Tuesday, March 14, 2017

Financial Cyber Security: The Series

Dear all,

This topic has actually been something that I feel quite passionately about. I think cyber security is a very serious issue, and unfortunately, the people that are the least able to effectively deal with cyber security are individuals.

Why? Individuals are the most likely to lack time, resources (including money) and technical knowledge to effectively deal with cyber security. Compare this to an organization, where there are dedicated staff with the technical knowledge and the enterprise-grade software and hardware to help them prevent costly cyber attacks. Companies spend money on cyber security, not because they want to, but because succumbing to a cyber attack can be very costly. Obviously, this applies to individuals as well, but it is somehow very rarely talked about.


While cyber security is actually a VERY BROAD problem affecting pretty much almost everybody that you can think of, the reason why I want to talk about it here, on my personal finance blog is because cyber security also has a real, direct effect to your financial security.

Have you never seen or felt any cyber security failures before?

Friends who have got hacked send out virus emails, or have weird activities and requests from their social media?

Emails appear in your inbox asking you to follow the link to reset your password?

Your own device, or others' device that have been locked by ransomware?


I'm sure you have definitely experienced some of this first-hand. Let's be honest here, I have too. Recently a hacker from Venezuela hacked my password and gained access into one of my accounts. I had a real-life online battle with him about who could take control of the account faster. He had sneakily replaced my mobile number and authenticated his device so that he could take over my account with his new "authentication". It was lucky that I was checking my email at the time of the hacking, or else my account would have been lost. Not only did my account have personal information about me, it also had my credit card details!

I've also seen phishing + malware attacks happen in real life, where an attacker directed the target over the phone through a phony website to get scammed. I recognized the weird behaviour and I stopped the target and took over the phone and engaged the attacker. It was clearly an foreign voice. Upon further investigation, the target's computer was found to be infected and the scam was prevented and reported. The funny thing about the police's reponse? "Since no money was actually stolen, it is very hard for us to pursue this case because nothing is missing".

The morale of the story: Cyber attacks can originate from anywhere (internal and external) and can come from anywhere in the world!


At the end of the day, it's not the police's fault for not being able to recover money or information lost during a cyber attack. The responsibility lies entirely with the person who owns those assets to protect it properly.

Your ibanking login credentials? Your email account? Your email account linked to your ibanking that is used to reset your password?

The responsibility of all of that belongs to you.

If someone is able to log into your account from the username and password you wrote down on a post it note and transfer away your money, it is really hard to blame anyone except yourself.

I hope that with this series of post that I am planning to do, I can share with everyone what are the things that I personally have done to improve my cyber security, along with useful suggestions. I've been wanting to do this for a long time and I first talked about it back in Nov 2015.. wow, blast from the past!

What do you guys think of this series? Let me know if there are any things that you would like me to blog about and I'll see if I can include it! Kind in mind, I'm not a technical expert in this field, but I'll try my best!

3 comments:

  1. Hi there,

    I am curious when you wrote that a hacker hacked into your account. Was it a bank account or email account?

    By the way, hope you can share a series on cyber security. I guess it will be useful for the community. Thank you in advance.

    Regards,
    Gerald
    www.sgwealthbuilder.com

    ReplyDelete
    Replies
    1. Hi Gerald,

      It was actually my AirBnb account. I'm not sure if it was caused by a leak on the Airbnb back-end (Heartbleed bug, data breach, etc), if it was brute-forced attacked or if another site that I use the same credentials with got compromised as well.

      My mistake was that I used the same passwords for all these kind of "Other" websites. I highly suspect that one of the nonsense websites that I had registered an account with had their database hacked and hackers were just trying their luck with the stolen credentials on larger websites.

      The morale of the story is not to re-use passwords, because if one falls, the rest will too!

      Heh, I hope whatever I share will be useful!

      Delete
  2. Hi GMGH,
    This is very good, look forward to more cyber security articles from you. It can be really mind-boggling to manage all the passwords to all types of accounts. btw, any good email service to recommend ? (besides gmail, yahoo).
    regards,
    Scorp

    ReplyDelete

Observe the house rules.