NAME

IDENTIFICATION CARD NUMBER

VERSION ENGLISH

SIGNATURE
 TABLE OF CONTENT

NO. TABLE OF CONTENT PAGE

1. Executive Summary 1
2. Introduction 2
3. Security Measure 1: Installing Antivirus Software 3-4
4. Security Measure 2: Good Password Management 4-5
5. Security Measure 3: Implementing Vulnerability 6-7

Management System
6. Security Measure 4: Installing Website Security Tools 7-8
7. Conclusion 9
8. Bibliography 10
 1. EXECUTIVE SUMMARY

As we are advancing into the new decade, it is totally undeniable that the whole world is now

increasingly dependent on Internet of Things (IoT). Almost all the economic activities and social

interaction have shifted to portable devices and internet including corporate meetings, business

transactions, researches, etc. It is also notable that as most of the of human activities have moved

into the cyber space, the rate of cyber-crimes has also risen up exponentially. These cyber-crimes

are more serious compared to other crimes due to the characteristics of internet and complex

network architecture. The scope of anonymity and the global nature of internet is also an

encouraging factor for them to commit cyber-crimes. There are various form of cybercrimes being

committed around the world, such as phishing, botnet, spoofing and denial of service attacks

(DdoS) that may cause great amount of data or financial to the victims. It is highly necessary for

IoT users to understand the different types of cybercrimes the prevention techniques to make sure

they build a solid defensive barrier against cybercrimes. This essay basically describes on how

users or companies could defend themselves against cyber criminals and how some of the

common methods used by hackers to penetrate into the system. Four main security measures

have been explained in depth for the reader to fully understand the objective, functionality and

also the benefits of each of the security measures:

i) Installing Antivirus Software

ii) Good Password Management
iii) Implementing Vulnerability Management System
iv) Installing Web Security Tool

I greatly feel that it is important for every IoT users and emerging companies to educate

themselves about the above-mentioned security measures to avoid being another victim to a

cybercrime. Following these measures will not only aid them in defending against malwares and

other form of attacks, but also to patch up the existing vulnerabilities in their systems or devices.

1
 2. INTRODUCTION

The year 2020 has offered a lot of promises to introduce a set of mind-boggling new technologies

as mega Information Technology companies such as Apple, Google and Amazon began to

explore into the smart home technology (IoT) markets. Resulting from the huge amount of

investments made by corporate companies to conduct researches on Information Technology

sectors, machine learning and artificial intelligence has expanded exponentially in the workplace,

increasing the performance efficiency. Not forgetting to mention the entertainment sector,

thousands of new leisure applications and virtual reality games will be also released from time to

time. However, there is one vital question which must be pondered upon all these innovations and

inventions; With all these new technologies, will we be finally able to overcome the existing cyber

security vulnerabilities or prevent from evolving or advanced cyber-attacks? Unfortunately, the

answer is a ‘NO’. In fact, every newly introduced technology comes with a new set of

vulnerabilities to we worried about. Exacerbating the situation, it is more concerning that IoT users

are trading their security for convenience neglecting the terrible consequences may happen. The

new decade has deliberately opened the door towards extraordinary possibilities for data

breaches and other cyber-attacks. It is highly necessary for every individual to learn on how to

protect their data and confidential information from hackers and other cyber threats. These attacks

and breaches will not only be focused on individual users, but corporate companies will also be

facing more cyber warfare as IoT vulnerabilities will expand the cyber-attack threats. According to

security report issued by Fultura (a well-known network specialist company), it is stated that last

year itself, there were many information technology-based companies fallen victim to a cybercrime

involving a malware named as ‘Ransomware’. One major deduction that can be made from these

unfortunate events are that the main cause of these happening is largely because of poor security

measures that were taken by those companies. Inevitably, corporations will for sure face

advanced cyber threats in any markets and in order to keep themselves protected from such

2
issues, they must build a solid security defence and implement plans and strategies to counter

any cyber threats.

