Women at UK tech company Sparta Global share their Top 10 security hacks for Cybersecurity awareness month in October….
1. Auto update software as often as possible
The world of software updates has significantly changed, with many system updates rolled out automatically. Auto-updates always seem like an inconvenience to do, but they are absolutely vital. They are there to protect you and close security holes as quickly as possible. Schedule those updates to complete overnight so you’re always up to date.
2. Using Anti-virus software is as essential as ever
Any software, paid or free, is worth having compared to having no protection. There are now a host of free anti-virus offerings that can be found with a quick search, and they will protect you from the most common attacks.
3. Passphrase not password
We all fall into the pattern of using passwords that are relatively simple and follow a pattern of various capital letters, symbols, dates, pets and names. Get into the habit of using a passphrase over 12 characters which with different letter cases, numbers and symbols could take up to 34,000 years to crack.
4. Opt for two-factor authentication for every account possible
Many online services and accounts allow for two-factor authentication, requiring extra information such as a short-life code emailed, texted or sent via an automated phone call so that, as well as your password/passphrase, you must input this code to access your account. A hacker would now have to gain access to two different sources: email or mobile phone with a much shorter time window to execute their attack. Two-factor authentication is a great deterrent and will push most hackers away due to the difficulty to overcome.
5. Beware when using public WiFi
It is easier than ever to connect to WiFi hotspots, and more and more retailers, cafes and restaurants offer WiFi connections for free, trusting that you sign up for something. Unfortunately, this sometimes leads us to hunt for spots we do not have to sign up for, leading to danger.
Some hackers utilise portable routers in busy locations and emulate the free router name. As an example, we may see ‘coffee_shop_name_wifi’ followed by ‘coffee_shop_name_wifi_FREE’, which requires no sign-up. This could be what we call a MITM (man-in-the-middle attack), where a hacker could unencrypt and store your internet calls while you go about social media or browsing etc., exposing details you would rather not share.
So, be extremely careful when connecting to WiFi hotspots and use your phone data where possible.
6. Review and shut down unused accounts
Every service or product asks you to sign up to access their services. Unfortunately, due to the regularity of having to do this, we accumulate a lot of accounts and tend to forget we opened them.
Many services may not be secure, have shut down over time, or in some instances, have been breached, and you may not have been informed. These services will have your email and password and leave you exposed. Ideally, we should close down accounts rather than simply unsubscribing from their mailing list.
A handy site to assist your search is https://haveibeenpwned.com/ which highlights whether your email address has been identified in any data breaches pushed into the public domain.
7. Educate yourself on Phishing scams
Phishing is a form of social engineering with the intention of stealing your data or credentials. Phishing scams have become increasingly elaborate and can have swift, devastating impacts.
Phishing scams can come from texts, emails and phone calls. The messaging, visuals, and language can be a completely identical copy of a particular service and may even contain some data that may lead you to think it is from your bank or delivery service. However, there are some tips and tell-tale signs to help you identify them.
Suspicious emails: Most emails sent by organisations are easy to emulate and, as already mentioned, could contain some primary yet accurate data. However, these emails aim to get you to click on a link leading to a fake site that will capture your data. Remember, it is infrequent for a service provider to send an email to ask you to log in via a link. Instead, they would merely ask, “please go to the main site and log in to review your messages.”.
So, to stay safe, NEVER click links from an email and access the service through their main login pages.
Check the web address (URL) in your browser: When creating a fake site, it still needs a web address, and as you can imagine, most services have a well-known address, such as www.bankname.com or www.bankname.co.uk. Most incidents relating to being compromised relate to clicking the link from a phishing email.
However, if you are sceptical of an email and you click a link accessing a fake site that is a mirror or that service, and they can be a perfect mirror, the best thing to do is check the URL in your browser. You may notice the address does not look accurate such as www.bankname.co.uk.lo/123abc or www.bankname1.co.uk.
If you have any doubt, avoid the email and links and type in the correct address to your service, log in and check your notifications on the official service you are using.
8. Reduce personal data on social media
We give away an exceptional amount of data on social media, such as kids’ names, hobbies, addresses, favourite teams and much more. Social media is the first place any hacker would begin to search for data on you. The less data they find, the harder it is to start guessing passwords, services, etc.
This data helps a hacker reduce their ‘attack footprint’ and potentially reduce the time to gain access to your services.
9. Avoid unexpected phone calls
Although most communications are digital, phishing attempts are still made via phone calls on a regular basis and can still be successful. In many instances, they will already have a great deal of data, and they need the last piece of the puzzle from your two-factor authentication to gain access.
A hacker may call pretending to be from a bank and asks for some of your keywords and then will mention that we will send you a code shortly to confirm it is you. These phone calls are an elaborate ruse to get you to hand over your authentication code but can be exceptionally convincing if they have gathered enough data on you already.
Remember, no service will call you and ask for these types of data unless you call them, and even then, the operators will never ask for an authentication code and will only read from data that you have given them. So, please feel free to hang up or not answer.
10. Apply a Second World War motto
Loose lips sink ships applies as much today as ever. We may feel safe in various public areas and social settings, but you never know who is listening. This type of phishing is most prevalent in companies and small businesses. Hanging around coffee shops, pubs and restaurants at regular haunts of staff members can yield a lot of information and leave companies vulnerable.
On the other hand, businesses should also do everything they can to protect customer data. For one, they should tick everything on their GDPR checklist for data protection compliance.