Recent worldwide events are having a significant impact on how we manage our day-to-day lives, with working from home to engaging and interacting with friends and family. Some of us are entering the scary world of social media for the first time to try and stay in touch with loved ones, whilst others are trying to host conference calls with colleagues without children or cats running around in the background. Adapting is tough and your online security is more important than ever.
Our Security & Compliance Manager, Ben, shares some key advice to help you to protect yourself, your colleagues and your family during this unique time.
Try to use a complex password
Please, please, please don’t use ‘12345’ or ‘Password1’ for anything! Many criminals will use lists of known passwords like those mentioned and ‘spray’ these lists at multiple services seeing who might have used them. It’s the old adage, throw a load of mud and see what sticks. Criminals may not be targeting you specifically until they get lucky with a simple password and gain access to an account.
Try using a small random sentence as your password, versus a single word and number, such as ‘johnnyrodeagiraffetolasvegasinpinksplippers’ – you can get quite creative with this approach! That example would take a computer about 6 trillion years to crack, whereas ‘password123’ would take less than a month.
Avoid re-using passwords for more than one site or service
Password re-use can expose many of your accounts; a criminal only has to ‘hack’ one service provider to gain access to a bunch of other services you have used your password on. Limit the risk by using different passwords for different services. Think of the point above, if they have guessed or got lucky with attacking one service and getting in, they can try those credentials with other services and see if the get lucky again.
Don’t save passwords in a file on your computer
You don’t leave your keys in the front door overnight, so don’t leave passwords lying around either. If you have many passwords and think it would be difficult to remember them all (now that they are complex and different for each service, wink wink, nudge nudge), try using a password manager.
This is an application you install that requires you to setup one strong password and acts as a vault for all your passwords. Do a little research online and you will soon find a few consistently good ones listed in multiple reviews. You may find your mobile phone can do this action for you already.
Try multi factor authentication or 2 factor authentication
Might sound complex, but the chances are you have seen this working already; for example, try resetting your banking app password and you get sent a one-time pin or code to a registered email address or number. It’s similar to this process, but you get the additional code every time you sign into the service.
As the second code is random between you and the service, it makes it harder for criminals to obtain that second bit of information, adding additional layers of security to you gaining access to an online service.
Use some form of Anti-Virus or Anti-Malware
There are many different products out there, so we won’t list them all, but investing in an additional product for your computer for virus and malware detection, quarantine and deletion is an absolute must. The downside is, your computer might run a little slower, but the upside of such applications is very much worth it as they add an additional layer or wall of protection.
The key thing to look out for is an auto-update service for the application, one that updates itself to recognise the latest threat out there. We nearly all know someone in IT and probably ask them to fix our routers or printers all the time (they hate this by the way) but asking them to recommend an anti-virus product is a good starting point. We’re sure they would be happy to help you help yourself in this instance.
Turn on auto-updates
The computer you are using is probably either using some form of Microsoft Windows or MacOS to run on. These are the operating systems, the ones that everything else is installed on. These systems are complex and will get updates and ‘patches’ to their software regularly to ensure any risks are not compromised. To ensure you don’t miss out on these updates and security patches, you should have auto-update switched on.
If you don’t know where to look, go to Microsoft’s website or Apple’s website and search ‘how to turn on auto-updates’, both have articles on this with step by step instructions. Whilst you’re at it, make sure your mobile and tablet have auto-updates on too, again, go to the vendors website for guides on how to do this.
Keep your device safe
Lock it away or shut it down when not in use. If work have supplied a device for you to use, don’t be tempted to let others use it for non-work related activities; for example homework or games. Try and keep work devices and personal devices separate.
Avoid using your personal device for work
If you are using your personal device for work it may be a problem but if you have no other choice, please make sure it is up to date (see above) and has anti-virus installed (see above). Try to avoid using non-work applications whilst connected to work, and vice versa. This will help you stay focused when working and enable you to mentally shut off from work when catching up on videos or social media.
Keeping both work and personal activities separate during the day is a must for mental health and well-being during these challenging times. Make sure you stick to your working hours and disconnect at the end of your working day. Try and have a break from the computer or device before you jump into non-work activities in your own time.
Be vigilant to scams – criminals won’t let up!
Sadly scammers will try and take advantage of these difficult times when we are concerned, trying to look for answers, or simply venturing down a new technology path we are not used to. We are seeing a significant increase in phishing activities offering COVID-19 cures and updates. Social media platforms are doing their upmost to reduce the spreading of misinformation, but its always best to err on the side of caution.
Avoid opening attachments or clicking on links if you weren’t expecting the email, SMS or don’t recognise the sender. Check with trusted sources for facts, for example, check World Health Organisation or Public Health England for information, not social media. These organisations deal in this activity all the time and are geared up to find out facts and share them at the appropriate time, whereas your brothers, aunties, cousins mate from down the pub that suggests drinking a special concoction is unlikely to be useful to anyone.
Avoid sharing & watch for email scams
I’m referring to emails and instant messages asking you to forward as a high priority immediately to everyone in your address book. These kind of hoax emails often have a link that can phish for information. Be careful of fraud, and if need be, report unusual messages to Action Fraud if you think you have fallen for the scam. These emails and messages are generally misinformation, with an attempt to gain some form of personal data from you.
As mentioned at the beginning, this is not a comprehensive list, but if you can take a few pointers away you are likely to be more protected.
The internet can be a fantastic resource in these challenging times, with those in the public eye providing exercise classes or free music concerts, there is literally something for everyone. Some special moments can still be had too when trying to connect to friends and family afar via the likes of virtual pubs etc. Your imagination is your only limitation!
Please stay safe, follow the official guidelines on social distancing, and remember the internet can bring people close again, even if they are more than 2 meters apart.
Here are a few additional useful resources and an infographic with some top security tips from our sister company Register.it:
- https://howsecureismypassword.net/
- https://www.ncsc.gov.uk/guidance/home-working
- https://www.ncsc.gov.uk/section/keep-up-to-date/ncsc-news
- https://www.europol.europa.eu/activities-services/public-awareness-and-prevention-guides/make-your-home-cyber-safe-stronghold
- https://www.enisa.europa.eu/tips-for-cybersecurity-when-working-from-home
- https://www.welivesecurity.com/2020/03/26/6-tips-safe-secure-remote-working
- https://nakedsecurity.sophos.com/2020/03/30/how-to-stay-on-top-of-coronavirus-scams-and-all-the-others-too