When I talk about cybersecurity to students or anyone who isn’t in a tech program, the first thing that crosses their minds is hacking. It isn’t wrong, but cybersecurity is more than just “hacking” your social media.
Cyber refers to the digital world, hence, cybersecurity is simply the security of your digital life. Just as you have locks on your door to keep your assets safe, so do you set passwords on your computer and mobile phone to keep your data safe. Digital devices do not refer to phones, laptops, and tablets alone. If you look around, there are more devices such as your smartwatch, smart TV, PlayStation, Amazon Alexa, kitchen appliances, and even your EV car. Many are digitized and some are even connected to the internet.
Data breaches used to be limited to traditional IT systems where the worst one would face is emotional or financial damage. Nowadays, this isn’t the case. Cyberattacks are getting more sophisticated in a way that lead to physical harm too. For example, security cameras are one of the most common devices that get exploited and monitor the owner’s activities. Smartwatches can easily be hacked into, thus granting access to delicate information like where one has been or who they have contacted. In some cases, attackers might use your smartwatch to steal personal information such as your full name, date of birth, address, emergency contacts, etc. With this information, attackers can apply for a bank loan on your behalf or get a new credit card.
Cyberattacks are not limited to our day-to-day lives. Think of Vancouver’s transit systems and how they work. Modern transit systems like the SkyTrain use operational technology (OT) to automate and control things like train speeds and braking, signal lights and track switching, door systems, scheduling, and communication between trains and control centres. All these are managed by industrial control systems which directly interact with physical devices such as sensors, motors, and switches. In traditional IT systems, only data is handled, with no direct impact on physical devices.
Historically, these devices were isolated, but for easier maintenance and remote monitoring, they have been connected to IT networks which open attack surface (potential vulnerabilities). Since OT devices run on old and unsupported software, there are challenges in patching them. For example, some of the applications that automate braking systems can be installed only on Windows 7 or older. If an attacker finds a vulnerability there, they can tamper with the OT equipment, which might lead to SkyTrains not stopping and people onboard getting hurt.
As students dealing with technology every day, here are things you must consider to protect yourself from attacks:
- Change default passwords on your Wi-Fi routers, watches, and other devices.
- Turn off your Bluetooth or location when not in use and avoid using public Wi-Fi networks.
- Update the firmware on your smartwatches, earbuds, tablets, and other smart appliances in your house.
- Avoid installing sketchy apps that ask for unnecessary permissions.
- Look around to see what could be connected to the internet.
- Get educated about cybersecurity.
Ensure you follow these steps:
2. Always review app permissions and ensure applications are not using the features they do not need to. For example, Subway Surfer does not need access to your microphone, camera, or location.
- For Android users: Go to Settings > Apps > Application name > Permissions
- For iPhone users: Go to Settings > Privacy & Security
2. Use multi-factor authentication, as it adds a second layer of protection in case your password is compromised. Install an authenticator such as Google Authenticator, Microsoft Authenticator, Duo, or any other application you like. Download apps only from the official stores.
3. Watch out for abnormalities in your devices, such as:
- Randomly turning on and off
- Battery draining quickly
- Logins from unknown locations
- More screen time than usual
4. Enable automatic updates on your devices to ensure maximum security.
Always remember that awareness is the first step. So, make sure you are updated, and secure!
