Obsessed with technology?
Subscribe to the latest tech news as well as exciting promotions from us and our partners!
By subscribing, you indicate that you have read & understood the SPH's Privacy Policy and PDPA Statement.
Tech Guides

This is how people like you are getting hacked

By Team HardwareZone - 5 Aug 2017

Advice from the experts

From left to right: Chee Choon Hong (Norton), Nick FitzGerald (ESET), David Freer (Intel Security), Keshav Dhakad (Microsoft Asia).

Advice from the experts

Expert opinion on how to protect your digital life

What’s one thing about online security that you wish most people knew?

Looking around, many Singaporeans are tech-savvy and fairly confident about their online security behaviour. Yet, many users are falling into the common password trap – whether it is sharing of passwords or not using a secure password.

According to the latest Norton Cybersecurity Insights Report, one in five Singaporeans share passwords to their email, social media and even banking accounts. These accounts hold valuable personal data and could easily lead to bigger problems if they fall into the wrong hands. Furthermore, many users are guilty of re-using similar passwords for multiple accounts – cyber attackers are well aware of this and will take advantage of it.

As such, users need to pay particular attention to the passwords they use and make them as complex and unique as possible. Passwords for each device and online accounts should be different and unrelated as far as possible. While it may seem difficult trying to remember complicated passwords, this can save users a lot of time and frustration. According to the report, online crime victims in Singapore lose an average of 20 hours due to the impact of online crime and an average of S$545 per person.

– Chee Choon Hong, Director, Asia Consumer Business, Norton By Symantec

What’s the biggest threat on the horizon that worries you?

The generally appalling state of security of many Internet of Things (IoT) devices has been of concern for some time now, but it has largely been seen as a theoretical, rather than an actual, threat.

However, in the final few days of September, computer security journalist Brian Krebs had his website knocked offline by one of the largest DDoS attacks seen to date. The volume of traffic involved in the attack was so great that the commercial DDoS mitigation service that was protecting Krebs’ site, free of charge, had to pull the plug on that arrangement.

A large proportion of the traffic attacking Krebs’ site was generated by IoT devices. Due to stupid and irresponsible design of these mostly consumer-grade routers, DVRs, IP cameras and such, the criminals behind this DDoS attack have been able to commandeer many tens of thousands of these devices into botnets able to challenge the capabilities of the largest anti-DDoS service providers.

That is a chilling consideration given the immense amount of good an open and free internet promises to provide for political activists, investigative journalists, and anyone else who may become the target of a competitor or opponent. The internet just got a little darker and dirtier.

– Nick FitzGerald, Senior Research Fellow, ESET

What are the first things you personally do to secure a new PC, tablet or smartphone?

The moment you unbox your phone, ensure that your operating system (OS) is up to date. Additionally, ensure that any pre-installed applications and applications that you download are also of the latest version. Updates help to patch vulnerabilities that expose your device to cybersecurity risks such as ransomware and malware.

Also ensure that robust antivirus software is installed on your device. Antivirus software can help scan for, detect, quarantine and delete cyberthreats before it has a chance to infect your system. Also, make sure your security software is set to automatically update so you always have the latest protection.

– David Freer, Vice President, Consumer, APAC, Intel Security

What should you do if you think your device has been compromised?

If you think your device has been compromised, you should act swiftly to rectify the issue:

  • You must ensure that you have genuine, current and updated software in place to support your fundamental computer hygiene. Ensure that your security software is updated to help you monitor, detect and remove malware threats in a timely manner. Post-full update, restart your device and run a full scan.
  • Check if you have any vulnerable/unwanted software on your PC. Your security software should alert you to vulnerable software on your PC, which you should update immediately. Software that is not updated leaves your PC open to infections, which will keep recurring no matter how many times your security software cleans up.
  • Download the Microsoft Safety Scanner or Windows Defender Offline on a non-infected PC and save the file into a USB flash drive. Run either program on the PC that has been compromised.
  • Install and run Microsoft’s free Malicious Software Removal Tool (MSRT) that checks your computer for infections by specific and prevalent malicious software, and helps to remove the infection. Microsoft releases an updated version of this tool on the 2nd Tuesday of each month.
  • If none of the above steps work, you should restore your PC from a backup version.

– Keshav Dhakad, Regional Director, Digital Crimes Unit, Microsoft Asia

This article was first published in the November 2016 issue of HWM. Subscribe today.