In the wake of the TalkTalk hacking drama here are some tips to keep you safe online
This week TalkTalk has become the latest victim of a spate of sophisticated cyber attacks, underlining how businesses need to work harder to protect their data and that they are now so vulnerable that it’s no longer a matter of will they be hacked but when.
Online security breaches are all too common, but the good news is that you can take some easy steps to keep your business safe online:
1. Protect your password
Treat your password like your front door key. Nobody would be silly enough to hand their house keys to a stranger or to leave the front door wide open while they pop to the shops. Keeping a password on your monitor is just as daft. In a world where the average individual has 10 passwords or more we are all guilty of writing them down somewhere. However, what 99% of us don’t do is to encrypt them in a way that is only familiar to us, or to write down clues that help us recall a password.
If you are never going to get round to this vital housekeeping chore then you can always enlist the help of an online password manager. There are many to choose from, such as 1password, LastPass and KeePass, there are others too, but make sure the one that you plump for is secure and reputable.
2. Avoid kamikaze laziness
A recent survey by Telesign showed that two thirds of us use the same password for all our accounts, in my opinion this is nothing short of kamikaze laziness. If you want to keep hackers out of your life have a password for everything, and never use the same password for your bank account as you do for your g-mail account!
There can be no substitute for creating complex, unique passwords that are frequently updated. Nearly half of those in Telesign’s survey hadn't changed their passwords for over five years! I would strongly advise changing a password every 6 months, or at least every year. Also, never reuse old passwords or up-cycle them (password1, password2 etc.)
People continue to make some incredible password howlers. For example, “123456” was one of the most popular passwords used last year. Also in the top five were 'qwerty' and ’password’!
Create unique, long passwords of eight characters or more, using both upper and lower case letters, numbers and symbols, and change them regularly. Avoid using easily identifiable information, such as your birthday, or the name of the street you live in.
Remember, made-up phrases using punctuation and numbers for letters could help you remember them - such as '!d0g5lykD3n7i5t5!' for 'Dogs like Dentists’. It has been estimated that it can take up to 2 years for a hacker to crack a complex 8-character password.
3. Always check URLs
Creating a fake web page is an easy way for hackers to harvest usernames and passwords. Cyber fraudsters have steadily become more skilled at making fake pages look like the real thing. So, how do you know when you are on a fake site?
Firstly, you need to make sure that URL you are on is not a fake one. Whenever possible avoid clicking on random links, and if you are not sure of the site then bail out.
I have seen some pretty convincing sites that have some tell tale signs that revealed they were not genuine. For example, a landing page that looked just like my bank’s, but with many words spelled wrong! A quick look at the URL bar at the top of the page revealed that there was no green padlock symbol, which shows that the page is secure. You should normally see this symbol on all financial sites.
Don’t forget, the most secure way to open a website is to encrypt your data by using https:// at the beginning of the web address.
4. Physically protect your devices
Devices hold all the personal information that would be useful for hackers so people should physically protect them with pass codes and keep them safely locked away. And, when upgrading to a new mobile phone, personal data should be wiped before it is thrown away or recycled.
When upgrading to a new phone, remember to wipe data off your old device. Disposing of mobile devices such as smartphones and tablets is now happening as frequently as every 18 months. Unfortunately, too many people simply dispose of their mobile devices with little thought about how much personal data their devices have accumulated. Remember to ‘wipe’ your device using the factory reset and bear in mind that SIMs & External Cards store details as well. Either use the old SIM in the new device, or physically shred or destroy it to prevent someone else from getting your personal data.
5. Don’t get caught in a hackers ‘phishing’ net
Downloading attachments provides an open door for hackers so you must weigh up whether your click may lead to a 'phishing' site that harvests usernames and passwords, or whether you may be about to download a virus or malware (malicious software).
All our personal data, such as credit card details, date of birth and name and address have a value on the black market and can be sold for a great deal of money – so hackers will continuously target suppliers and find the weakest link into their network to get at this information.
Whichever way hackers get to your information through a supplier it’s up to you to take your own security seriously. I personally would recommend setting up a bank account and card that is used only online – keep this in modest funds and if you are successfully phished then the damage can be safely contained.
6. Use antivirus software and firewalls
Protection software is widely available and you should choose a reputable programme to scan emails, monitor files, and protect you from dangerous downloads. Thousands of new viruses are discovered every year and the better antivirus software automatically updates on new threats as they happen.
7. Take care with public WiFi.
We have all grown accustomed to logging on to the internet whenever we have the opportunity, and are happy to do this in locations like shopping centres, restaurants and hotels.
We may feel safe enjoying the free WiFi along with our cappuccino and paninni but this is one scenario where we are at our most vulnerable. Hackers can set up fake networks and use unsecured public WiFi zones to target people using mobile devices.
Just to be extra secure I would recommend never sending or receiving sensitive information in locations like this. It’s also probably best to ask an employee for the password of their WiFi and to stick to well-known providers such as BT OpenZone.
8. Beware of 'free' apps
Most of us can’t resist a free app when it’s on offer. However, they are a well-known route for hackers to get at personal information, by means of loading spyware onto devices. Access Trojans (ATs) are usually downloaded invisibly within a programme and perform actions similar to legitimate software.
Before installing apps always check ‘permissions’ to make sure they are not asking for information that’s just too personal. For example, a game app should not have access to your contacts list or your network info.