“Cyberattacks have gone up since the pandemic began”

Whether for work or our personal lives, the security expert argues that we need to take a series of precautions in our online lives

Rifà argues for the importance of taking certain precautions when online. JUANMA RAMOS.

M.M / mmiralles@lrp.cat

A consequence of spending more time online shut up at home is the need to be secure. A recent study by tech company Fujitsu found that with the pandemic, more people opened dozens of new profiles on websites using the same password. Helena Rifà, lecturer in Computer Science, Multimedia and Telecommunications Studies at the UOC, speaks about online security.

Is teleworking safe?

The pandemic came suddenly and many companies were not prepared for teleworking, technologically or in terms of training. Along with Covid, there’s been a rise in computer attacks on individuals, because when we were locked down it meant economic activity switched to homes. They knew that people connecting to telework were easy entry points.

According to the report, many companies are still unprotected.

The company should provide a computer for work only, and these computers should not have administrator privileges to prevent people from messing with them. If you somehow let someone inside, you can crash the whole network. The fewer permissions, the less the danger. Only administrators should be allowed to install applications. All emails should be scanned for threats. Employees should not be allowed to visit certain sites that we know are harmful. Work can be done through a VPN, a virtual private network, to ensure that the home worker has a secure connection… These are some actions that can be taken, as well as updating software, having a secure antivirus system, and password policies. And there’s also training, which is very important.

We should be careful with the information we give out.

Companies need to explain to employees what information they can provide. For example, don’t give someone a password over the phone. Or if we get an unsolicited email message with an attachment, we shouldn’t open it. It’s the same with links.

Attackers do this to make money.

It’s the main motivation. Yet sometimes they have to follow many steps to achieve this. You could be a stepping stone in an attack on the business.

There are also pitfalls in our personal lives.

On a personal level, we need to protect ourselves in a similar way we would for work, such as updating the operating system and software we use. If they are up to date, most attacks will fail. Make backups and keep them offline.

One weakness of living online is more passwords.

The issue of passwords is complicated. We all know that different passwords have to be used on every website and that they have to be long. Passwords don’t have to be unintelligible, because that makes them hard to remember. But they should not be simple passwords that are easy to guess. You can use the initials of the words of a phrase, or a song, but the most important thing is that it should be long, with 12 or more characters, and that it has a pattern that will help you remember it.

And should we change them?

In the case of sensitive, high-risk services, such as the bank, yes. And if you know that an attack has taken place on Facebook, for example, go in and change it. One way to use passwords securely is using authentication, a tool for making systems more robust. For example, in order to access your email, you not only have to enter the password but also a code that you receive on your mobile phone.

And what about shopping online?

It is very unsafe to save your card details on the shop’s website. You may trust them, but the company keeps all that data in a database, and that can become a target of an attack.