Good to be paranoid when it comes to cyber security

Many of us believe cyber security problems can be solved with technical wizardry (Cyber attacks on NUS, NTU in bid to steal sensitive data; May 13).

But it is not enough to just beef up system defences.

Individual responsibility to prevent cyber attacks must be a daily ritual.

The truth is, many firms still fail to take cyber security seriously, and treat it as an afterthought.

It is also not uncommon for employees to lack basic housekeeping habits, thereby hampering their ability to protect themselves online.

Our Government and employers should insist that their employees apply updates and fixes when flaws are found, and force them to change their passwords monthly.

There must be regulations to make firms disclose if their computers have been hacked and to make sure they fix the problem.

The default assumption must be that everything on the Internet of Things is vulnerable. It is impossible to make computers completely safe.

More importantly, firms, government agencies and workers must cultivate a mindset of paranoia, where the default assumption is that everything on the Internet of Things is vulnerable.

It is impossible to make computers completely safe. Good security cultures take time to develop, and we must start now.

It is also time for software developers to pay more attention to the security of their products.

Currently, the licence agreements typically disclaim any liability on the part of the software firm if things go wrong, even if the products are designed to protect computers against viruses.

Perhaps the authorities could allow for legal recourse when a product proves vulnerable, resulting in significant costs to users.

Freelance bug-hunters could also be hired to claim bounties should they discover bugs or hack into systems.

Francis Cheng

A version of this article appeared in the print edition of The Straits Times on May 16, 2017, with the headline 'Good to be paranoid when it comes to cyber security'. Print Edition | Subscribe