12 Top Tips for Cyber Security and Stay Safe Online

Cyber Security is increasingly important as more and more of our lives move online. These online security tips will help you stay vigilant.

Passwords

Strong passwords is important to secure your accounts online, and it is important never to reuse passwords. Passwords reused on different logins pose a terrible risk because, in the event of a data breach of one site, all other services that use the same password are also compromised. Hackers typically have a dictionary lookup, meaning a particular hash or encrypted value equals a given password. They can then try to log in to different sites with the email address (which most people use for multiple sites) along with the password in the hopes that the password is also reused.

For example, a data breach may reveal that a user has a hashed password of "5f4dcc3b5aa765d61d8327deb882cf99" (Not secure, I know, but it serves as an example). Hackers then look up this value in a table of known common passwords, encrypted and hashed versions, and develop the real password. No brute force is needed.

In addition to using a strong password, it is recommended to use two-factor authentication (aka 2FA or two-way authentication) where possible. Sometimes, the website or service will send you an SMS or email with a confirmation code.

Is your email and password safe? Website Have I been PWNED is a leaked database where you can check your email address.

Strong Passwords

What a strong password varies from person to person. Generally, though, they are eight characters or more in length and include a mixture of uppercase, lowercase, numbers and symbols. Strong passwords should not contain names or words as they are easy to hack, nor should you use number substitution (e.g. p@ssw0rd instead of password). These patterns are too common and are present in all the major password dumps. Instead, try a passphrase, taking the first letter of each word and substituting a few numbers in; for example, for the sentence "The quick brown fox jumped over the lazy dog", the password might be "Tqbfj0t!d". The sentence is easy to remember, but the resulting password is difficult to guess and is unlikely to be in a password dump. Just create a sentence you can remember.

Even better security can be had by using a password manager, such as 1Password, to store all your passwords and account details. 1Password is a password manager, digital vault, random password generator, form filler and secure digital wallet. It can securely store all your website logins in the cloud and make them available to any device you can use. The advantage is that you only have to remember one password - the master password - and you have no idea what the logins are for websites and other online accounts, as they can all be different and random. The password generator creates passwords such as "K6VNiefrH2&rt#ERw2!%C#Z_". Very difficult to remember, but also very difficult for hackers to crack.

My mother's maiden name is "JmDQAF"

Most websites, especially online banking, have a password recovery system that lets you recover your password if you've forgotten it. Usually, these systems allow you to answer some "security questions" before you reset your password. The answers to these questions need to be as secret as your password; otherwise, an attacker can guess the answers and access your account.

Randomness can be a problem since the security questions that sites often use are also things people tend to know about you, like your birthplace, your birthday, or your relatives' names, or that can be gleaned from sources such as social media. The good news is that the website doesn't care whether the answer is real - you can lie! But lie productively - give answers to the security questions that are long and random, like your passwords.

Cyber Security Biometrics

A note on Biometrics. Smartphones have had fingerprint sensors for a while now, but only recently have they been used to secure more than the lock screen. Many banks are pushing Touch-ID and Face recognition as a secure way to protect your account, but I strongly disagree with this. Fingerprint and face recognition are very insecure as they are easily fooled and do not require consciousness. Somebody could be rendered unconscious by several means. The phone can be unlocked, the banking app unlocked, and funds transferred out of the account. Just food for thought.

Safe Browsing Habits

Keep your browser software up-to-date. This is crucial, as new patches are often released to fix existing vulnerabilities in browser software. This recommendation doesn't apply solely to browser software - keeping operating system software and any other software you have up-to-date for the same reason is important.

Use HTTPS: The "s" in "https" stands for secure, meaning the website employs SSL encryption. Check for an "https:" or a padlock icon in your browser's URL bar to verify that a site is secure before entering personal information.

Avoid clicking links in an email, instant message, or social network unless you know the message is from someone you know. Cybercriminals have been known to hack into your friends' email accounts and social networks to send emails or post messages claiming they are in trouble and asking you to transfer money. Don't believe it if it sounds suspicious or offers something unrealistic.

