The Dos and Don’ts to keep your devices and data safe
Cybersecurity firm Symantec estimated in its 2016 report on internet security threats that researchers across the industry found more than 5,500 new vulnerabilities in 2015 alone.
- Rule One.
Don’t think it won’t happen to you.
- Password Policy
Don’t use the same password twice and don’t create work passwords that are similar to your personal ones.
If someone hacks your home computer, they may try your username and password against any online accounts you may have – and get lucky!
In December 2016 the usernames and passwords of TalkTalk customers were offered for sale on the dark web. TalkTalk denied a security breach because in truth they hadn’t had one.
It was discovered that a mail order catalogue company in the North of England had been breached and the hackers had tried the username and passwords against banks and telephone companies.
Best practice suggests users should be reminded to change their passwords every 90 days. All passwords should (where the system allows) have UPPERCASE, lowercase, numbers123 and a symbol*. Passwords should have a minimum of 6 digits and ideally 8 – 10.
And if you have mentioned in your Facebook profile that you were married in Guildford in 2014 Don’t use Username = firstname.secondname and password = Gu1ldf0rdWeDD1ng!
Ideally you should be using a Password Manager where the passwords are encrypted and stored in the cloud. Password Managers also offer a generator so you can have a different, strong password every time you visit a site.
- Sophisticated Email Threats
Do check authenticity of any ‘Urgent requests’ from senior people because spear-phishing attackers research information before sending requests for urgent action as though they are a member of your senior executive.
An example would be an email pretending to be from your finance manager addressed to your accounts email address saying “Hi. I desperately need the financials for the last three months and can’t log in. I need them in the next 10 minutes for a potential new project. No phone signal here currently so please just email. This is urgent. Thanks for your help.”
If the attacker does get a reply they may follow it up with a request for credit card details as they pretend to purchase a chair or desk for their home office.
The attacker usually sets up a domain very similar to your own and a mixture of scan reading and our willingness to help could be our downfall – so Do be careful.
- Social Media
As people are increasingly using social media as a work tool e.g. LinkedIn, Facebook and Twitter, there are increased opportunities for cybercriminals to attack.
All employees must be very careful of unsolicited invitations to link/follow/befriend and have a default position to say No. Don’t take risks just to gain a new follower.
- Shut Down
It’s lunch time. You’ve never felt so hungry. You want nothing more than to run to your favourite eatery and tuck in. Wait! Before you leave, Do log off from all those apps you’ve got running. It’s hard to know who’s going to pass by your desk or who’s trying to hack in to your system.
Or if the server should shut down unexpectedly any open files may get corrupted. And at the end of the day it’s best to shut down not just log off. It’s saving power and you’ll get your software updates.
Uptime is great but a regular reboot helps your computer get up to speed as some updates require a restart.
- App Downloads
Don’t download personal recreational apps like Angry Birds to any device that will communicate with your office network.
There are over 1,000,000 high risk apps out there which could compromise your computer and communications network. But if it is a work app that gets compromised, you won’t be held responsible.
- Text Messaging
Don’t be tempted to click on links in texts because if you do you could spread the malware or phishing scam through your mobile back to your office network via Outlook or to other mobile devices via your address book.
- Web Browsers
Most people are still using Internet Explorer or Safari for browsing. They’ve come on in recent years- especially Internet Explorer. Still, our recommendation is Do use Google Chrome as your browser as it’s been hailed as the most secure.
- Public WIFI
Should I use public WIFI? The short answer is no.
This is because your activity in web or email is taking place over an unencrypted connection. Websites such as Facebook and Twitter encrypt your data but many don’t.
So, Do use a VPN (virtual private network). This encrypts your connection by connecting to a secure server in the middle. You can build your own but it’s easier to use a VPN service. Search around for the best.
- Untrustworthy Sites
It’s easy to surf far from the shore when you’re online and find yourself on some pretty dubious – if not infected – sites. Do stay on familiar ground – at work and home.
- Internet Connection
Do you need to be connected to the Internet all the time?
You are probably thinking “Yes!” but hackers prefer always-on connections so Do turn off your connection once in a while.
For advice on any of the above call 020 8663 0077 or email firstname.lastname@example.org