An Introduction to Cyber Security

Something most folks don't realise is that Cyber Security does not just consist of securing down computers, iPad's, mobile phones, and tablets. It relates to anything that is connected (or not connected) to the Internet.


For example, many people don't realise that the wireless (WiFi) baby monitors they buy to listen in on their toddlers and young children can be easily spied on by anyone near enough to pick up on a wireless signal. Even worse if there is an option to talk (send your voice) to the child's room. Imagine some idiot talking to your children after hacking in. Creepy!

I personally tested and hacked a "GE" manufactured child monitor in under 30 minutes a few years ago, despite the manufacturer's claims of how secure it was and that the monitor used encryption. I did not know the SSID or password of the device, as both had been changed. I'm no experienced hacker either.

In fact, all I needed was one of many readily available hacking tools that scan WiFi networks and then uses well-known algorithms to crack through known vulnerabilities that were discovered after the release of the unit I tested. The simplicity of the exercise was an eye-opener, to say the least.

That's just one example. When dealing with the Internet of Things (IoT) type devices, anything that has a remote control or wireless sending capability is a potential risk. Especially when it connects to your home WiFi network.

IoT can include household items like Microwaves, Refrigerators, Thermostats, Door and House Cameras, Light Fittings operated by sound, voice-operated devices like Alexa, and the list goes on.


To keep costs down, manufacturers of these devices use the minimum WiFi protection needed to be able to make a claim that their device is secure. In reality, it is not. You get what you pay for, and the only way to make these devices safe is to purchase the types with update-able ROM and Firmware circuitry so that they can be patched and kept up to date as new vulnerabilities are discovered.

On the other end of the scale, the truth of the matter is that most people will not be targetted for a hacking attack, but it's mandatory to use at least essential and necessary security measures.

Hackers will always opt for an easy target, so if you use a weak or easily guessed password, then you should expect hackers to knock on your door, so to speak.

The most basic form of protection includes;

Password strength. Don't use anything related to your name, date (or year) of birth, your address or your pets. That includes your spouse or your kids too.

Don't share private details. Many people don't realise how much personal information they post publicly about themselves to social media. Bits and pieces here and there add up as time goes on, and before you know it, anyone that takes an interest in you can gather enough information about you with little more effort than using Google's search engine. It's not hard.

Don't answer password recovery security questions honestly. This is something I've been trying to teach my clients. Many web sites, banking institutions and so on will ask you to set up 3-5 security questions and answers. These are then used to automatically regain access to your login account if you happen to forget your password. Such password resetting systems are a hacker's wet dream. Why? Let's look at an example.

Q1. What is your pets name?

Q2. What was the name of the primary school did you went to?

Q3. What is your mother's maiden name?


Look at the above questions. The answers to all three are easily obtainable with a bit of research about you if you've shared the information on Social Media. Even if you haven't, there are ways to obtain such info.

The best way to prevent hackers from using your information to hack into your accounts is to give totally irrelevant answers to the questions. The automated system doesn't care what the answers are. It only cares that you remember the answer you gave - so to make use of such a system safely, you should always use answers that make no sense to the questions being asked, regardless of what they are.

Decide on three words you will always remember.


Let's say we'll never forget "Cabbage" because we don't like the taste.


We'll not forget the word "Motorbike" because we've never ridden one.


Finally, we'll remember the word "JoeJoe" because that was a nickname we got called in primary school. So let's now apply those answers to the previous questions.


Q1. What is your pets name?


Q2. What was the name of the primary school did you went to?


Q3. What is your mother's maiden name?



The chances of a hacker guessing those answers would be considerably less than if we answered them with a pets name, primary school or our mothers maiden name.


DO use password managers. A password manager allows you to use long and nonsensical passwords that would take even an expensive supercomputer hundreds of years to crack.

For example, how would you start about guessing the following password: 136m#kvCND%sd5^dR!h.

It would be humanly impossible to use such passwords if you had to remember them all. An article I've written on Password Managers can be accessed by clicking the following Graphic.








Do use antivirus applications. There are dozens of different ones available, each claiming to be the best. The truth is that none of them will provide perfect protection and nor is there any guarantee that your chosen brand will be the best next year, or even in a few months.

It's important to understand that antivirus applications are always playing catch up - they are 'always' behind the eight ball because new computer virus' are released all the time. That said, any virus protection is going to be better than none, even the free ones.

DON'T use the same password on multiple sites. I'm not even going to bother going into details on this one. Suffice to say just don't do it! If one website account is hacked, you don't want the hacker to automatically know the password to dozens of your other accounts right?

DO use 2FA when available. Two-factor authentication (2FA) systems issue a challenge code to allow access to an account, even if the password is known. The simplest form of this type of security is an SMS to your mobile phone. You enter your login name and password to your bank for example, and an SMS arrives with a randomly generated 6 digit code to your mobile. Without that code, you can't get in, but neither can a hacker, so it's also a great alert system for you if someone is trying to gain access to one of your accounts.

DO keep your operating systems and applications up to date. Microsoft Windows, MAC OS and similar get updated all the time. If you don't apply these updates, you're leaving yourself wide open to automated vulnerability seeking bots (programs) that seek out systems and programs that have not been updated to patch known discovered exploits and open doors. It's not a hacker sitting there spending hours trying to see if "you" are vulnerable - it happens automatically, and a list of systems is generated for them to concentrate on later when it's convenient for them. In short, lock your door - don't leave it ajar.


Cyber Security is a vast topic and one that can't be done justice with a simple blog post.

Read the many freely available articles on the topic that have been written by enthusiasts. If you do that, then you're already a step-up above the rest of the world. Education is vital, so educate yourself, and you'll stay safe. It's really not that hard - it just requires a little interest and effort from you.

As mentioned earlier, it's those that are ignorant of Cyber Security technology that are most at risk. Take even the most basic steps, and a hacker will likely move onto the next target rather than waste his time on you. A poorly locked door is much easier to break into than a well-secured one.