After one of the team had a personal data breach recently, we thought it would be good to share some tips for staying safe. Whilst not related to our industry, it's important stuff folks.
Recently, cyber security has come under intense media scrutiny due to the rapid development of cyber risks in both scale and number, and the degree of impact on individuals, governments and organisations. Most well-informed organisations now consider cyber security a business-critical issue, but what can you do to improve your security as an individual? Here are 10 tips that some of which you will hopefully find useful – and remember to pass it on to any friends, family or colleagues that you think could benefit from it too.
- Keep your email address secure
This should be your first line of defence. Think about what would happen if somebody had access to your email account – apart from being able to read your private messages, they would be able to reset passwords for any of your other linked accounts in order to access them. You might even be using the same password for other accounts – in which case they won't even need to.
You could also be alerted to impersonation attempts via your email – those annoying surveys to give feedback after you've contacted a company? If you've not recently been in touch it might be a signal that someone else has. You will also be notified of failed password attempts or anyone attempting to reset your password to any linked accounts.
- Choose strong passwords
It's recommended that you choose a password of at least eight characters in length. Never use a dictionary word or anything that could be associated with you such as a pets name or partner’s name. The strongest passwords to use are a series of random numbers, letters and symbols. It's advisable to have a different password for very account that you use, which could be problematic for some.
- Consider using a password manager
You will only need to remember one password for your password vault. Do your research and decide if this approach is best for you. Password managers have some of the best security resources available, however, it’s important to remember that if cyber criminals ever did manage to breach the data they will then have access to ALL of your passwords.
- Never respond to a suspicious email, click on links or open or download attachments
If in doubt, find a company’s email address or telephone number though a direct web search and take it from there. Spoof emails are getting better and better and, even if you don't enter any personal details, they can be used as a vehicle for distributing malware to your computer or devices via links or attachments. The sender’s real address can also be masqueraded to look authentic. If in doubt, report it.
- Keep anti-virus and system software up-to-date
Information can be stolen from infected devices. Software companies will release updates when new threats have been encountered.
- Use two-factor-authentication
Many companies are using it nowadays – including Banks, PayPal, eBay, Facebook and Instagram.
Some sites request a phone number and they will send you a code to log in with in addition to your password. Sometimes a little inconvenient, but not as inconvenient as someone else using your PayPal account! Facebook and Instagram use a similar process, where if someone attempts to log in from a new device or IP address you will need to authenticate it. If you've used social media in the past and deactivated, it may be worth a quick login to enable it – after all, reactivating your account can be as simple as just logging in again.
You might have also encountered 2FA with your bank – those little plastic login keys contain an internal clock that is synced with the bank's computer when you activate it. They both then generate new codes in sync with each other that you can then use to log in.
- Use a credit-scoring tool
You can stay up-to-date with any open accounts and also set up alerts to request that you log in if there are any changes to report.
- Don't keep the default password on any IoT devices
IoT is an acronym for 'Internet of Things', which include devices such as Google Home, Alexa and other smart devices. There's a publicly available website that you can use to locate any devices that are using default passwords. Enough said.
- Keep your telephone banking and other bank security up-to-date.
It's easier to set up new information than to reset it!
- Check if you've been pwned
'Have I been pwned' was set up by Troy Hunt, a respected Australian web security expert, known for public education and outreach on security topics. You can safely check if your email account has ever been victim to a data breach here https://haveibeenpwned.com/
If you have been breached don’t panic, change your email address password, password for the breached site and also any other sites that you might have been using the same password for.
Remember, if you think you've been hacked or have any other worries, get help and advice from a professional organisation such as Action Fraud or CIFAS.