Did you know that it’s nearing the end of Cyber Security Awareness month?
We thought that this would be a good time to start a series of blog posts to help keep cyber security awareness high and discuss the common threats and steps that can be taken to help mitigate them.
Hacking and malware have been around since the dawn of computing. Initially, malware was written ‘just because it could be’ and was designed to disrupt users’ systems and delete data. This then evolved over time to systems being silently compromised and data being exfiltrated without users’ knowledge. Today, this has further evolved into multinational gangs encrypting users’ data and then demanding ransoms to give back access – it is not just big corporates being targeted, it’s everyone!
With the increase of these threats and the challenges posed by an increase in home working, it is more difficult than ever to stay secure. In this article, we will discuss several things that all users can do whether at work or home to help keep their data secure.
Passwords & Authentication
We use passwords to secure almost everything; this is the simplest form of authentication in order to get to your data. Having a difficult, hard to guess password will prevent many common attacks. Below, we have a number of points to consider when choosing a password.
- Never disclose your password to others or share passwords. Others may write it down, put it into fake webpages, etc. Your password is for you alone!
- Never write down passwords. If you lose the record, others may well find it and compromise your data. Many people use similar passwords across multiple websites. This means that if you lose one password it can be used to access many sites.
- Do not use the same passwords for home and work. If either are compromised, it won’t take long for the hacker to work out who you are, where you live, and where you work using sources such as Facebook and LinkedIn among others.
- Do not use passwords containing personal information or that are too easy to guess (again, it is easy to work out personal information from social media sites).
These are examples of what to generally avoid when creating a password:
- Simple to guess passwords such as ‘Password1’
- Passwords containing names, dates, sports teams, etc.
- Simple words
- Predictable keyboard sequences:
- Your child’s name
DO, however, use a combination of characters. Passwords should involve a character from at least three of the following groups and be at least 12 characters long:
Consider using pass phrases rather than single words, such as: I1Like2Climbing3Mountains!!*. You should also consider using four random 3 letter words (and some numbers and punctuation). A common misconception is that spaces are not allowed in passwords – this is not true!
- Enable two factor or multi factor authentication. This is the type of authentication used by banks and now more widely across the Internet and is based on the principle that you gain access to systems using something you have and something you know. In general, the password is something you know, and your mobile phone is something you have; so in order to log on, you’ll need to remember your password and then type in a code sent via SMS or click an accept button within an app to prove that it is you logging on. For example, even if you have typed your password into a phishing email, or somebody has guessed it, they will still not be able to log on as you because they do not have your mobile phone. This is one of the best ways to enhance your cyber security!
- One final consideration is to use a password manager that means all of your passwords can be completely different. The end result is that you can have passwords which are 15 to 20 characters long and completely randomised which you don’t have to remember as the password manager does that for you. You just need to ensure that you have one long and complex password that you will remember to access the password manager – again, utilising two factor authentication is a good idea as this will contain all your precious passwords! Another advantage to all the passwords being different is that if one is compromised, it will not give access to all the different websites you use.
Other methods of accessing your data involve security flaws in your mobile phone, your computer’s operating system, or the applications running on it. To help avoid this, ensure that you always apply the latest updates soon after they are released so that your computers, phones, and applications are up to date with security patches. It is also best practice to uninstall old programmes that you no longer use.
It is always best to log onto your computers with an account that does not have administrative rights. Although this is less convenient, you can have a separate account that can be used to install software when required. Working like this means that if any malware affects your machine, or you click on links in webpages that try to infect your computer, the consequences are likely to be less serious because they will run in the context of a standard user rather than an administrator that has full control of your machine.
User awareness of cyber security is another great way to ensure you stay safe – whether it’s your work colleagues or your family, having awareness of the common attacks can help you avoid them. This will be covered further in a later blog, but the key piece of advice here is that when you receive emails or texts that seem too good to be true, that you’re not expecting, or that require you to do something urgently, then treat them with a healthy dose of suspicion!
If you would like to discuss ways to help improve your security please Contact Us