In today’s world, hacking, online scams, social media hijacking, and digital phishing are alarmingly common. Many of us have heard stories of Instagram accounts being hacked, banking fraud, Facebook pages being hijacked, and email breaches.
Based in the Netherlands, Jaya is a leading voice in the cyber security space. She speaks all over the world, and form part of the line-up at the Singularity South Africa Summit taking place on Monday 21 and Tuesday 22 October 2024 at the Sandton Convention Centre in Johannesburg, in collaboration with Old Mutual. We caught up with her amdist her busy schedule to offer you essential tips on safeguarding your digital life and securing your social media presence.
Glamour: Given the increasing frequency of online attacks like hacking and phishing, what are the most crucial steps individuals can take to secure their personal information online?
Jaya: When it comes to protecting your personal information, it depends on what you are looking to do. All security starts from the principle of what is it that you are trying to protect and from whom? The measures you need to employ depend on the type of data that you are trying to keep secure and who you're trying to secure it from. So, it is a very different set of requirements that you have if you're just trying to keep it from an opportunistic type of criminal versus a more targeted attack.
An opportunistic attacker is a random cybercriminal who does not care who they hit on the Internet. He will just try to hit everyone with the same phishing mail or text scam call to say they found something from yours, etc. A more targeted attacker has a totally different approach. For example, a state actor is after you, it is a very different ball game. Let's say that there's a state actor after you. So, for example, if you're trying to hide stuff from Putin, it is a lot more difficult than trying to hide stuff from a random attacker on the Internet. In this case, you have to do a lot more to protect your data.
Glamour: Social media platforms often fall prey to hijacking and account takeovers. What advice do you have for users to protect their social media profiles effectively?
First, it starts with using the security mechanisms that are there on these platforms. Almost all of these social media platforms give you security protections that you can turn on. One example of that is something called multi-factor authentication. When you authenticate to the platform, you have a secondary mechanism. You have your username and password, but you can also get one one-time password over your SMS or your phone or an app that asks you and challenges you, is it really you? Turning on that feature is super important.
It is not just like helping you to verify that it is you, but also in case there is an accidental account takeover, they cannot go all the way. In case you lose your username and password, they cannot actually get into your account. I would say, first and foremost, take a look at the security measures that are deployed by these platforms to actually help you take control of your security. Make sure they are turned on. Always make sure you have a backup mechanism.
If something really genuinely goes wrong, most of these platforms have mechanisms that you can reach out to them and let them know. They have a fraud and an abuse contact, so you can reach out and say, someone else actually took over my account, this is not me, and this is when it happened. If you give them the details, they can often help you.
Glamour: Could you share some common signs that indicate someone's online accounts may have been compromised, and what immediate actions should they take?
Jaya: Suddenly, the account is being used for something totally different from what it was originally intended to do. Usually, it is an exhibition of different types of activity on that account, and very often, they are abruptly being used for advertising. When there is a compromised account, suddenly this account is being used to say, oh, “you should invest in this Bitcoin scheme”, or “you should go join this cryptocurrency movement” or something like that, which the user would not have posted.
Sometimes, accounts are hacked to generate fake traffic towards a particular goal. There are tons of these farming accounts, which are just used to boost profiles of other accounts. Sometimes account compromise is even done for this reason. To boost a particular social influencer, for example you can buy this type of uploading for social platforms from these sort of social media farms. They are literally farms of bot accounts that are then herded in order to give favoritism, depending on who pays to one account or another.
Glamour: With the rise of digital payments and online banking, how can individuals safeguard their financial transactions from cyber threats?
Jaya: There are so many steps. First and foremost, I am professionally paranoid about these things because I encounter these things at work, and therefore, I have a very different approach to it due to the profession that I am in.
When I do use my banking applications, which I do (I absolutely use all the banking applications), I make sure that I'm using them with all of the possible precautions and measures that I can take. So, I have a bank in Europe that allows me multiple mechanisms for doing the authentication to my bank. I use all of them.
I make sure that I am not doing any transactions in the middle of a crowded place or on somebody else's Wi-Fi. I make sure that I trust the network connections where I use my banking applications and that I am taking every precaution necessary, so that no one else can see that transaction, either physically or virtually. That means using those strong multi-factor authentication devices or two-factor authentication and limiting the amount of the transaction volume. So if something goes wrong without explicit authorization, it cannot empty your entire bank account.
