The National Telecommunications and IS Observatory , belonging to the RED.ES public business entity under the Ministry of Industry, Energy and Tourism, presented last April the Study on Cybersecurity and trust in Spanish homes , with data of the July-December 2016 wave.
This study on Spanish users with frequent Internet access over the age of 15, is carried out every six months in order to obtain the perception of these users about the situation of Internet security and their level of e-trust .
Reading the report also gives us guidelines on security threats and possible lines of cybersecurity in homes, in this article we will focus on this aspect of the study published by ONTSI.
Insecure networks: malware and information theft
The conclusions of this study show us how, despite the fact that Wi-Fi networks have become an everyday item for any user, many of them are not aware of the risks that unsafe or poorly configured networks can pose.. The use of obsolete, vulnerable ciphers, as well as the ignorance of the state of the network make users of these networks possible victims of intrusions with the risk of allowing access to data from the computers and devices that are connected to them. Despite the fact that these threats affect all users connected on an insecure network, a large part of them, almost 40 percent, connect to a public or third-party Wi-Fi network without checking the security offered by the network. or without considering the nature and degree of sensitivity of the data that will circulate through it.
Another dangerous element in Wi-Fi networks is malware , which is constantly evolving and whose developers seek and devise new methods of infection and spread, as the “ Svpeng ” malware has shown not long ago . This banking Trojan took advantage of Google Adsense, the largest advertising network in the world, to infect Android devices from advertisements or banners published on legitimate websites in which the user places their trust. The report also calls attention to the potential of malware to use these insecure networks, proposing examples such as “ Switcher Trojan ”That infects Android devices and tries to access Wi-Fi routers by exploiting vulnerabilities in them or the default access credentials themselves if they have not been changed to modify the default addresses of the DNS servers by other malicious ones. Or the “ Guerrilla ” malware , designed for Android that tries to steal the credentials from Google Play to download, buy, rate and comment on applications on behalf of the user without the user’s knowledge or consent.
The advice of the Internet Safety Office is simple:
- Avoid automatic connection and eliminate access to Wi-Fi networks once their use has ended.
- Avoid making online purchases or exchanging sensitive information.
- Check that the free network available is the official one (Town Hall, business premises) of the place where you are.
- Protect our device from prying eyes.
- Keep our devices updated, as well as security applications.
- Always use encrypted pages (HTTPS) with valid security certificates.
A more complicated tip if we find it essential to connect to a public or private network, and we must transfer sensitive information or make use of online banking services, is to use a VPN. VPN connections offer additional security by encrypting all the traffic that leaves our device and although it is a service that can be found for free, our recommendation is to use a reliable payment service. As Enrique Dans points out in his article The generalization of VPNs: “VPNs are going to become more and more a necessary tool to move around the network”, his perception that “the Internet is evolving to become a network in which the vast majority of traffic will circulate permanently encrypted” and that Those who do not know how to protect themselves “those who will circulate on the Internet exposing their data” will be the probable victims of crime, it should make us reflect on this possibility of use.
Not only unprotected, but also infected
The report indicates that ” the presence of antivirus software that detects potential threats can be decisive .” Despite the importance of this line of defense, only 49.1% of the devices analyzed have any solution of this type. This protection increases considerably on PCs, reaching 77%, which is clearly insufficient. The report tells us in this regard “in the home computer the situation is more serious. While 69% of Internet users consider their computer protected, malware was found in 63.9% of the analyzed computers and in 53.7% of cases the user considered that their computer was not infected. Furthermore, depending on the nature of the malware found, it can be concluded that71.8% of infected computers are at a high risk level . ”
The report itself gives us the clues as to where we should develop our domestic cybersecurity policy through a valuable graph of security measures:
In this situation, the obvious advice is to have an updated antivirus running on all our devices connected to the Internet , or that can be connected at any given time. Update the operating system of our devices whenever the manufacturer has it, paying special attention to updates and security patches .
We should not forget the convenience of carrying out scans with a certain frequency using a specific anti- malware product such as Malwarebytes or SUPERAntiSpyware .