Date published: 18 October 2022
+Date updated: 06 January 2024 | Date published: 18 October 2022
Cybercrime is constantly on the rise; make sure to keep yourself, your business and your customers safe by following the tips in this blog.
-By following good cyber security practices, you can enjoy a safe and secure experience both online and offline.
+By following good cyber security practices, you can enjoy a safe and secure experience both online and offline.
Click on any image to view a larger version.
@@ -117,23 +117,23 @@Be Careful With Your Passwords
Do not reuse passwords across multiple websites!
-Do not store passwords on spreadsheets, emails, hard drives, or on paper. Instead, use a password manager such as LastPass or Dashlane. Password managers are simple, secure and convenient to use. Both of these platforms include a free plan which allows you to store an unlimited number of passwords.
+Do not store passwords on spreadsheets, emails, hard drives, or on paper. Instead, use a password manager such as LastPass or Dashlane. Password managers are simple, secure and convenient to use. Both of these platforms include a free plan which allows you to store an unlimited number of passwords. Once you have stored all of your passwords in the password manager, go through your notes and emails, and delete any that contain passwords.
-Do not share login information with others.
- -For each account, create a strong, unique password. A strong password is at least 16 characters long, consisting of a random combination of uppercase and lowercase letters, numbers and special characters (such as @, #, _, -, &, *, ^). For some interesting stats, download the famous Hive Systems Password Table which illustrates how long it takes for a hacker to brute force a password in 2022.
+For each account, create a strong, unique password. A strong password is at least 16 characters long, consisting of a random combination of uppercase and lowercase letters, numbers and special characters (such as @, #, _, -, &, *, ^). For some interesting stats, download the famous Hive Systems Password Table which illustrates how long it takes for a hacker to brute force a password in 2023.
Where possible, set up 2-factor authentication, or 2FA (also known as two-step verification). This adds an extra layer of security to your account because the access requires 2 forms of identification (the password and a security code). The most common form of authentication for 2FA is SMS verification, which involves sending a text message to your phone containing a unique security code. As well as your password, you would need to enter this code into the website to gain access to your account. Never share your security code with others.
When setting up 2FA, you should also create a backup method to access your account if you lose your phone. This is usually in the format of a recovery code. Please store your recovery codes in a safe place such as in a password manager.
+Do not share login information with others.
+Manage Permissions Wisely
If your organisation hires employees or contractors, each user will need their own, separate login for each account. Logins should not be shared between users. Remember the "Principle of Least Privilege"; that is, don't automatically grant all users admin permissions. Instead, provide each user with the lowest level of access required to perform his or her job effectively and keep the number of users with admin permissions down to a minimum. Delete logins for users who no longer work for your organisation.
Protect Your Data and Others' Data
-Lock the screen when away from your computer.
+Lock the screen when away from your computer or laptop. If possible, enable the encryption feature on your laptop. BitLocker is available for Windows, and FileVault for Mac.
Do not store personal data for longer than it is needed.
@@ -144,13 +144,13 @@Protect Your Data and Others' Data
Here are a few options for cloud backup solutions, all of which offer a free plan for a limited amount of storage space:
-
-
- Google Drive -
- Dropbox -
- IDrive -
- MEGA +
- Google Drive +
- Dropbox +
- IDrive +
- MEGA
Have an incident response plan in place and in the event of an incident, notify the relevant parties immediately.
+Have an incident response procedure in place and in the event of an incident, notify the relevant parties immediately.
Beware of Spam
@@ -178,17 +178,17 @@Learn How to Identify Scam Emails and Texts
Look at the email address of the sender. If the domain (the part after the @ sign) doesn't match the company it appears to be coming from, then it's fake.
-
+ 
Read the email carefully and look for spelling, punctuation and grammar mistakes.
-
+ 
Look out for the generic "Dear customer" greeting.
Learn how to spot deceptive links. Do not click on links; instead, hover over the links and buttons to check if the links are genuine:
-
+ 
If you receive a suspicious email, report it as Phishing via your email program and delete it immediately. You can also block the sender to avoid receiving further emails from this sender, however, this is usually ineffective as scammers constantly change their email addresses.
@@ -198,27 +198,27 @@Practice Safe Browsing Online
A fake GOV.UK website:
-
+ 
The genuine GOV.UK website:
-
+ 
Do not enter sensitive data (e.g. contact information or credit card details) on insecure websites. To check if a website is secure, look at the address bar of the browser. The web address should begin with https:// and display a padlock symbol next to it.
Use common sense when shopping online. If prices look too good to be true, proceed with caution!
-When away from home or your usual workplace, do not connect to public wi-fi networks. These networks are usually unsecured and do not require a password to be accessed. Instead, use a VPN (virtual private network). A VPN provides an extra layer of security by hiding your IP address and sending/receiving data through an encrypted "tunnel", so you can browse the Internet securely and anonymously. Consider choosing a service such as NordVPN.
+When away from home or your usual workplace, do not connect to public wi-fi networks. These networks are usually unsecured and do not require a password to be accessed. Instead, use a VPN (virtual private network). A VPN provides an extra layer of security by hiding your IP address and sending/receiving data through an encrypted "tunnel", so you can browse the Internet securely and anonymously. Consider choosing a service such as NordVPN.
If you are accessing your accounts on a public computer, do not leave the computer unattended and always log out when you finish your session. Some websites can save your username or email address to make logging in faster - do not check this box if using a public or shared computer. Below is an example of a warning on an online banking site:
-
+ 
Ensure That Your Website is Secure
-If you manage your own website, install an SSL (Secure Sockets Layer) certificate on your website. When a website has an SSL certificate enabled, the web address will begin with https:// rather than http://, and the browser will display a padlock icon in the address bar. A secure website builds trust and reassures your customers that their data is safe on your website.
+If you manage your own website, install an SSL (Secure Sockets Layer) certificate on your website. When a website has an SSL certificate enabled, the web address will begin with https:// rather than http://, and the browser will display a padlock icon in the address bar. A secure website builds trust and reassures your customers that their data is safe on your website.
-Most website builders provide an SSL certificate for free, so you would not normally have to worry about this. However, if you are using WordPress or another content management system that does not provide one, you can obtain a free SSL certificate from Let's Encrypt or purchase one from your domain provider.
+Most website builders provide an SSL certificate for free, so you would not normally have to worry about this. However, if you are using WordPress or another content management system that does not provide one, you can obtain a free SSL certificate from Let's Encrypt or purchase one from your domain provider.
Additional tasks for WordPress users: make sure to update your plugins, themes and core WordPress files often (I recommend checking once a week). Updating your WordPress site helps to keep it protected against security threats and vulnerabilities.
@@ -227,13 +227,13 @@Stay Informed
There are many resources available online to help you stay up to date with the latest cyber security issues and tools to reduce your cyber risk. Here are a few to get you started:
-
-
- National Cyber Security Centre (UK) -
- European Cybersecurity Month (EU) -
- National Cybersecurity Alliance (US) -
- The GCA Cybersecurity Toolkit for Small Business -
- Action Fraud -
- Which? Consumer Rights: Scams -
- Have I Been Pwned? +
- The National Cyber Security Centre (UK) +
- European Cyber Security Month (EU) +
- National Cybersecurity Alliance (US) +
- The GCA Cybersecurity Toolkit for Small Business +
- Action Fraud +
- Which? Consumer Rights: Scams +
- Have I Been Pwned?