SINGAPORE – Experts at a Straits Times webinar on digitalisation and cyber security on Wednesday (Dec 9) tackled questions from a live audience on topics ranging from whether a separate smartphone is needed solely for banking and e-payments, to the safety of the now-ubiquitous QR codes.
Here are some edited excerpts of the answers given by the panellists – Associate Professor Steven Wong from the Singapore Institute of Technology, Cyber Security Agency of Singapore chief executive David Koh, Associate Professor Chang Ee-Chien from the National University of Singapore’s School of Computing, and Mr Benjamin Ang, head of the Cyber and Homeland Defence Programme at policy research think-tank Centre of Excellence for National Security – and the moderator, Irene Tham, The Straits Times’ tech editor.
Q: On the topic of hardware segregation to minimise compromises, cyber attacks and breaches, would it be best to have a smartphone solely for banking and e-payments?
Prof Chang: If it’s very important to you, and you carry out a high volume of transactions, then you may want to think about that. I don’t have a separate one. I do everything on this one smartphone.
Ms Tham: I would recommend this: Do it on separate devices and on separate networks. I transact on my computer and receive my one-time passwords on my mobile phone, so I achieve both network and device segregation at the same time. I think it’s quite safe that way.
Q: I’ve seen many virtual private networks (VPNs) being advertised on YouTube and elsewhere lately. Do they really help in terms of cyber security at home?
Prof Wong: If it’s free in real life, you wouldn’t believe it. In the digital world, don’t believe it as well.
Prof Chang: If someone offers VPN services, he is saying, let me handle all your communications. Whatever you say goes to me first, then I relay it to other people.
This is what we call a man in the middle. Very often, we use VPNs to protect ourselves, our identity. We don’t want to let the receiver end know where this is coming from.
I know people are using this to watch movies… It doesn’t actually make you safer in that sense. And it’s the same thing for paid VPN services.
Q: Nowadays, there are numerous QR codes for various things. How safe is it to scan QR codes with your mobile phone camera?
Prof Chang: A QR code is just a means for someone to send a piece of information to your phone. Practise typical common sense: If someone wants to tell you something, do you want to accept that?
Very typically, that piece of information is a URL, or one that says to pay using PayNow.
There are many incidents where hackers have pasted their own QR codes over the real ones, so the customer pays the hacker instead.
Q: What are the dangers of streaming free movies and TV shows online?
Mr Ang: A lot of people have bought these Android set-top boxes which promise them unlimited free movies. If something looks too good to be true, it is.
If you have taken all the care to have VPNs and secured everything in the house, but you introduce a virus-catching machine into your home network, what’s the point?
Mr Koh: You have to exercise some due care and concern. When you introduce these set-top boxes or you want to access free movies, you have to ask yourself… what else are you allowing into your home network? You’re taking on some risks.
Technology allows us to do many things, but we need to exercise some judgment with our own sense of what is appropriate.
Q: I find it difficult to keep up with fast-paced technological advances despite attending courses and reading articles. It is also expensive to maintain up-to-date computer systems. How can seniors solve these problems?
Prof Wong: If you identify what is important to you, you don’t need to protect everything.
Do we need to always go for the latest software? You do need to patch it, but it doesn’t mean you need the latest version.
Patching is usually free, and it doesn’t mean that because it’s free, it’s not useful. It is very useful. So actually, it may not be very expensive to keep your devices safe.
Just take simple steps. Identify what is important to you… It can be as simple as photos. If you keep them in a hard disk, you can then not protect it as much as a laptop.
This is something you can do to try to mitigate your risk in an affordable way.
Mr Koh: On a practical basis, you don’t have to be protected to the highest possible level of cyber security if you are not involved in very high-level transactions.
The IT world is moving at a very fast rate. Even those of us who are in the business find it very difficult to keep pace. But you don’t need to keep pace with everything.
It’s not about buying the latest technology. I don’t buy the latest software, I don’t buy the latest computer, but I make sure that those I have are updated.
Source: Read Full Article