If recent headlines are anything to go by, 2018 was the year of the data breach. Marriot, Facebook, Eurostar and Google+ are just some of the big global brands that had their customer data compromised. Its clear that cyber criminals are becoming more and more sophisticated about how they exploit online vulnerabilities whether for people and organisations.
When it comes to individuals, it’s certainly true that the ‘age of innocence’ for the average Joe is over. Today, it’s entirely up to you to protect yourself from fraudsters, malicious ransomware and spear-phishing. So what can you do to keep your data safe in this ever-changing threat landscape?
If you spend some time online over Christmas, whether shopping, playing or working, be mindful of our rules and take the time to think about your safety:
- You wouldn’t fit the same lock on your car, office and your home, because whoever has the key has unlimited access.
So you shouldn’t have the same password.
- You wouldn’t use a ‘desk drawer’ quality lock on your front door.
So you shouldn’t have simple passwords.
- You wouldn’t leave your most valuable possessions on the doorstep.
So you should try hard to protect what’s most important online.
A new era of internet fraud
If you’ve ever used any of the services below (or many like them) your personal details and even passwords may already be in the hands of fraudsters and criminals, because they were all hacked:
LinkedIn, Adobe, Dropbox, tumblr, Experian, Snapchat, Sony, Xbox, InterContinental Hotels (Crowne Plaza, Holiday Inn etc), Myspace, Dun & Bradstreet, Washington University, Home Depot, Equifax, Deloitte, Yahoo, Uber and Ebay.
Last year alone, 1.4 Billion more hacked credentials were discovered; the largest online resource yet for criminals. It’s up to you to prevent the information which you enter on one site being useful to the criminals who have them. But there are simple things you can do to make sure you’re properly protected the next time you’re online.
How to stay safe online: personally and at work
The only way to ensure your personal information stays safe, is never enter any online, but that’s impractical.
You can no hope that a good password will keep you safe. The old routine of remembering a few secure passwords is no longer good enough.
10 Steps to improve your online security
- Keep unique passwords
Never use the same password on more than one website or service. Otherwise, when hackers get into one site, your security’s blown elsewhere.
- Be proportionate
The more sensitive the information you’re protecting, the more complex the password should be and the more frequently you should change it. So, if any of your passwords are too simple, or under 8-10 characters, change them now.
Password123 or Company999, for example, must be changed for a longer phrase (preferably 12+ characters), which you can remember, or add to your password manager.
- Use a password manager
These create unique passwords automatically for each site you use. This means you don’t need to know (or ever see) most of your passwords.
- Use ‘Two Step’ verification
Use MFA (also ‘2FA’, ‘Two Factor’, ‘Two Step’ or ‘Multifactor’ Authentication) whenever you can. Combined with a password (which is ‘something you know’), these tokens (which are ‘something you have’) will hugely improve your security.
Just as your bank may text you to confirm a transaction, some social websites and services will text you a code when you login. They also use separate ‘Authenticator Apps’ to access the site. Use MFA whenever you can.
- Secure your mobile devices Make sure your smart phone or tablet has the most up-to-date security software and always exercise caution when it comes to clicking on downloads. If you’re buying apps, make sure they come from the trusted, official store and that you have read other reviews on them first. And when it comes to iPhones and iPads, never be tempted to jailbreak your device as it can leave it exposed to malware or hacking.
- Sign up to alerts
Services such as haveibeenpwned will alert you when your email address appears in a list of compromised credentials. Check your email addresses now, to see which of your information’s already been stolen.
- Don’t give information away
There may be no good reason to give your real date of birth or mother’s maiden name to social network websites? Why not make something up, record it and use that instead.
Is there a reason to share your views publicly? Check your social media settings and be mindful of what it may reveal about you in future.
- Install antivirus PLUS anti malware
We don’t believe that just one is enough. You can use a complementary product, like Malwarebytes. It’s also a good idea to use adblockers and other software settings to keep you safe.
- Downgrade your account
If you use a PC, your user account must never have ‘administrative access’ (the permission to install or change software). If it does then viruses, even delivered unknowingly from ‘drive by downloads’, can easily wreak havoc. Setup a separate user with ‘admin rights’ and change your everyday one so that it doesn’t has those unnecessary permissions.
- Be sceptical
Is that email really from who is says? Does the website have your best interests at heart? We’ve seen many examples of ‘spear phishing’ where the confidence tricksters won. You must be mindful that people and businesses can easily be impersonated. If in doubt, pick up the phone to confirm with them.
Need more help?
Merry Christmas and a Safe and Prosperous 2019