Also, there are continuous fraudsters that try to get you to feel pressure to do something. Your bank will never call you to pressure you to do anything. The police will never call you to pressure you to do anything. These fraudsters these days tell you that they have seen a strange interaction, that they saw you do something online, that they potentially will have seen you use Bitcoin or some random thing, and they will pressure you. Anything that is a pressure tactic… be wary. Normal institutions do not do that.
Glamour: What role do strong, unique passwords play in personal cybersecurity, and what are your recommendations for creating and managing secure passwords?
Jaya: I actually have to be honest. I am hoping for a future where we no longer have passwords. I am hoping for a password-less future, where we can use multi-factor authentication using a combination of biometrics, hardware and other elements.
When I say multi-factor, just to be clear, let me spell that out for a minute. Passwords are something you know. Your biometrics are something you are. A hardware token, such as one for your banking application, like a little USB that you plug into your computer, such as a YubiKey, which is a very specific kind of device, is something you have. So, when you combine the strength of something you know with something you have and something you are, you achieve strong multi-factor authentication. Then you can say, I am me because I know this, have this, and am this. This is a really good way to verify the legitimacy of whoever is behind the screen. I think that this is the best way forward without passwords.
However, if we still need to use passwords, my request is do not use pass “words”, but rather use pass “phrases”. For example, a good sentence is like “I love to go scuba diving”. That is a great pass “phrase” that can be used as a password. If you can capitalize like ‘Love’ and end with a question mark after scuba diving, that would be amazing. Or, instead of the scuba ‘S’, you just add a little bit of random mutation.
You do not have to, because the enemy of security is complexity. So, if you can remember a long phrase, that is preferred to actually having a complex weirdo password that you cannot remember or have to write down. Please do not write it down anywhere unless it is in a password manager.
The ideal is to have strong passphrases and then use a password manager. There are tons of good ones out there, paid-for ones, and free ones. There is LastPass, Dashlane, and Bitwarden. I am a big fan of Bitwarden. I think they are amazing. There are so many but use a password manager so that you have unique passwords.
Do not use the same password across multiple accounts, because if one account is compromised, all of them will be compromised.
Glamour: In your experience, what are some of the most overlooked aspects of personal cybersecurity that people should pay more attention to?
Jaya: One of the things that we still don't do is we don't keep things up to date. Make sure auto updates are on. Whether you use an iOS or Android phone, whatever you have on your laptop or your computer at home, just make sure that you keep everything up to date. Somehow, this is still really hard for people to do. I would say, please start there.
Use a good antivirus program. Use a VPN. There are lots of really good tools out there. Using those tools that are available and afforded to you makes a huge difference to avoid the majority of threats. So, it is absolutely about passwords and password managers, of course, but it is also about antivirus, VPN, and keeping your software packages up to date.
Glamour: With the advent of biometric authentication (like fingerprint and facial recognition), do you see it as a safer alternative to traditional passwords? What are the potential risks associated with biometrics in terms of cybersecurity?
Jaya: We still see that there are attackers who are very willing and able to go after some of those biometrics. So, biometrics are not all created equal. It depends on how good the biometric is. What is it actually doing? It is really important to recognize that.
For example, when they were talking about an attack that required getting a fingerprint off of an image. So by having someone wave, they got the fingerprint off of the image and managed to actually fake a fingerprint. This is interesting!
One must always look at what is involved and the purpose of it. If you are applying for a password and getting a retinal scan, that is one thing, but you are not going to get a retinal scan for every internet interaction. There are issues with biometrics of spoofing, and having proof of life verification. Again, it all depends on the grade of security that you are trying to achieve. So, the pitfalls are dependent on what type of biometric authentication you're using and for what type of transaction.
Glamour: As a speaker at the Singularity Summit, what do you see as the future trends in cybersecurity, and how should individuals prepare to protect themselves in this evolving digital landscape?
Jaya: One cannot talk about cybersecurity without discussing the upcoming technologies that are going to have a huge impact on it, like AI and quantum computing. So I will be covering both of those because they will have an enormous impact on the field. I will also be talking about why old threats are still so ridiculously successful. Even though we all know what we need to do, it seems like we are not really doing it well.
I will address how we can engineer better systems in order to make sure that the things we already know about are handled well, and the things we don't know about yet, because they're up and coming. I will also talk about how we can mitigate the rise of new threats so that we can enjoy the future of innovation, with as least concern as possible.
Recent stories by: