Being online these days, especially in the current environment when so many people are working from home and outside the protection of the company network, we all need to be extra vigilant that we don’t click on a link to malware.
This blog is going to go through a number of tips to keep you safe online.
TIP 1 – Install Updates. Application updates offer more than just new features, they also close off security faults that allow hackers to get a foothold in your system. Operating System security and feature updates do the same but at the operating system level. It is important to install updates as soon as possible.
My general policy is to install updates to Windows no earlier than 10 days after publishing. This is because of the many buggy patches Microsoft have been deploying lately. What’s worse – losing your system to a buggy update or to malware? Short answer is both. However, my recommendation is not to wait later than 10 days and on critical systems install them immediately.
TIP 2 – Connecting to Networks. The standing advice is to be careful when connecting to open WiFi networks. We blogged about this in ‘Using Free and Public WiFi Safely‘.
The standing advice is also to always ensure you use a secure https connection. In addition, and where possible, use a secure DNS service.
TIP 3 – Secure Your Passwords. We blogged about this in ‘Account and Password Management‘. The simple version is:
- Never reuse a User Id/Password pair –
- Always use a unique password, preferably at least 16 characters long with a mixture of upper and lower case letters with at least one number
- Use a Password Manager
- Use 2 Factor Authentication (2FA)
- Consider using Bio metrics.
TIP 4 – Look out for Phishing Emails. Social engineering is rife and I receive several such emails every week, some of which are very believable. Our guidance on Social Engineering is a good place to start to get the details on the precautions you need to take. In short:
- Look out for bad grammar and spelling
- Is the sender email address one that you would expect?
- Is there sence of urgency (e.g. click here to secure your account now)?
- Did the email go to Spam?
TIP 5 – Install/Turn on Anti malware Software. Windows has a built in anti-malware suite called Microsoft Defender that is switched on by default. You can also install third part software that does the same job and in some cases a better job depending on your environment. There are anti-malware apps for phones as well, but be careful since these are often not as functional as you might think. Best to research the app carefully before you install.
A lot of the PC based security suites also provide protection for Spam, Phishing, webcam access, Ransomware protection, enhanced software based firewalls, fake website detection. Some also provide integration with enterprise based solutions.
TIP 6 – Using a VPN. We blogged about how VPN’s work in ‘Virtual Private Networks‘ (t we are in the process of preparing an update to this guidance).
A VPN secures your connection to the Internet and provides some privacy protection from people on your own network. However, once you exit the VPN to the target website, you are in the clear and can be tracked.
The best use for a VPN is to connect to a secure network, for example your company network so that you have full access to the internal company services remotely as you would connected directly to the internal network.
TIP 7 – Data Breach Monitoring. There are various services, most of which are free, to log your email address with and then get alerted when that email address is disclosed in a data breach. The two that I recommend are:
These work by the owner loading the breached data into a central database which can be searched to see if your email address has been reported in a data breach. Sadly these services are limited to the data breach data they have been able to get hold of and load. Your email address and/or password may have been disclosed but not yet published on the dark net.
The best advice is to keep an eye on our Twitter feed, which will show links to articles on the known data breaches. If one surfaces where your personal information has been provided, then take notice of any communication from that company, but then always:
- Change the Password for that service
- If you have reused that password anywhere else (and you shouldn’t be) then change it there as well
- Be on the lookout for Phishing attempts and other social engineering attempts.
TIP 8 – Remove Redundant Accounts. For any accounts with a website that you haven’t used in a while, it is best to remove them by unsubscribing and requesting your data be purged from their systems – which should happen within a reasonable period.
If you have a mobile device (e.g. Laptop, Phone. Tablet) then make sure the onboard storage is fully encrypted. This is normally switched on by default, but older devices may require you to activate it.
TIP 10 – Firewalls. The main purpose of a firewall is to prevent unauthorized access to the network. This is typically provided by your Internet Access Point/router but will also be provided through your ISP’s network. In company settings this will be a dedicated service that is configured by qualified network engineers.
Windows has a default firewall as part of Microsoft Defender and most anti-malware suites have a firewall installed and enabled. Configuring a firewall needs some expertise. The majority of cases the firewall is set to some form of automated setting and will protect you from most threats. However this is going to be the subject of a future blog which is in preparation.
TIP 11 – Secure Wearable Devices. We blogged about this extensively in ‘Using Wearable Technology Safely – A Pocket Guide‘, so I don’t intend to go into this in much detail. Needles to say that anything wearable is actively monitoring you and is a treasure trove of information for any hacker.
TIP 12 – Be aware of Cyber-Enabled Financial Fraud – This is often refered to an Business Email Compromise (BEC) and is defined as a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly preform payments, including cross border payments. These scams have evolved to also target Personal Identifiable Information (PII) for employees of clients. These scams can also target individuals (e.g. real-estate purchasers, the elderly) by convincing them to make payments to bank accounts controlled by criminals.
There have been a number of high profile attacks where emails have been spoofed to come from the CEO asking for urgent fund transfers to be processed, or an fake invoice to be processed. This is as much a business issue as a personal one.
TIP 13 – Encryption. Always make sure your devices are encrypted and you use a secure encrypted HTTPS connection. Make sure your chat/video chat app has end to end encryption. However, there are downsides to full encryption which we blogged about in ‘Going Dark – The Problem with Full Encryption‘.
TIP 14 – Secure Your Router. We blogged about this recently in ‘Securing your Internet Router – A Pocket Guide‘. Your home/business router is the gateway to your online presence, so please take the advice in this blog about how to secure your home/small office network.
The above are just a few of the suggestions available to keep yourself safe when online. Our guidance pages have a lot more articles on:
- Authentication Best Practice.
- Combatting Cyber Attacks
- Internet of Things
- Precautions to take when Traveling
- Privacy related Issues
- Combating Social Engineering and related guidance
We also have a number of Glossaries that will help you to navigate the technical jargon around Cyber Security and Privacy issues.
As mentioned above, we also post on twitter about emerging threats which is a good place to go for the latest news.
If you subscribe to WordPress, you can also follow us there.
Headline image provided by ShutterStock