Hacker attacks are becoming more common – this is how you protect yourself

Published: 18 October 2019

The digitization of our homes, government functions and company information has added many positive aspects. We have been given greater freedom and access to information almost 24 hours a day. But there are also risks of having sensitive data available on the internet. During the week, Christer Åhlund, professor of distributed computer systems at Luleå University of Technology, and John Lindström, Cyber Security Architecture Engineering Manager at Combitech told us about the risks and what you can do to protect yourself and your company or organization.

Our homes are getting smarter and more and more features of the home are controlled by technology. Alarms, code locks, indoor temperatures and freezes are just a few examples of areas that many private individuals monitor digitally. The risks associated with smart homes are mainly of two types: self-caused mistakes or hacker attacks. As for the latter, they have increased significantly in recent years.

– There are many hacker tools nowadays, which makes it easier to hack systems. Almost anyone with a little programming knowledge can perform hacking attempts on a system today, which means that individuals must be extra careful when installing software and services over the Internet, Christer Åhlund said.

How do you protect your systems?

The motive for hacker attacks is usually to access money or data. In order to protect oneself, there are, above all, three things that private individuals should consider. Always change the password for new software and technical gadgets that are purchased and that are to be connected to the internet. They often come with a password that is the same for everyone, and many fail to create their own, unique password which increases the risk of hacker attacks. Another important thing is to update their software when available, and a third is to check their home security once every six months to check that systems and firewalls are intact.

– There is an internet service called Shodan. There you can enter your IP address and find out what information Shodan has identified regarding your internet-connected systems. This information is then also available to others and measures may be required for increased security. I recommend everyone to do such a check, said Christer Åhlund.

John Lindström said you need to think about what it is you want to protect if the accident occurs. It does not have to be a hacker attack, but it could just as well be a burglary or a fire that means you no longer have access to, for example, your computer. If you have photographs or securities that you would like to keep, you should periodically take a backup that you keep in a completely different place than your computer.

It is important for companies to set up a plan

Each month, around 4,800 web pages are attacked around the world, and for a large company, the cost can land at half a billion SEK for such an incident. As a company, it is important to do a risk analysis in advance, develop a continuity planning with an incident management process and recovery plan that they have been practicing before anything happens. It should have designated teams that have a clear task to resolve a crisis situation. The team should practice crisis management, manage incidents and restore different systems as quickly as possible so that the affected business processes work again.

– The company should focus on prioritizing the right things to keep the emergency phase as short as possible, but they should expect that the recovery phase after a crisis is five times as long as the crisis itself, said John Lindström.

To avoid attacks, companies can perform benign hacker attacks, so-called penetration tests, that control how companies' systems resist hacker attacks. Another important thing to think about as a company is that there are alternative places to work if, for example, the workplace is exposed to a fire or water damage. It becomes vulnerable if all the equipment and work opportunities are in one place. Then it can be good if employees have a laptop and can sit and work elsewhere so that the business does not completely stop.

Presentations from the lectures

Christer Åhlund

Christer Åhlund, Professor and Head of Subject, Chaired Professor

Phone: +46 (0)910 585331
Organisation: Pervasive and Mobile Computing, Computer Science, Department of Computer Science, Electrical and Space Engineering