Consumer cyber security has become much more user friendly and effective in recent years with technical complexity hidden behind seamless usability and easy-to-use apps. Yet a whole suite of largely invisible cyber security defences too numerous to list are available, often for free, by applying software updates.
This week we’ve covered some of the most important defences as part of Scams Awareness Week; password managers and the adoption of passphrases instead of jumbled codes; free and easy multifactor authentication; updated advice on spotting phishing attacks, and locking down your sensitive data.
Scams Awareness Week: five ways in five days to free and easy cyber security
Set your devices to automatically update. Search online for ‘end of life’ and your device make and model to see if it is still supported and secure.
An update is available
Many modern apps and devices are set by default to automatically update. Updating can apply new features, improve stability, increase security, and close dangerous flaws.
Security researchers continually find and report vulnerabilities in hardware and software. No product is immune. Good vendors will produce fixes, or patches, for these flaws and distribute them in software updates.
Many consumer products from phones to routers and gadgets will receive updates for a period of time before the manufacturer deems them end-of-life, stops fixing security flaws, and recommends customers buy a new product.
Your router, if it is relatively new and produced by a major vendor, is likely set to automatically check, download, and install updates on a regular basis.
To check if it is, load your router’s administration page. Connect your computer via an ethernet cable to your router, likely through the socket at the back labelled WAN, and type in the router’s IP address into a web browser window.
The IP address is likely underneath your router and should look like a sequence of numbers and full stops in a sequence like 192.168.1.1. The username and password required to access the admin page (not your Wi-Fi network) may also be on the underside. If not, search online for ‘default login’ followed by the make and model of your router.
Once inside, feel free to navigate around without saving any changes. You should find your software update status under general settings or admin.
Set your updates to automatic if possible and click a button to manually check for updates if it is available.
Look for a date of the last update – this might be next to or contained inside the update (firmware) file name such as tplink_abcxyz_20.03.2020.
Your router might be end of life if that date is more than a year old. You can verify by searching the internet for ‘end of life’ and the make and model of your router.
End of life routers should be replaced to ensure security. You may wish to consider replacing the router operating system instead with supported open source firmware like OpenWrt. These systems, while popular, generally have a highly technical interface and their application is a complex process that if done incorrectly could render your router inoperable.
Modern mobile phone operating systems such as Android and iOS, along with their apps, are set by default to automatically update.
You can check by going to settings and searching for updates. Open your app store and apply any updates and check any boxes to activate automatic updates.
Apple supports its line of iPhones for much longer than other manufacturers but most provide updates for their phones for two years or more. Some updates may occasionally be issued beyond that for highly critical security issues.
Microsoft now only supplies updates for Windows 8 and Windows 10 in its regular consumer operating systems, although it too occasionally issues updates for older platforms to fix the most pressing rare security issues.
Windows 10 contains a suite of built-in security controls that make computers significantly harder to hack than older Windows versions. It also offers well-performing built-in antivirus eliminating the general security requirement to purchase third party antivirus.
Apple will as of November no longer support macOS 10.13 High Sierra and instead cater to newer versions including macOS 10.15 Catalina which sports Activation Lock that helps prevent unauthorised use and erasure of disks in devices that have the Apple T2 security chip.
Additional security settings can be often found by looking around your settings. You may find options such as backups that help in the event of data loss or ransomware, a type of malware, and others that increase your security at the expense of some convenience. Try them out; you may find the new barriers worth the additional piece of mind.
Microsoft Office has similar security settings. Most malware utilises document macros as an initial step in attacks. These can be turned off if not needed to significantly increase security.
Consumers may also consider using a suite of tools called HardenTools, produced by Claudio Guarnieri, a highly-respected cyber security expert with Amnesty International. This Windows suite turns off many legitimate default features that cybercriminals commonly abuse to launch attacks. The process is reversible with the click of a button.
Organisations meanwhile can consider the deployment of Application Guard for Office, which protects macro use. It is in preview mode and available to customers who apply for access from Microsoft.
Scams Awareness Week runs from August 17 – 21. Make sure to check out our Cyber Security Hub for the latest info on staying safe from threats. Also see the ACCC’s ScamWatch podcast series on identity theft by the team at the ABC’s The Chaser.