Table 1: Estimation of Cybercrimes Happening Around the World

3. INSTALLING ANTIVIRUS SOFTWARE

First and foremost, the basic and most essential security measure to be taken is to install a

reliable internet security or anti virus software on your smartphones, laptops, tablets and other

devices. The importance of implementing an antivirus software carries more weightage for

companies as they hold multiple user data and other valuable assets. A reliable internet security

software should be able to provide real-time protection against existing, evolving and emerging

cyber threats, including the now trending ransomware and other viruses. Most of the IoT users

and companies are not going for premium or advanced antivirus softwares mainly because they

are unaware about the vulnerabilities in their devices or simply negligent towards the cyber-

attacks happening around the world. It highly recommendable to implement a premium antivirus

software (paid) rather than downloading a free antivirus software as the downloaded free antivirus

itself could be a carrier for new viruses or malwares. As there are thousands of premium antivirus

softwares out in the market, how we could evaluate the effectiveness and efficiency of a software

in protecting our devices? There are three essential features that you should look for in any

antivirus softwares before installing it to your devices which are, real-time scanning, protection for

multiple apps and could fight against all type of malwares. Despite that all existing antivirus

3
softwares are specifically developed to detect malwares and viruses, the method of detecting is

not the same for all the softwares. The not so technologically advanced softwares will depends on

the user to run a manual scan to detect if malwares are present in the system, while the advanced

softwares consist of automatic scanning features that will consecutively check your devices for the

presence of any malwares. Threats may exist literally anywhere across the entire system of apps

and services in our device. From the newly received emails to social media platforms and

certainly the web browser, malicious malwares can enter into our system through various point of

sources. Hence, installed antivirus programs should be providing protection for multiple vulnerable

applications from potential cyber threats. Spyware, bots, viruses, trojans, etc., there are various

form of malwares that can penetrate your system and harm it. Ineffective softwares are

sometimes developed only to identify a specific type of malware, mostly viruses only. It is highly

advisable to go for an antivirus software that can effectively detect all form of malwares and

eliminate them.

4. GOOD PASSWORD MANAGEMENT

The following security measure to be focused is to use a strong and unique passcode for

your devices, Wi-Fi networks and for the important applications or accounts within your device.

Cybersecurity experts continually recommend the usage of strong, unique passwords as one

essential security measures to combat against cybercrimes . Despite of those recommendations,

this has been also the least commonly followed recommendations as users find it difficult to

manage and remember unique and strong passwords for every login process. There are several

reasons behind this recommendation - the main reason would be that every day malicious cyber

criminals undermines online accounts and website and expose lists of usernames and passwords

online. This exposes not only a user’s password but also with info which are uniquely associated

with the user, such as their email address. Holding such personal info, a cyber criminal may start

4
to mine other accounts associated with the same email address or username, such as banking

accounts, work-related or social media accounts. When the cyber criminal manages to find those

accounts, he/she may try to log in with the exposed password and if the user has reused the

same password for all the associated accounts, then the criminal gains an easy access to the

accounts. This is basically why every password created should be different from one another.

Adding on, when the hacker could not easily crack or guess the passcode, they will use a

technique called brute forcing. Brute forcing is reverse cryptography technique through which they

will try every possible key until the matching password is identified. Brute force softwares can

generate thousands of passwords for every second, but for all this effort to be worthy, the hacker

needs the passcode to be easily identifiable, which is why cyber security experts recommends

users to create a strong password. The stronger a password is, the lesser the possibility of brute

forcing to be successful. A strong password should at least be consisting of 10 alphabet

characters and includes combination of uppercase and lowercase letters, symbols, and number.

As for companies they should also set unique and strong passwords for every device within their

organization to block both internal and external unauthorized access to their assets. It is highly

recommended for all companies to implement a high-quality encryption tools to protect their

devices from being illegally penetrated. For instance, Symantec Encryption Desktop, one of the

reliable encryption tools, which provides comprehensive security for desktops and laptops, making

it possible for enterprises, workgroups, and individuals to protect their sensitive information.

Utilising advanced encryption tools, enterprises will be also able to encrypt files, emails and

applications which are shared among the workgroups internally and externally. As a conclusion,

we can deduce that having a unique and strong password is essential to protect the accounts

from being exposed through cracking methods such brute forcing and it is also important to

implement a reputable password managing tool to provide a strong protection to the passwords.

5
 Image 1: Two of the Most Reputable Password Management Tools

5. IMPLEMENTING VULNERABILITY MANAGEMENT SYSTEM

In addition to the above-mentioned security measure, companies should also implement a

vulnerability management system to their environment to identify and minimize the risk of having

the vulnerabilities in their system. Security vulnerabilities are more like loopholes in the

environment, through which malicious malwares may penetrate the systems. For instance, if there

are any unidentified vulnerabilities exist in the communication architecture in between a trusted

client and a server, there are chances for a malicious actor to exploit the loop hole by executing

‘Man in the Middle’ attack where the attacker may substitute the client’s IP address with its own

while the server continues the communication. Such attacks are highly dangerous as the attacker

could access all the info from the server, may further obtain access towards other systems or

servers and more alarmingly, the organization won’t be even aware of these happenings. A

statistic featured in an Infosecurity Magazine article highlights how crucial it is to implement a

vulnerability management system. Based on the survey data cited on the article, companies that

“suffered a breach, almost 60% were due to an unpatched vulnerability.”, in other words, the data

breaches could be easily prevented with a solid vulnerability management plan which would have

applied critical patches to the vulnerabilities before attackers exploit the vulnerabilities.

