5 cybersecurity tips from Huawei's chief cybersecurity officer

Cybercrime is on the rise in Singapore, and while anti-virus and anti-malware programs are useful, they are not the only way to prevent cybersecurity breaches. People are often the weakest link in the cybersecurity chain, so changing their behaviour is key to keeping data and networks safe from hacking. Huawei’s Mr Vladimir Yordanov shared some steps that individuals and organisations can take to avoid being victims of cyberattacks.

With the increased use of cloud technologies and Internet of Things (IoT) devices, organisations and individuals are more vulnerable to cyberattacks than ever before. Last year, cybercrime cases in Singapore accounted for 16.6 percent of overall crime—up from 15.6 percent in 2016—and more than 23,420 phishing URLs with a Singapore link were detected, according to a report by the Cyber Security Agency of Singapore.

But as organisations fixate on technical tools to prevent or mitigate cyberattacks, Mr Vladimir Yordanov, chief cybersecurity officer for the Enterprise Business Group at Huawei, reminded the audience at the Cyber Safe Cyber Ready 2018 conference that a more holistic approach to cybersecurity is needed. “The weak link lies not in the technology, but rather, the people and processes [within an organisation],” he said. Here are five ways to keep cyber criminals at bay.

1. Think before you click

Many cyberattacks begin with a click. Hackers often pose as banks or other legitimate institutions and send phishing links to unsuspecting victims, requesting that they change their password or disclose personal information. Sometimes, these links are shared through highly personal channels, such as social media accounts, making them seem even more believable.

“Never click on links that look suspicious or have been sent to you through social media or messaging platforms, because 99 percent of the time, it is a phishing attack,” advised Mr Yordanov.

2. Passwords matter

Weak passwords are an age-old problem, akin to securing the front gate with a cable tie. A combination of alphabets, numbers and symbols can upgrade that cable tie into a padlock, although a determined hacker could still break a strong password. Hence, if multifactor authentication and biometric login options are available, use them. Also, don’t forget to change the default Wi-Fi names and passwords of routers in your home or organisation.

“Update and strengthen your passwords regularly and don’t share the credentials with anyone, particularly in a work place,” said Mr Yordanov, “If your company server prompts you to change your password every three to six months, change it.”

3. Say no to public Wi-Fi

Stuck in an airport, or waiting for a meeting at a coffee shop? Refrain from connecting to the public Wi-Fi network. Hackers are known to exploit security flaws in public Wi-Fi routers to intercept data being transmitted on the network.

Sometimes, what appears to be a Wi-Fi access point may in fact be a rogue hotspot, set up by hackers to eavesdrop on internet activity on mobile phones and laptops. For organisations whose employees travel frequently, Mr Yordanov recommended mandating that all work devices connect to the internet via a VPN service connection so that all data transfer is encrypted.

4. Control network access

While employees may relish the convenience of using their organisation’s Wi-Fi network to connect their personal devices to the internet, this may not be in the best interests of the organisation. Not all mobile phones and tablets have anti-virus and anti-malware programmes installed, which means hackers could piggy-back on these devices to access private servers and databases.

Hence, Mr Yordanov suggested that organisations regulate the use of personal devices on organisational networks. For personnel dealing with sensitive information, even the types of apps and data used or stored on their personal devices may need to be screened and approved.

5. Education is key

Even with the most stringent cybersecurity policies and software in place, hackers will still be able to infiltrate an organisation’s network if employees are not adequately trained to maintain cyber ‘hygiene’.

“If your company conducts cybersecurity training, join it—even if you think you are knowledgeable, don’t take chances,” Mr Yordanov said. “Remember, hackers need to be right only once, and we cannot just rely on the technology to protect us. Our actions and behaviours are the first line of defence against cyberattacks.”