Cyber Security and the Internet of Things

In the new age of the Internet of Things, hackers and other exploitative programs can deceive and infiltrate our personal data in all kinds of intricate ways. We must be acutely aware of these things to prevent a total collapse of privacy and intrusion. Smart TVs, Smart Thermostats, Smart Locks, Smart Bulbs, and Smart Fridges (notice a trend here?) can all leave your home or office open to hackers. Most attacks fall into one of two scenarios.

1. You haven't changed the default passwords and usernames - this is the first thing hackers will check because up to 80% of people will not do this.
2. Attackers will try and garner information from you to defeat security in a process known as social engineering.

Once an attacker controls your smart devices, they can cause you considerable physical damage and expense. Imagine if you were on holiday and someone could turn your NEST thermostat to a maximum 24/7 or turn your fridge/freezer off. Or worse yet, open your front door remotely.

Keep your IoT firmware up to date with the latest security patches and firmware updates.

Keep Backups Of Data

Always keep backups of all your data on the cloud, USB sticks, DVD, CD-ROM, or another backup device. This isn't just for protection against virus threats but also hardware failure, theft and ransomware. Imagine losing all your emails, documents, pictures, etc... I'd be lost without mine, so I back them up regularly and store them away from the computer. Have a regular backup schedule and stick to it; even if you copy important files once per month, it's better than not at all.

Attack of the BadUSB Devices

Be wary of any USB thumb drives or any USB device which seems to have been lost or left behind. USB devices can install viruses and malware as soon as they are plugged into a computer, so don't plug anything in if you are in doubt. Hacked firmware can also give USB devices new, covert capabilities, such as logging keystrokes or entering commands into the computer.

Cold Calls

Never download software or let anyone remotely log onto your computer or devices during or after a cold call. Scams like this work by informing you that your computer has a virus or other problem that must be fixed for a fee. They will ask you to download software which will give them access to your computer and files, after which they will install all kinds of viruses, malware, and trojans. Then, they will charge you to fix a problem they have created for you and often won't fix it. If you get a cold call from a computer support or repair company, hang up.

Wi-Fi Cyber Security

There are many, many open (unsecured) public Wi-Fi hotspots around. These are very, very bad. When you connect to one of these, any data you transmit and receive is unencrypted and easily intercepted by a third party. If you see an open, unsecured network, please do not join it. Just because the network name is "Starbucks Wi-Fi" doesn't mean it is an official Wi-Fi point.

Only connect to password-protected networks and obtain the password from a staff member. Sometimes, it is written around the bar or counter. This way, you know it is an official network, not just some hacker baiting you.

Before connecting to public Wi-Fi, turn off the airdrop and file-sharing tools and do not access confidential information such as bank accounts, mobile banking, or even Facebook.

Unless you trust the network provider, it is often best to avoid using Wi-Fi; instead, use 4G and tether to your laptop.

Software Updates

Always install your devices' latest security updates from Microsoft, Apple, or Google. The manufacturers usually find security vulnerabilities before hackers release an update and announce the problem to the world. Hackers are then quick to infect those who are lax when applying updates. The longer you take, the more at risk you are. Updates contain important changes to improve the performance, stability and security of the applications that run on your computer. Installing them ensures that your software continues to run safely and efficiently.

Anti-Virus, Spyware & Malware Scanners

Anti-virus software is important for any computer connected to the Internet. Viruses are rife on the Internet, spreading like a plague. Previously, a virus could only infect your computer if you ran an infected program. Still, in today's hi-tech web, your computer can be infected simply by visiting a website. I have never experienced this form of infection myself. Still, it can be avoided by using up-to-date anti-virus software.

Spyware programs monitor your Internet usage or copy your private data and passwords. Spyware is also notorious for slowing down computers. The anti-spyware software will remove these programs and, in some cases, stop them from being installed. Most commonly, this happens when you install software downloaded from the 'net; some untrustworthy programs will install spyware, as well as the program you want, without your knowledge.