Implementing a vulnerability management system will aid the company in identifying, evaluating

and treating on security vulnerabilities in the softwares and systems in which they run. This is

6
highly necessary for companies to prioritize possible threats and minimalize the risk of the

identified vulnerabilities. The scanning process needs to be conducted continuously in order to

keep up with the newly added systems to the network or changes made to the existing systems

and the newly identified vulnerabilities over time. In a nutshell, implementing a vulnerability

management system as a prevention step is always better than spending millions for retrieving the

lost data or reparation of the corrupted systems and softwares.

Graph 1: Indicating the possible amount of vulnerabilities present in a software

6. INSTALLING WEBSITE SECURITY TOOLS

According to a recent survey conducted by Comodo Internet Security, about 70 percent of

the cyber-crime victims has fallen for phishing scams. Phishing scam is a classic online forgery

method where the attacker will send emails that are imitative of reputable entities like credit card

companies, banks and online resources to deceit the victims into sharing their personal and

financial information. Hackers may also trick online users into downloading files or free softwares

which contains malwares or by inject malwares as they click malicious adds. The targets may be

directed to malicious web sites also posing as legitimate sites where they will be asked to enter

login credentials and other personal information the attackers can use to commit identity theft. So

7
how could online users protect themselves from being a prey for the phishing scam? The most

effective way is to install a web security tool to their devices and home/work network. There are

plenty of features in a web security tool that an online user or company could get benefited from.

Web security tools have the ability to crosscheck a website against the website security

authorities such PhishTank and McAfee to make sure the website is safe to be browsed and these

tools would also identify if an accessed website is running an outdated CMS or vulnerable plugins

and extensions which could harm the user’s endpoint. In some technologically advanced

companies, they have implemented encryption tools which will encrypt every data shared online

from a device. Only if a receiver has the valid key to decrypt the data shared, he/she will be able

to access the data.

Image 2: Example of a Phishing Email

Image 3: A Malicious Website gets Blocked by Norton Web Security Tool

8
 7. CONCLUSION

Implementing and following all the above-mentioned security measures would guarantee a

solid protection barrier around devices either at home or in a company environment against all

sort of cyber-crimes. However, as a responsible online user, we should be responsible ourselves

to monitor our own activities. Users should always think twice before clicking on an online ad or

downloading a file from an unknown website and always keep in mind to research the source of

any suspicious mail or pop-up messages before interacting with them. One should never expose

his/her personal and private information on social medias or any open platform. Cybercriminals

can often accumulate victim’s personal data with just a few data points, so the less we expose in

public platform, the secure we are. Every human resource management department should bear

the responsibility to educate the employees on the secure ways to browse online and to share

files internally and externally. As we greatly benefited from the advancement of technology, it also

very crucial to always keep ourselves updated with latest security upgrades to keep our data and

devices safe. In conclusion to this essay, fighting against cybercrime is everybody’s responsibility

and every user should think of it as an obligation to do their part in the fight against cybercrime.

Let us all work towards a technologically secure future for the well-being of the humankind.

INSTALLING ANTIVIRUS GOOD PASSWORD

SOFTWARE MANAGEMENT

SECURITY
MEASURES
IMPLEMENTING INSTALLING WEB
VULNERABILITY SECURITY TOOL
MANAGEMENT SYSTEM
9
8. BIBILIOGRAPHY

EBOOKS

No. Author’s Name Year of Title of Reference Book Publication

Publicatio
n
John Wiley &
1. Joseph Steinberg 2019 Cybersecurity for Dummies
Sons Inc
Forefront
2. Scott Augenbaum 2019 The Secret to Cybersecurity
Books

WEBSITES

Year of
Author’s
No. Publicatio Article Name Website
Name
n

Vibhuthi Eight ways to secure

1. 2019 https://www.itproportal.com/
Viswanathan your data on IoT devices

The 16 Most Common

2. Erika 2018 Types of Cybercrime https://www.voipshield.com/
Hernandez Acts

10