- Security TWENTY
- Women in Security
The Science and Technology Select Committee has released a report which will warn of the growing threat posed by malicious software designed to infect computers to steal bank details and identity information. It says that there is a need for governments to do more to help the public understand how to keep their personal details safe online.
Graham Cluley, senior technology consultant at Sophos has made the following comments:
“We strongly believe that greater awareness and education regarding internet threats is a key element in fighting cyber crime, and it’s encouraging to see the committee’s report not only back this idea, but also to recommend that messages need to be customised carefully for the different generations of people using the net.
“Simple, easy-to-understand language is by far the best way to help computer users understand how to protect themselves online, and we are keen supporters of the government-backed GetSafeOnline website. A key challenge however for sites and resources like this, is that they tend to be known about only by those already involved in IT security, rather than the average person in the street. The only way to change this is by a properly funded broad awareness campaign.
“A further investment we would hope to see following the report is more support for the international fight against cybercrime. A computer crime committed in Solihull could be perpetrated by a hacker based in St Petersburg, for example. Investigating crimes with an international element is inevitably costly and complicated – but as this is the nature of the criminal behaviour, it must be addressed.
“One thing which is clear from the report, is that we need an independent way of measuring the cyber threat that’s out there. Much of the data used by the report is supplied by security vendors, who – one can argue – could have a vested interest in hyping up the internet threat. To avoid such accusations, proper systems *must* be put in place to make it easy for citizens to report internet crimes and malware attacks. This could start with better training of the police force as to how cybercrime works, to make many computer users more comfortable in reporting cybercrime to their local police.”
Further information on the report can be found on Sophos’s Naked Security site at: http://nakedsecurity.sophos.com.
And comments from Quinton Watts, VP of Sales at ESET UK, who believes users can better help themselves to secure personal data and credit card info by creating a unique password for all of the sites they use.
“To keep our interaction with the internet as secure as possible, it’s essential we create strong, unique passwords for all sites. However, for most people, it can be a pain to remember one complex one, let alone several! Nevertheless, passwords are essential and one method which is effective is a ‘nursery rhyme’ technique – which will help vary the passwords you use as they are site dependent.
· Say you need a new password for Facebook. Firstly, think of your favourite song, eg. “We Found Love”.
· Use two letters from the URL www.faceboook.com (for this example we will use the first and last – F and K), take the first five letters from the song (WEFOU) and insert this into the middle of F and K to get FWEFOUK.
· To make this a really strong password, add a symbol and a number to the end of it, so then in all, you’ve got ‘FWEFOUK-1’.
· Using this same “formula” for all other sites will give you a unique password for each site, so for example your eBay password would be “EWEFOUY-1”.”
For background visit – www.parliament.uk.
Andrew Miller MP, Chair of the Commons Science and Technology Committee, said: “Despite the increasing use of malware, the internet is still a reasonably safe place to go about one’s business, provided users take a few sensible precautions. Government departments need to realise that better public information about computer safety could save huge numbers of people the hassle of having their personal details stolen. Knowledge is the best defence against fear, so the Government should focus on raising awareness of how to stay safe online -rather than scaring people about the dangers of cyber crime.”
The committee is calling on the Government to launch a prolonged awareness raising campaign to increase public understanding of personal online security. The report points out that eighty per cent of protection against cyber-attack is routine IT hygiene. Yet currently there is no single first point of advice and help for consumers and much of the information about internet security that does exist online is often technical or jargon filled.
Television exposure is crucial to gain the widest possible exposure to the safety message, the MPs believe. They also want to see more done to promote and resource the existing Government website Get Safe Online. Advice from Get Safe Online should be provided with every device capable of accessing the internet and all Government websites should link to the website and highlight the latest security updates.
Many Government services are set to move to online provision either directly or through a range of providers. The Government ‘digital by default’ policy will increasingly require those in receipt of Government benefits and services to access these online. The committee raises concerns that the scheme will be of greater use in protecting the Government against welfare fraud than the individual user against crime.
Andrew Miller MP added: “In response to this report, we are asking the Government to provide details of how they intend to engender greater trust in online products and services within the UK population. We are also demanding an assurance that the ‘digital by default’ approach will mean better and more secure, rather than merely cheaper, government services.”
It would be possible to impose statutory safety standards on software sold within the EU, similar to those imposed on vehicle manufacturers, but the MPs say they would prefer a solution based on self-regulation. The report calls on the industry to demonstrate that self-regulation is an effective way forward and that voluntary commitments can provide sufficient incentive for the industry to improve security in a fast moving competitive marketplace. If it cannot do the Government should investigate the potential for imposing statutory safety standards.