments
The phrase “phising” is a apt here because victims are often fish in a pond unwittingly biting on a bait thrown into the water by hackers.
This usually comes in the form of file attachments – fake invoices, quotations or pictures – that may come from a known contact who has been infected by the same malware.
By clicking on these files, which sometimes look genuine like a Word document or Acrobat PDF file, you immediately open a back door to a hacker. Once in, he may even be able to remotely see what you’re doing on your PC. He can, of course, lock it up and ask you to pay a ransom.
The same goes for links, which have become so sophisticated these days as users get smarter. The latest one, just a week ago, was a fake link to a Google document sent over e-mail. Clicking on what looks like an online file gives hackers access to your e-mail and address book.
No fail-safe measure
Even with these steps, there’s no guarantee you won’t fall victim to a cyber attack. You can only try to stay safe as much as possible in a connected world and minimise the chances of being a victim.
And even if you are hit by a ransomware, being prepared beforehand will make it much easier to recover your digital life.
Share with us you own useful tips to stay safe online.
