'Tis the season to be secure
2007-11-05 14:44
Cape Town - Recent research has shown that South Africa's online audience has grown 120% over the past two years, and it has been predicted that at the end of 2007, 3.85 million South Africans will be online.
But as more users take to the web, online fraudsters look sure to follow, especially over the festive period.
"Most statistics say that holidays are the peak periods for hacker activity, especially around December. Often, system administrators and users are away during these periods and systems are left unattended for long periods of time. Obviously, young hackers also have more time to utilise during the holiday periods," ICT security expert Dino Covotsos tells News24.
Covotsos, MD of Telspace, a Johannesburg-based company specialising in managed security services, says from just visiting an insecure website, spyware can be installed on a user's machine without him/her even knowing it.
When surfing, a user is also often vulnerable to cross-site-scripting attacks, making it possible for the attacker to steal the user's cookies and other sensitive information.
E-mail systems have always been a great way for hackers to spread viruses and Trojans, therefore it is best to have a proper anti-virus system in place and to be weary of opening e-mails randomly, Covotsos says.
Home and corporate users are constantly being targeted through "phishing attacks" where the user is tricked into giving confidential information to a fraudulent website.
So how to keep yourself safe when online?
Apply updates as often as possible and as soon as they are
released.
Install good anti-virus software and anti-malware product.
Be cautious of programs that you install or run, ensure that they come from a legitimate source.
Stay clear of suspicious sites, never enter confidential
information on the internet which is not SSL protected. SSL (Secure Sockets Layer) provides security through certain encryption and authentication methods).
Disable any unnecessary services.
Try not to give your details out to a site unless absolutely
necessary.
Disconnect your computer from the internet when you aren't using it.
But while its imperative for users to safeguard themselves, website owners also have a responsibility to invest in enhancing security measures on their sites.
According to Covotsos, companies that are running popular Content Management Systems (CMS) and web applications are under constant attack. These attacks can range from file inclusion vulnerabilities to SQL injection attacks to expose sensitive data to the attacker.
Website owners should therefore:
Use high level SSL when any sensitive information is being
exchanged between the user and the website.
Not store entire credit card numbers from transactions; use only certain numbers from the credit card.
Database information should be encrypted and not stored in plain text.
Companies should subscribe to regular vulnerability assessments and web application assessments to find and rectify issues.
Make sure that any user information is not available to the
public via SQL injection or cross-site-scripting.
Update applications regularly.