"By taking a few simple precautions, you can protect yourself against 99% of threats"
We contribute to safe and convenient digital living with secure domains, online security solutions and digital identities. And by doing important research. Recently, for example, we surveyed 512 businesses and 20,195 consumers to gather data on trends in online security and e-identity. The survey findings were then discussed with a panel of experts, including Maria Genova.
Maria Genova is science journalist and author of numerous books about cybercrime, hackers and identity fraud. She's also a frequent speaker on the topic.
How did you become an expert on cybercrime?
"My interest began when I first read about identity fraud and realised that I actually knew very little about it. So I started researching the topic and spoke to victims and ethical hackers. Like most people, I didn't really believe that I could ever fall victim myself. I thought that I simply wasn't interesting enough. It was only when I started talking to hackers that I realised how easy it is to hack someone."
What caught your eye in the trend survey?
"For me, the main takeaway is that most people still aren't really aware of the risks presented by cybercrime. There's a particular lack of awareness amongst small businesses. Just as I used to, people think it won't happen to them. Often, people also have too much faith in ICT systems, although many SMEs don't have the knowledge or the resources to put effective security in place. I often hear about people forwarding dodgy-looking e-mail to their work addresses, believing that the company system will filter out anything with malware. Only for their faith in the technology to get them into trouble. And simple ignorance of the dangers remains a problem. People are still clicking on unsafe links and failing to recognise phishing e-mails for what they are."
Why do you think that there's so little awareness? Isn't the subject getting enough exposure?
"I think it's because incidents are rarely reported, even though there are plenty of them. As many as one business in three gets hit by cybercrime. There's no reluctance in the media to report incidents, but most businesses would rather keep them quiet. They're worried about what people will think. If crooks break in and steal from a company's warehouse, that's on the news, but if they crack the company's digital security and steal data, it's hushed up for the sake of the company's image."
What the h@ck? Maria Genova has written various Dutch-language books about cybercrime for adults and children. Her latest title, What the h@ck!, for children and their parents can be downloaded free from her website.
What's the main thing that people should be aware of?
"That literally every business is nowadays an IT business. I went on a TV show with a farmer who had been hacked. Of course, that didn't affect the cattle; the farm carried on running. But all the manure disposal records were lost, so the farm was at risk of being hit by hefty fines. The penalties for failing to keep proper records can be enough to bankrupt a farmer. And all because of clicking on one unsafe link."
Is the problem of cybercrime getting better or worse?
"Worse, I should say. Partly because cybercrime is getting cheaper. There was a time when hackers needed to know something about IT and programming. Nowadays, you can buy hacking software for a few euros. Cybercrime is cheap and easy, and there's not much risk of getting caught. Another factor is the rise of the Internet of Things. More and more of our household devices are connected to the internet. And lots of them are shockingly easy to hack. Just visit insecam.org, where you can see live images from thousands of security cameras all over the world. You enter a country or a city, and you can watch what's going on in homes and businesses there."
On the expert panel, there was a lot of discussion about whose responsibility it is to do something about cybercrime. What do you think: is it the user's responsibility, the industry's or the government's?
"I think that there's a lot that consumers can and should do. But that's only because the industry and the state are shirking their responsibilities. Most IT products are faulty; they need repairing or updating all the time. You wouldn't stand for that with a washing machine or a car. And the government could do much more. The duty to report data leaks and the GDPR are all very well, but they count for nothing if they aren't enforced. The police are all but powerless against cybercriminals. It makes me really angry. People's businesses are going under because they've been hacked, and it's simply unacceptable that the culprits get off scott free. However, I think it's mainly in the field of public information that the government could do more. They're always talking about twenty-first-century skills, but they hardly mention security. My children have been to several schools, but they've never been taught about cybersecurity. Even though modern kids are on the internet all day long."
You'd expect youngsters to have better digital skills than adults. Is that the case?
"According to the trend survey, security awareness is low amongst both youngsters and adults. However, they have different habits, so they're exposed to different risks. Young people are much more likely to share privacy-sensitive information. But adults make more use of e-mail and consequently click more untrustworthy links."
A depressing picture. But what can we do about it?
"First, we need to make people aware of the risks presented by cybercrime. I try to do my bit in that regard, with my books and talks. But it's going to take a lot more than one course or advertising campaign. Awareness is something that requires constant work. Things develop quickly and scammers are constantly coming up with new tricks. However, once you recognise the importance of security, you can protect yourself against 99 per cent of threats by taking a few simple precautions. In that respect, I don't think the situation is depressing at all."
Download our survey reportRead the full survey of the Dutch report. An English-language version of the report will be available soon.
Can you give some examples of simple things that people can do?
"I could give you lots of examples! But here are a few of the key things. First, always use strong passwords. A good idea is to use a sentence like 'I have 1 cat and 2 dogs!' It's easy to remember and hard for hackers to crack. Of course, you'd soon get confused if you had a different sentence like that for every site and app that you use. But you can get around that by assigning a letter to each of them. So, you might shorten 'dogs' to 'd' and follow it with the site's letter. For example, 'Ihave1catand2dN!’ for Netflix and 'Ihave1catand2dE!' for eBay. Alternatively, you can use a password manager. It takes you a few minutes to set up, and then you only have to remember one password. Whenever a service offers two-factor authentication, use it. Two-factor authentication is usually enabled by ticking an option in your settings, and it's much more secure. Another tip for anyone who values their privacy is not to use your Facebook log-in for other services. It's convenient, but it means sharing data. I'd also advise people to do updates straight away. Otherwise your computer or mobile is vulnerable to hacks, because updates often address security flaws. And, finally, never click a link you're not sure about."