Cybersecurity is vital now if we want to function normally now. A lot of shopping is done online (especially since the pandemic) and we use Google to find out almost everything. Technology is our greatest tool but it has also become an effective way for criminals to steal from people. My degree is in computing so here are ten tips to keep you safe online. These are both applicable for you or your business.
1. Password Management
Everyone knows the importance of having a secure password and using different passwords for different websites. However, how many of us actually follow the advice? It becomes difficult to track which password is for which website and then you keep resetting it and it gets frustrating.
Nevertheless, it’s important. If you use the same password and someone gets hold of it, they will try it on various websites and get as much data as possible, especially if they can get money from you.
This is the way I find most helpful. Generate a random password that means absolutely nothing to you. Or if it does mean something, change it up so that it’s letters and numbers. Once you have that foundation, you can alter it slightly for each website. Say for example you want your password to signify daffodils. You can change it so the base is something like ‘D4ff0d1llS’. Then you can alter it so that it's ‘D4ff0d1llS_2467!’.
Now to remember all of those passwords, you can have a password manager on your PC that has effectively a master key. A lot of people use this but my personal issue with it is that if someone gets into that, then they have all your passwords.
Some people have a physical password book, which isn’t recommended officially as if someone steals it, then again, they have all your passwords. However, you can try and write it in code so that if someone were to steal it, they wouldn’t know which password is for what. Plus, that book itself shouldn’t be carried around.
In terms of the password for your PC, you should change it every three months or so, especially in a business. It can be hard to think up new passwords so try to find a creative way such as three items on your desk, cities, countries, populations, etc. It can be better to change all of your passwords regularly but that can get confusing.
Passwords ideally should be at least 12 characters long, contain uppercase and lowercase letters as well as numbers and symbols.
Don’t forget, a lot of companies offer two-factor authentication which is always good especially for sensitive information. Not only do you need a password to get in, but they will also send a code to your phone, that you then have to input in order to gain access to your account.
2. Scam Emails
There are so many different types of scams around and there always have been but now more than ever it’s easy for criminals to send out an email and hope that 10% of people fall for it.
Often these scam emails will pose as a trusted company such as a bank or HMRC, to try and scare you into taking action quickly. It can also be an email that promises to offer something great. They work in different ways.
Most commonly now, these emails will have attachments. Once you open an attachment, it will try to download a virus onto your computer. It may not do something straight away but can sit dormant for a while until the attacker decides to trigger it.
Here’s my advice. If you get an email from someone you don’t know and the preview content doesn’t look relevant then ignore it. If it’s something important, the person will email again or will get in touch with you directly.
Scam emails are often structured in a certain way. They will avoid saying your name and if they do use your name, it’s clear to see where they have gotten it from (i.e. the start of your email address). There will also be information appearing relevant but that actually isn’t.
There are more obvious giveaways such as the sender’s email address. It may look like it is coming from a legitimate person but the actual email address will look suspicious. If you are suspicious, check it on an email address checking website such as https://tools.verifyemailaddress.io/.
Also, often if you look at how the email is actually sent ‘to’, it may show the sender's email or a long list of random addresses. That’s usually a clear sign that the email is not sent directly to you.
3. SSL Certificates
When going onto a website, check that it has the little green padlock in the URL bar. That means that it is a secure link and more likely can be trusted. Keep in mind that they are quite cheap to buy so some criminals do purchase an SSL certificate for their website. But it means the connection itself is secure and you can process payments securely, without interference. If a website doesn’t have one, then it’s best not to provide any personal information or make any purchases through it
4. Reviews
When buying from a website, take a look at other people’s reviews. Some smaller companies may not have this facility on their website, in which case, you might want to see what other information you can find out about them but most e-commerce websites do.
Some have fake reviews, where one or two users will say how incredible the product is. It’s hard to tell if reviews are genuine or fake, which is why a lot of reviewers also include pictures of the product they received. Facebook is also a great place to find people’s comments on a company.
No reviews don't necessarily mean that something is bad but it just means you need to be more cautious and accept the potential risk. Take for example you’re shopping on Amazon. You see a product with two thousand reviews at an average of four and a half stars. There’s a safe bet that the product is good and you get what you pay for. Now imagine there’s a product on there with a review of five stars but that is the only review. It could be that it’s a new company. Or it could be their own review. It’s just something to pay attention to.
5. PayPal
Paying online is a scary thing as you are giving your card details to a website and a website where any transactions occur, there will be people trying to intercept. There are companies like PayPal that offer more security so it can be better to pay using PayPal knowing that they have your details and are processing the payment rather than directly with an online company.
6. Saved Information
A lot of features online now let you autosave your login credentials and information. It’s really useful for not having to remember things and get into your account quicker but it does mean that if someone gains access to your device (whether physically or remotely), they can then get into your accounts. This is another instance when two-factor authentication comes in handy.
Certain passwords may be fine to save but card details, for example, might be better not to autosave. Yes, of course, the company will do their best to protect your information but it happens that data gets leaked and that people can get a hold of your details online.
7. Software updates
Software companies are always checking their products to make sure they are as secure as possible. They release patches regularly for when they find that something isn’t working as it should or that hackers have found a loophole. That’s why it’s important to check for updates regularly and apply them as soon as possible. It’s a never-ending game but it’s something that we don’t have to fight, we just have to apply the patches.
8. Antivirus
If you are tech-savvy then you may think you don’t need antivirus, which in a way is true. If you never go on a dodgy website by accident or you know exactly which software to download and which emails not to click on, then it’s unlikely that you will get a virus on your PC. However, in my opinion, it’s better to have just for that extra level of security.
There are paid versions of course, like Norton or McAffee but there are plenty of free options too such as AVG and Sophos. Paid versions do now usually offer a VPN which is an extra layer of security but it depends on what you think is best for you.
It’s important to note that you should only have one antivirus software running at a time as having two running simultaneously can cause it to be ineffective or cause your machine problems.
9. Email Accounts
Sometimes it can be good to have different email addresses for different things. If you have a side business, you should have a separate email account than your personal one. It helps to keep things more secure and also gives you the option of having another account that you can use if you aren’t too sure of a website. If you have a main Google account that is used for everything but you want to check out a website a friend recommended, then use a different email when creating an account for it.
10. Back-Ups
Again, this is something we all know of but seldom do. Back up any important documents or even everything on your PC/phone. If an attacker manages to download ransomware onto your device, they can corrupt everything and destroy whatever you have saved. That is how they get people to pay thousands of pounds; to get it back. If you have a back-up of everything though, they can’t blackmail you. You would get the device wiped and you would start again.
It’s a good idea to have two back-ups. One on an external hard drive and one in the cloud. Having two copies is better than one. You just need to make sure you back it up regularly.
Hopefully, you’ve found these tips helpful. If you have, please share with your friends and family so that they can enjoy the benefits of being cyber safe!