The world of cyber-security presents us with a tangled web of information. 2016 had its fair share cyber security tales and it’s clear that the hackers aren’t slowing down in their attacks.
In our increasingly paranoid online world, we are told what we can and can’t open, when and where we will be hacked, and how the cyber criminals are inescapable. Individuals and businesses are bombarded by the influx of guidelines on how to live their internet lives – but how can this information be filtered into something tangible for everyday use?
As we head into 2017, I believe that there is a world we can live in where security tips are easy to understand and timeless in their delivery. The 30 tips listed below aren’t exhaustive and some may seem obvious, but the simple rules are sometimes forgotten.
- Remove Adobe Flash – it’s not essential to have the free software on your desktop, so remove it to ensure better cyber security controls.
- Use robust passwords of 10 characters or better – passwords can be made up of any letters, words and characters; make sure your password is inaccessible to everyone but you.
- Do not store credit card info in your web browser – filling in credit card details can be time consuming, but dealing with credit fraud will take up even more of your time. Especially avoid storing your details with banking and online shopping sites such as Amazon and eBay.
- Patch & update all applications weekly – when an app is updated it usually means that a bug has been fixed. By updating apps on a weekly basis, cyber-attacks can be minimised.
- Consider using a password manager – coming up with original passwords and remembering them can be challenging. With secure password manager software, all passwords can be stored safely, and your log-ins will always be accessible to you only. One good example is LastPass as it’s secure and free.
- Make sure your IoT devices are updated – bugs and vulnerabilities will be fixed in updates. Don’t get left behind in the old version of the software!
- If you can’t update the device, you may have to throw it away – sometimes you cut ties with technology for your own cyber-safety.
- Protect open ports with firewall rules and VPN – the added layers of security will provide necessary protection across your network to safeguard against aggressive attacks.
- Never open attachments from people you don’t know – nobody knows what is lurking behind that email paperclip. It could be nothing, but it could be enough to attack your network.
- Don’t click on links from people you don’t know – links can be easily disguised and the destination may be hiding something that you’d rather not open your device up to.
- If the item online is too good to be true, it’s most likely a scam – finding the perfect bargain is always exciting, but if the price is worryingly low it may be more hassle than you planned for.
- If the CEO or CFO asks for a money transfer, verify on the phone or in person – your CEO & CFO wouldn’t normally need to ask you for a money transfer. If they do, ignore them. As Snapchat discovered, it wasn’t a company chief asking for money at all.
- Email is not secure, do not transmit credit card or PII data – email has major flaws that can’t always be protected against. Minimising the amount of sensitive information and data within emails is key to avoiding it ending up in the hands of the wrong person.
- Be careful when asked to enable macro content in an MS Word or Excel document – is it really necessary for you to enable macro content? Avoid doing this as much as you can; the warning is there for a reason.
- Use your BYOD, not your work computer, to look at personal email – it may seem easier to just check your emails on your work laptop during the day, but your personal emails do not have the same level of protection that your work email software does.
- Free Wi-Fi without VPN is asking for trouble – free Wi-Fi might be convenient, but it’s most definitely not secure.
- Good cloud services have two-factor authentication, enable it and use it – two factors of authentication make hacking more difficult.
- Don’t visit torrent sites offering free movies or TV shows, especially at work – the content on torrent websites is illegal, making the site criminal in itself. Engaging with this content is like opening a can of hacking worms.
- Microsoft never calls people at home or work, hang up – they aren’t real calls. Don’t fall for the oldest trick in the book and offer sensitive details to a fake person.
- If something seems to be changing your file extensions, shut down your computer and call IT – if you notice something unusual, call the people that are there to help you in these situations before it’s too late.
- Backup your pictures and documents to a hosted backup solution – by preparing for the worst, you are preparing for an increasingly likely future and making sure that everything that you need is in a safe place for when you need it.
- Research new IT products online to make sure they are supported and safe – look for reviews and check that other users have had a successful and safe experience with the products before investing into something that may be flawed.
- Let your bank and credit card company know when you are traveling – nowadays banks can tell if you are going abroad without telling them, by looking at your last transactions (flight bookings, hotel bookings).
- If you visit a website and it wants to install something say ‘no’ – why would a website need to install something for you to access it? Ignore all download options that come your way.
- Take a second look at the bank machine card slot – if it looks different or suspicious don’t use it. Throughout 2016, cyber criminals have remotely attacked cash machines in more than a dozen countries across Europe using malicious software that forces machines to release money.
- Talk to IT about encrypting your laptop – if your laptop is lost or stolen the possibility of a data breach can be eliminated.
- Looking for a new phone? Make sure it can be encrypted and remotely wiped – again, if the device is lost or stolen, encrypting it will minimise the damage by removing the chance of a data breach.
- Beware of using social media, especially if you work in accounting or payroll – stay off Facebook, Instagram, Twitter, LinkedIn and even Google+ when on work devices. The hackers are lurking in places you may not expect.
- Government agencies don’t ask for gift cards, bitcoin or money orders – if you get an email asking for these, trust that it isn’t the official Government asking for this form of payment.
- Did you know you can report cybercrime here? UK website can be found here , and US here .
Ian Trump, Global Cyber Security Strategist at SolarWinds
Image Credit: Den Rise / Shutterstock