By Mark Richards.
Last week’s papers were full of stories about spies and security. The UK gave Chinese company Huawei the go-ahead to work on our 5G infrastructure: cyberattacks on small business increased and it was revealed that the UK’s most common password is 123456. At first glance these stories are not connected – but taken together, they add up to a significant threat to your online security.
At the end of the Second World War the ‘five democracies’ – the US, UK, Australia, New Zealand and Canada – came together in what has become known as ‘Five Eyes.’
This grew out of the work the countries had done together in the Second World War: they wanted to lay the framework for a post-war world and cooperate in monitoring the communications of the Soviet Union and Eastern Bloc countries.
Technically the countries are a party to the UKUSA Agreement, a treaty for joint cooperation in signals intelligence, but it has always been known as Five Eyes, and the cooperation continued after the fall of the Soviet Union and was active in the War on Terror from 2001 onwards. In short, it had worked effectively for more than 70 years. Until Huawei appeared on the scene…
We have written about Huawei on more than one occasion over the past year – particularly the decision of countries such as New Zealand and Australia to ban Huawei from supplying any infrastructure for their 5G networks.
Now the UK has taken the decision to allow Huawei to build some of our 5G infrastructures. This will undoubtedly antagonise our allies and may put the UK’s continued participation in Five Eyes at risk.
5G will change everything
As we wrote earlier this month, 5G is going to bring significant changes. It will deliver much faster broadband – you will download a full-length feature film in 30 seconds, not 30 minutes – and vastly improved connectivity. More importantly, 5G will bring changes we cannot yet foresee.
As we wrote in the previous article, 4G enabled your phone to process payments and know your location. Once it could that, along came Uber. But when 4G was first mooted, no-one predicted the complete transformation of the private hire business or a company that will shortly float on the US stock market valued at $90bn (nearly £70bn).
What is the most exciting thing about 5G? We do not know what it will bring.
What is the most frightening thing about 5G? Exactly the same: we do not know what it will bring.
Huawei is a Chinese company, formed by a former major in the Chinese Red Army. Its prime loyalty is not to its shareholders, nor to its customers, but to the Chinese state.
Is it really sensible to allow a company like that to build part of the UK’s critical infrastructure? When Russia invaded Georgia in 2017 it still controlled large parts of Georgia’s infrastructure. It simply switched it off. Has the UK Government just given China the power to switch off our infrastructure? Is it a risk worth taking?
On a much smaller scale, I need to upgrade my phone. I really want one with a great camera. By common consent, the best camera is the Huawei Mate 30 Pro. I am sure Chinese Premier Xi Jinping has more pressing things to do than read my e-mails. But something feels wrong, and if something feels wrong it is usually a good idea not to do it…
Cyber attacks on businesses soar
A new report from cybersecurity firm Malwarebytes shows that threats and attacks on businesses – especially small businesses – were up by 235% last year, with cyber-criminals deciding that the corporate bank account was larger than the personal one.
The report also showed that the attack on private consumers had dropped by 40%. Does that mean consumers can breathe a sigh of relief and go back to using their dog’s birthday as their password? Far from it, according to Adam Kujawa of Malwarebytes Labs.
“That would be short-sighted,” he said. “Consumer data is more easily available in bulk from business targets and cybercriminals [are increasingly targeting businesses] through Trojans, adware and ransomware.”
So the message is simple – however secure your data might be at home, it is still vulnerable once you have given it to a company you do business with or buy from. And as this graphic shows, some of the biggest companies have lost millions (or billions in Yahoo’s case) of customer records in data breaches. And those are only the breaches we know about…
123456 is not a secure password…
Last week the BBC reported on analysis from the UK’s National Cyber Security Centre (NCSC) whose data had shown that the most popular password in the UK is 123456. Very evidently, that is neither sophisticated nor secure. Neither is the name of your children, your dog or anything that makes sense.
And you can cross your favourite football team off the list as well. Liverpool topped the list for football-related passwords – and I think it is a safe bet that someone reading this article taps Virgil4 into his computer every morning…
So how do I generate a random password?
One of the easiest ways is simply to go online to a site like this. Here’s the password it generated for me this morning: MnJ.:6BJ[‘rN6/!=
But fair’s fair. That is not the easiest password to remember – and now you have gone all security conscious you are not going to write it down. So try coming up with a phrase: for example…
My daughter Kylie birthday 27 is in year 7 at Elmwood Secondary School
That would give you: MdKb27iiy7aESS
Suddenly – but very easily – you have something that looks like a real password, and one that is easy to remember. And if the site you are on demands a character, just add an exclamation mark at the end, or in place of a letter ‘i.’
So three stories, seemingly – at first – unconnected. But what they all have in common is the very real threat they pose to our online security, be that on a national scale or a smaller, more personal scale. The message is simple, we really do need to take our online security seriously – and no-one else is going to do it for us.