Naturally, for Neuways, Cyber Security Awareness Month is every month.
However, October is an important time for those of us in the industry to help you navigate the internet more securely, and help you use your IT more smartly.
The important takeaway from National Cyber Security Awareness Month is the three principles of Own IT, Secure IT, and Protect IT.
Adhering to these steps will help you significantly on the way to remaining secure, both this month and beyond!
Take responsibility for your own actions
Watch where you click
This means think before you click, wherever you are on the internet. Emails can be a notoriously dangerous place. Phishing, the impersonation of a trusted source, is the number one weapon of choice for cyber criminals.
Phishing emails are becoming notoriously authentic, so if you’re not careful, you could end up opening a malicious attachment that looks identical to a Word document you’re expecting.
You must also be careful which links you click on social media. Social media is largely a secure platform, so hackers will try to encourage you to go ‘off-site’ with provocative ‘clickbait’ links. Always look before you click.
APPearances can be deceiving
Be careful which Apps you install on your PC or smart device. Many apps, even on the App Store and Google Play, can be riddled with malware. If you’re considering downloading a less well-known app, then read some of the reviews beforehand, or do a quick Google search.
And finally – never download an app from a location other than from your official App Store of choice. These are not regulated by Google or Apple and can be particularly dangerous.
Review your privacy settings
Fortunately, thanks to GDPR, you’re able to control the flow of your personal data. As a subject residing in the EU, you can request the data a business holds on you.
Be careful with what you agree to, whether it’s cookies on a website or permissions when you sign up to a service – particularly when it comes to apps. If they’re requesting access to your microphone and/or media library, but the app has no functionality that requires this access, think twice about allowing it.
Make use of the many cyber security resources available
It isn’t easy to make up an entirely nonsensical password (and remember it).
Therefore we often create passwords with certain patterns in mind, purely to be able to remember them when we want to access our accounts with ease. We wrote about the UK’s most hacked password earlier this year, which illustrates this.
However, you should be creating passwords that do not have any personal information (and even better – complete words that appear in the dictionary). Criminals can use ‘dictionary attacks’ that flood login pages with thousands of dictionary words all at once, hoping to gain access to their desired account.
This is where a password generator comes in – they’re designed to help you create an entirely randomised password that is far more secure than the current one you use. You have to be careful with the website you use to generate your passwords because they aren’t all secure.
In this instance, I have used the Neuways Password Generator – a tool we created ourselves and because of that, we can endorse its security. As you can see, it generated a password using a combination of numbers, lowercase, uppercase, and ASCII symbols – entirely random.
To test its strength, I ran it through our Password Strength Checker – it would take 117 trillion years for this particular password to be cracked. Not bad!
To be super secure, you should generate a different password for every single account that you use.
This can make it difficult to remember all of your login details – virtually impossible in fact – which is exactly the point.
To get the best out of a password generator, try using it in conjunction with a password manager. A password manager is a service that stores all of your passwords in a high-security central database.
Obviously, the merit of a password manager depends on the strength of your password for your password manager, so make sure that you’ve generated a highly complex, lengthy password for it.
Whilst on the face of it, a password manager might seem a risky concept – all of your passwords neatly organised in a single place – it’s far more secure than using the same weak, predictable password for all of your accounts.
And in any case, good password management services rely on their reputation, so their security is impeccable.
You’re even able to implement Single Sign On (SSO) with certain password managers. This means that you only need to log in to your password manager once, and it will automatically log you in to all of your accounts that are registered with the password manager.
Passwords are just the beginning, however. If you’re serious about remaining secure, you need to enable multi-factor authentication (MFA).
The principle behind MFA is that you are securing your password with (at least) three layers:
- Something you know (password).
- Something you own (authentication code via email/mobile).
- Something you are (biometric login such as fingerprint recognition).
MFA is now an industry-standard cyber security tool that you’ve probably come into contact with at some point. If you use mobile banking, for example, then you’ll often find that in order to make payments to new recipients, a password is required, perhaps even a fingerprint login, and possibly a confirmation text too.
Enabling MFA on all of your accounts is a surefire method of keeping secure on the web. It might seem, on the face of it, that it’s an extra step that causes annoyance.
However, a criminal can guess your password. They can steal your mobile. In extraordinary cases, fingerprints can be cloned, though it’s unlikely. For all three factors to be compromised? Virtually impossible!
Sometimes when you subscribe for an account, you’re asked to give information for security questions.
This might be your mother’s maiden name, or perhaps the city you were born in, or even your favorite football team.
This is not the most secure way of ensuring your account remains uncompromised, but we recommend that you answer the most obscure questions with the most obscure answers. Perhaps even make them up!
With the advent of social media, it’s incredibly easy to find out this sort of information, purely by viewing your profile and/or social posts.
With this in mind, be very careful about the type of information you share both in person and on the internet – perhaps even make your profile private too.
You never know who knows what about you.
Be responsible for using cyber security tools properly
Apply all the latest updates
System and software updates can be irritating. When you load up your PC, you typically want to get on with whatever you were planning to do. Having to download patches, restart your PC, and wait for those patches to install can be a chore.
And this is true. However, failing to apply these updates is the equivalent of not using any sort of antivirus security or network security at all! Hackers (both ethical and malicious) find exploits every other day – and companies apply these updates in order to keep up with the exploits.
Let’s not forget, the reason that the WannaCry ransomware attack caused so much damage to the NHS was because of out-of-date operating systems.
Mobile app updates are just as important – and it’s incredibly easy to forget to update them. So, next time your PC is installing updates, take the time to make a cup of tea and know that they’re there to keep you safe.
Public WiFi hotspots can be wonderfully convenient. They’re also really dangerous places for you to operate, if you’re not careful.
They’re often set up in places of great need for the public, whether it’s a recreational spot such as a coffee shop, or an airport where swathes of people pass through every day.
Criminals use unsecured WiFi to their advantage in all sorts of ways, including the notorious “Evil Twin” Method. This is when a hacker mimics a legitimate WiFi network, tricking your mobile or other device into automatically connecting to it. This allows the hacker to harvest everything you do on the network, including personal data.
Never do confidential activities, including mobile banking or anything related to work, on unsecured public WiFi.
Even if you’re on a password-protected WiFi network, you’re not 100% secure. In this case, use a VPN, if you must do business or banking. This is a ‘virtual private network’, and provides a secure direct tunnel to your business’s network.
Neuways has put together a Secure WiFi Hub, informing you of the most common types of threats you’ll find on public WiFi. You might be quite surprised!
These are just a handful of tips you can use to increase your security this October and (hopefully) beyond!