Expert Article by: Nicolai Solling, Director of Technology Services at help AG
Identity theft is a growing concern for internet users in the Middle East. As a number of traditional services related to banking, insurance and healthcare find their way onto web portals, the number of subscribers to such e-services continues to grow steadily. And while this transition to the online deployment greatly simplifies mundane day-to-day processes, it also opens up the floodgates to a number of security vulnerabilities.
The problem is that internet users across the Middle East are eagerly subscribing to online services without paying much attention to the underlying security implications. And cyber criminals are equally eager to cash in on this growing trend. With financial gain being the prime motivation behind such activities, victims of online identity theft stand to suffer substantial monetary losses.
Smartphone adoption is also a key contributor to the growing rate of identity theft incidents. Smartphone penetration in the United Arab Emirates is already at 47 percent and is estimated to cross 70 percent by the end of 2016. Other countries across the Middle East are also expected to see voluminous increase in smartphone sales. Consumers typically use such devices for active engagement in social media and research has shown these users to be at a much higher risk of identity fraud. Banks in the Middle East have also been aggressively promoting smartphone apps for their banking services. The main problem with this is that as a tradeoff for ease of use and quick connectivity, smartphone users tend to be less careful about securing their devices, making them easy targets for cyber criminals.
As the volume and sophistication of malware attacks continues to increase, internet uses in the Middle East need to take proactive measures to protect themselves. Awareness is key to this and here are some useful tips to keep identity thieves at bay!
Lets start with the endpoint
Always use an endpoint (PC) that you trust for doing any transactions that require you to login to identity sensitive services. Unknown machines, such as at internet cafés, could be infected by all kinds of applications which monitor which sites you visit, what keys you enter etc. To be safe, simply wait and use e-banking only when you are at your own PC. Or even better, use an un-rooted or non-jailbroken tablet as malware on these type of platforms are few and still relatively unsophisticated.
Prioritize your password
As obvious as it may seem, the importance of the password cannot be stressed enough. Passwords are the first line of defence and they need to be unique! Quite often people think up a good password and then use it for multiple services and accounts. But you need to keep in mind that each of these accounts will store your password which means that somewhere, someone has access to your sensitive information. And do you really want the administrator of your car-forum or e-mail service to also know the password for your bank account?
How serious is the issue of maintaining unique passwords? Very serious and the recent hacking of the LinkedIn password database is proof of this. In a single attack, hackers managed to steal 6.5 million passwords from the business-networking giant. Although the primary concern for users is to secure the LinkedIn account from misuse, there are more widespread security implication for uses who have reused this password as it now means that their other accounts are at risk as well.
Its also advisable to change your password frequent for critical services. A good password should consist of both characters, numbers and special characters to avoid dictionary attacks.
Most browsers today are vulnerable to cross-site-request-forgery or cross-browser-request-forgery, which means that your authenticated session for an e-banking service could be hijacked by another website which is open in another browser window.
To overcome this, close other browser windows when you log into your sensitive applications! A simple precautionary measure would be to make sure that no other tabs or browser windows are open at the same time.
Think about the network
Many establishments such as cafés, restaurants and hotels often offer free wireless internet. In order to simplify access to such networks, there is no encryption of the data-traffic meaning far less security. Always consider if it is absolutely vital to log on to identity sensitive applications from these networks.
Update and Protect
It should be something we all know, but keeping the security systems on your operating system up to date is very important. Antivirus and security patches should always be up to date in order to avoid infections and attacks.
Furthermore, remember that it is not only the operating system that present risk but also your applications. In fact a high percentage of all malware infections on a PC is related to 5 applications:
– MS Office Suite
– Internet Explorer
So apart from updating operating systems and antiviruses it is extremely important to keep your applications up-to-date.
Kick out malware with a Boot
Many users tends to just hibernate or sleep PCs which means that all disk and memory sensitive areas are stored and re-applied when the machine is started again. This is of course convenient, but recent types of malware are only present in the memory and do not require any files to be written. This means that when a machine is booted the malware is also removed. Therefore, before you do any sensitive work on your PC it could be a good idea to boot it.
When everything else fails, apply common sense
Although the threat landscape today is immense and there are many different infection vectors the biggest issue is still user behaviour. The adage, ‘prevention is better than cure’ holds particularly true in this regard.
Think about which websites you use, which software you install and who wrote it. If you are constantly installing untrustworthy software or even software that is pirated, you are exposing yourself to risks. Never execute files from any unknown source, and remember that almost all files are executable, including films, music, documents, PDFs- the list is long. So the next time a friend gives you the latest blockbuster movie it is not only a copyright issue, but also additional risk that you are exposing yourself to.
While statistics offer a grim warning, they are all to often ignored. Internet users seem to adopt the ‘that will never be me’ mentality until the worst has occurred. Being smart and even a bit overly cautious is a far better alternative to months of even years of unnecessary trouble. Protecting your online identity starts with you- and its time to take charge!