Social Media Privacy Settings

These days, there are many opportunities to share our personal information online. Just be cautious about what you share, particularly regarding your identity information. This can be used to impersonate you or guess your passwords and logins. Take some time to adjust what gets shared and to whom. Social media is a goldmine for identity thieves. Remember and abide by these simple rules.

1. Have a strong password
2. Be careful with your status updates. You can use an audience-selector dropdown menu on Facebook to choose certain groups to see your status updates.
3. Don't reveal your location
4. Avoid posting specific travel plans. Never post when, where, or how long you'll be gone.
5. Wait until you are home to post pictures
6. Use the highest privacy control. Only let certain groups, like a family group, view your photos.
7. Avoid posting information including travel plans, address, birthdate, children's names, schools, and birthdates or your daily schedule

Remember, what goes on the Internet stays on the Internet.

Phishing

Cybercriminals have become quite savvy in their attempts to lure people in and get you to click on a link or open an attachment. These malicious emails can look like they come from your bank, an online shopping site, or even a government agency. They will notify you that your account has been compromised and that you should act quickly, or services may be terminated. Another common scam is an overdue invoice threatening legal action if you don't act quickly. In either case, there will be a link or an attachment which, once opened, will infect your computer with a virus. These are typically phishing attacks.

If you are unsure whether an email request is legitimate, try to verify it with these steps:

• Contact the company directly - using the information provided on an account statement, the company's official website or the back of a credit card.
• Search for the company online - but not with the information provided in the email.

Another form of phishing attack is spear phishing. Instead of casting a large net and seeing who they catch, spear phishing is highly targeted at an individual or company. It will mention you by name and appear to have come from your bank. They can do this because somebody has found out information about you and your online browsing habits through email or social networks. Ever vent about poor customer service at your bank on Twitter?

Ransomware

Ransomware is a type of malware that accesses a victim's files, locks and encrypts them and then demands the victim pay a ransom to get them back. Cybercriminals use these attacks to get users to click on attachments or links that appear legitimate but contain malicious code. Once clicked on, there are several things the malware might do once it's taken over the computer; the most common action is to encrypt some or all of the user's files, rendering the computer useless or preventing access to important files.

Ransomware can be highly sophisticated, and you can find your computer held to ransom in seconds. Even large companies and organisations can fall victim to ransomware attacks.

Key Things to Remember

1. Requests for information - genuine companies never email you asking for usernames, passwords, date of birth or credit card details.
2. Social Media - Do not click on links in social media posts, tweets or direct messages if anything seems out of the ordinary or too good to be true.
3. Use Strong Passwords - create unique passwords that can't easily be guessed. Avoid common words or people's names, and remember to change your passwords regularly. Do not use the same password across multiple websites.
4. Top Tip! Make sure your passwords are at least eight characters long, a mixture of upper and lower case letters and include some numbers too.
5. Data Compromises - If you have ever had data compromised with another organisation and you use the same password elsewhere, change both passwords and do not use the same password across multiple websites.
6. Keep security software current - Having the latest security software, web browser and operating system is the best defence against viruses, malware and other online threats.
7. Plug & scan - USB drives and other external devices can be infected by viruses and malware. Use your security software to scan them.
8. Enable filters on your email programs - Most internet service providers and email providers offer spam filters; however, depending on the level you set, you may end up blocking the emails you want. It's a good idea to occasionally check your junk folder to ensure the filters are working properly.
9. Think before you act - Be wary of communications that implore you to act immediately, offer something that sounds too good to be true or ask for personal information.
10. Lock down your login - Fortify your online accounts by enabling the strongest authentication tools available, such as biometrics, two-factor authentication, security keys or unique one-time codes.
11. Update - Install software updates as soon as they are available. Whenever you're updating the operating system or an application, the updates typically contain fixes for critical security vulnerabilities.

If you think you have been a victim of fraud, report it to Action Fraud, the UK's national fraud reporting centre, by calling 0300 123 20 40 or by visiting ActionFraud.