In this day and age, it’s unusual to go for much more than a day without hearing a story about IT security in the news. It may be the NHS and ransom ware, small businesses trying their best to understand the current situation, stolen photos from an individual’s smart phone camera or advice on protecting your smart fridge at home!
A few years ago, people would consider the security of work systems and computers solely as the responsibility of the IT team. A few years ago we may not all have been as concerned as we are now in regards to the theft of our own personal online identity. These days though, we need to think again!
The companies we work for need our help to keep company data secure and their services online.
The advice we can give them to stay safe online will help to protect their personal data and their on-line identities.
So, what does that really mean?
Well in short it means thinking before you point and click and thinking about the potential consequences of our actions. It also means taking our own small but sensible precautions.
Sounds simple, right? But what can you actually do.
The list below is what the TechSolvers team have compiled in just a few minutes. If you can think of something we have missed, let us know!
Make Sure you have Anti-Virus software installed on any computer you use!
Malware infections are not the same as virus infections. Install the free version of Malware Bytes to protect against Malware and every now and again, run a scan!
Whether your machine runs Windows or Mac OS, it still needs patching. Simply set your system to automatically install updates. When you are prompted to restart your machine to allow patch installs to complete, just do it! Don’t cancel the restart no matter how tempting.
If your machine is running an operating system that its manufacturer is no longer supporting (no longer fixing security flaws) then it’s time to either get a new machine or at the very least, install a newer operating system on the existing hardware. That means if you have a Windows XP machine, or MS Server 2008 R1, its time to upgrade!
If you have an application installed, it may have a vulnerability that opens you up to the prospect of attack. The simple solution is to uninstall any applications you don’t use!
For the applications you do need, make sure you are updating them to the latest version. Even if you are happy with the version you have, the new one will have more security fixes and less vulnerabilities. So keep your apps updated. Prime candidates for this are Chrome, Adobe Ready, Java etc. but the list is endless.
Webcam on your laptop? Hackers can access your web cam without you knowing. The most hi-tech fix is to put a bit of tape (not clear tape) over the camera. The solution does not have to be complex, as long as it works!
Make sure when you log into your computer you have created yourself as a user, not an administrator. Users can do less damage if they do get hit by a virus. Only log in as Administrator when you need to use those privileged rights.
If you get an unsolicited call from Microsoft or Apple, then it is a scam! These companies do not just ring you up and ask if they can help. You have to contact them. If someone calls you saying that your computer has errors, then it is 100% a scam.
Make sure you need a password to connect to your home wi-fi. It may seem easier to have it just open for anyone to use. However, if your neighbour finds out and starts illegally streaming movies over your connection, it’s not them who will get into trouble, it’s you!
When connecting to public Wi-Fi (free/paid) then play it safe and don’t do any online banking, or anything that involves sensitive passwords. It’s possible via an attack called “Man-In-The-Middle” for anything you transmit on a public network to be listened to. So, stay safe and don’t use public Wi-Fi for anything confidential or secure!
For every account that you have, you must make sure the password is unique and complex. Passphrases such as “idontlikepasswords” can be easier to remember but are just not secure. Change them to something more like; “1d0ntl1k3pa55w0rd5”. After you’ve typed it in 5-10 times it will be just as easy to remember!
Don’t write your passwords on Post-iT notes or give them to your colleagues, friends or even family!
Credit - thycotic.com
Don’t use your date of birth or any other sensitive information in your email address. This is the type of info a hacker needs to get through a “forgot your password” utility. This information needs to be confidential. So obviously the address; Tom-Jan1st-1976-at-my-pets-name-was-Dave-The-Dog@gmail.com is not ideal!
If you have a Windows PC or Laptop, ensure that the Firewall is switched ON. The firewall blocks incoming connections, but allows outbound ones. So you can still work as normal, but the Firewall is an important layer in your computers defense.
When you buy devices for your home be it a new router, security camera, internet enabled fridge or smart kettle (yes, they do exist!), then change the default password. Even if it looks complex and unique already, still change it. Hackers can easily find the default password for most devices just by doing a quick Google search!
Social Media Tips
Don’t take part in random quizzes to work out your personality type, or what house you would be in if you lived in Game of Thrones…
You are giving these companies access to your personal profile on Facebook, a profile which contains your date of birth, mobile number, details on your pets. Basically, more than enough information for someone to impersonate you.
Review all of your privacy settings, lock them down so only you and your friends can see any of your personal information. Then do some testing and see what you can find about yourself online!
With all social media, be selective about who you engage. If you get a friend request from someone you don’t know, its most likely a scam/fake profile. No matter how attractive their profile is, don’t accept the request. You could send them a message to ask how you know each other, but go no further unless they prove themselves to be legitimate!
Avoid status updates detailing where you are and for how long. Posting that you are on holiday for 2 weeks just lets the whole world know that no one is going to be home! Need we say more.
The number one tip with email is don’t open an email unless you know the sender. This can sometimes be difficult to call (we accept), so the lighter version is don’t open an Attachment unless you know who sent it, and why.
If there is a link in an email, don’t click it. Instead, use Google to find the page you need. The point is that while the link may look like www.SafeSite.com it may actually take you to www.malwarebehere.com. Just because the text says one thing, it doesn’t mean the link will take you there!
If you are emailed a Word or Excel document and upon opening it you are asked if you want to enable Macros, say NO! Macros are programs that can run inside MS Office documents. They are very commonly used to spread viruses, malware and ransomware so stay away from Macros unless you are 100% sure of the source.
Stay safe on line and only visit reputable websites. For example, don’t just surf the web by clicking on a link that seems interesting. You know the stuff you are interested in so look for it on a reputable web site, don’t just follow links as they tend to spiral down through much less reputable sites.
When online, only visit websites with a padlock icon and green text in the address bar. The padlock means that the site is what it says it is.
Good looks like this;
Stay away if you see this;
Filter out the worst sites on the net using OpenDNS.
Make sure you have set a PIN code to unlock your phone. Without one, if anyone gets hold of your phone then it’s far too easy for them to steal your identify. Phones are easily lost or stolen, but a PIN code or finger print to unlock them stops this risk and it only takes a minute or two to set up.
Don’t install Apps from any non-official App Stores. Even if your friend says it’s safe, just don’t. For an App to be listed on the Apple or Google Stores it has to be shown to be secure and safe. If an app is not listed there, but is available elsewhere, then guess what? Its 99% likely to be insecure or even worse, designed to steal your personal information.
If you put all of these tips into practice and think proactively about security, the risk of anything happening is much reduced. But what about the past…? Has one of your password been compromised before? A good way to check is by using this website; https://www.haveibeenpwned.com
On this site, you can enter your email address and see if it’s been compromised in the past. If it has, change the password!
In fact after reviewing all of the above tips, I think they can be summed up with one simple statement; “Don’t be thick, think before you click!”
We would also add that it’s always important to make 100% sure you have a good working backup. There is always a risk of data loss, so back up regularly and test that you can restore. Just in case the worst does happen!
If you do need any help or advice with a similar issue, please give us a call on 01923 537247, and I or one of my colleagues would be more than happy to assist.
Written by Tom Mitchell, Managing Director