In 2013, police in South Cambridgeshire in England took to the streets with an unexpected crime-fighting tool.
The officers wandered past houses, looking for open windows or unlocked doors, then placed balloons in people’s front rooms and kitchens. By attaching advice about home security, the police hoped to encourage people to protect their property with greater care.
Home-owners who received these inflatable prompts were in the minority in their local area – most people in towns and cities lock their doors without thinking twice. But millions of computer users around the world don’t have the same mentality about their digital devices.
In fact, many frequently expose themselves to security threats online, or fall for scams in which they mistakenly give up access to their personal information or even their bank account. Fraud is very much on the rise and the recent boom has largely been attributed to the perseverance of cyber-criminals hoping to catch us out.
Why don’t we have a door-locking mindset when it comes to computers?
If you step back and consider the downsides of being hacked, it seems absurd that we don’t. Yes, your home is filled with many valuable items, but your computer and email account likely contain intimate personal information, sensitive work documents, and even access to your finances.
In reality, anyone could fall victim to, for example, a phishing scam. Phishing involves tricking a computer user into performing some risky action that undermines all their previous security precautions. You might be sent an innocuous email – even one that looks like it has come from an organisation or individual you trust.
These emails contain links or attachments that, when clicked on, cause malicious code to be downloaded. It could be designed to sit quietly on your computer and steal passwords or banking logins – or it might actually lock your whole machine down and demand a ransom payment before returning access to you.
We know that many people aren’t aware of these threats or the means to block them because such attacks are increasingly common and successful.
The cyber-secure mindset
There are, however, practical ways in which we can better manage our digital security.
By and large, those who already have a strict, security-minded approach online are those who work in cyber-security professionally. Matthew Hickey, co-founder of UK security firm Hacker House, told me about his own home: “The level of security that we put into our computer network at home would rival that of many government agencies.”
He got some ideas for his home security practices from a guide apparently designed for employees of the US National Security Agency (NSA). “Obviously that was quite an interesting read,” he says.
Some of the precautions Hickey uses are beyond the needs of most people – including, for instance, having a “passive tap” – a special device set up to monitor all traffic leaving his home network or coming into it via the public internet. But other procedures should be commonplace for us all.
Take his suggestion that people use a separate device or smartphone when they want to check their bank account online. If your regular computer or phone gets compromised – more likely since it is used more often – then at least your money won’t be at risk.
Or how about doing regular backups and keeping the external hard drive disconnected from your computer? That way, even if your whole machine gets encrypted thanks to ransomware, your files will still be accessible – with an uninfected machine of course.
“When I designed the network at home, I thought of it as a little island,” says Hickey. “I have a beach, on the beach is where all the average internet stuff could wash up. After the beach there’s a jungle – I break down the use of my computer in different layers and I make the assumption that at some point each layer could be broken.”
Another analogy would be Winston Churchill and General Ironside’s plans for defending Britain in the event of a Nazi invasion during World War Two. They made sure the south of England was littered with pillboxes and hardened defences. Stop-lines were drawn, marking where defending forces could fall back to, concentrate their efforts and use their position in the landscape against the enemy.
Increasingly, public awareness campaigns are informing people about what those layers of security and best practices actually look like. For example, London’s Metropolitan Police recently launched a series of videos with extremely helpful advice. This includes the suggestion that users who want to access public wi-fi should download virtual private network (VPN) software – this stops anyone from observing your web traffic by snooping on wi-fi network data (a surprisingly easy feat).
Hickey, for one, acknowledges that computer security seems very complex to many people – not least because it is a minefield of jargon. However, he adds: “Ultimately, everybody has to take some level of accountability”.
For example, never assume that a device that can connect to the internet in your home does so safely. There are thousands, if not more, webcams insecurely connected to the internet because no default security was included in the product. The result is that interior views of people’s homes and offices are available to view online, almost certainly without the device owners realising.
We live in interesting times. Not long ago, wi-fi routers were also commonly distributed with no default requirement that users enter a password in order to connect to the network, for instance. That has now changed. But sadly it is only as more and more ordinary people are hit by ransomware or phishing scams that mindsets are beginning to change. We’re hopefully beginning to realise what the dangers out there really are – and how we can protect ourselves.
Those who live in big cities have done this for far longer. They might not experience a crime every day – but they don’t think twice about locking their front doors.
Author – Chris Baraniuk