With many people working from home and internet usage up, online safety should be a priority for everyone. Hackers, phishers, malware and viruses are everyday hazards that everyone faces and everyone should be aware of.
Remote access, video meeting and online collaboration platforms mean that many more people are having to use new platforms that require digital accounts. This often entails installing software or from using a web browser that requires logging in via a new setup or by using an existing credentials like a work account or webmail account.
To this end we would like to pass on some tips and recommendations that our IT department have put together to help us in this unprecedented time.
The first thing we recommend is ALWAYS USE A STRONG PASSWORD. Don’t use the same password across multiple apps and websites. Don’t use family names and dates in your passwords. Many hackers and phishers will search social media websites to build up a profile of you, gathering family member names and dates and even pet names. This information forms their database for cracking your password and even stealing your identity.
When choosing a password substitute numbers or symbols for letters. For example: E becomes 3, L or I can be 1 or !, 5 for S and so on and so on. Once you have a good password add a string of numbers to the end of the password (but don’t use birthdays!). Remember, the longer your password, the harder it is to crack.
Many sites and apps now enforce a strong password policy and more often than not, these apps/sites will offer 2-factor authentication.
Previously you would have to use an app on your phone to generate a code for use in 2-factor authentication but now having a code sent to you via email or SMS is the norm. In the case of both Android and IOS you will receive a screen prompt notifying you and asking you for access. With other sites/apps that give you an option, SMS is preferred as it notifies you instantly that you or someone else is trying to access your account.
As passwords are increasingly required to be strong and quite complex, there are password managers that you can use. These can be used for both generating strong passwords as well as remembering them.
Again both Android and IOS offer this functionality and in the case of Android/Google, this can carry across in to the Chrome web browser (as long as you are signed in to the same Google account). The problem with both of these is that they are platform dependant so not ideal for every scenario.
There are third party apps that offer full functionality across all platforms. These will have apps that work on practically all devices, as well as having web browser plugins for all popular browsers on both IOS, Android and Windows.
You will need to remember one master password (so make it a strong one) to access the service but once you are in, it will generate and remember every password you will ever need.
The two password managers we recommend are StickyPassword and LastPass. Both have a long and secure history and both have free and paid options. As well as remembering passwords these apps also have additional functionality like saving secure notes and even credit card details.
These are the most common type of ‘scam emails’. They will ask you to confirm things like your password to a particular website, banking details and personal details. You should never give these details unless you 100% sure that the site you are asked to visit is a real website. For example do not be fooled by sites that have an address along the lines of ‘barclaysbank.dodgysite.com’. When in doubt always call the organisation in question and never give your details to a site you are not sure of.
Thankfully if you are using a web-based email service like Gmail or Hotmail, most spam and phishing emails are picked-up automatically and warnings are given when you open them. But for emails that aren’t picked-up always check the from address to ensure it is from the same organisation that it claims to be sent from.
If you are not sure then find the option in your email client to ‘get info’ or ‘show original’. This should show you how the email was sent, where it came from as well as all of the associated security information and how the email was signed.
If you are asked to use a particular software for a task do a web search to ensure it is valid and that there are no security issues with it. Ensure that you are downloading it from the creators site and not a third party site. If you do find any issues make sure you have informed the requester that there are issues.
Don’t forget by installing a program or by giving a site permissions in your browser, you are giving it access to your computer and the data stored on it.
Be safe Online
When web browsing always ensure the URL in the address bar matches to the brand that it claims to be. This also ties into what the email URL looks like so check the bit that comes before the ‘.com, .co.uk etc.’ as it should have the domain name of the brand.
If it looks too good to be true
Then it most likely is. If a site or email is offering something that looks fantastic for a fraction of the cost or even free then avoid. If it was, then everyone would be doing it and everyone would know about it.
The bottom Line
The main point is if you are not 100% sure don’t do it, don’t click, don’t reply and don’t give any details. Phone the company it claims to be from or search Google for the company and use the contact details on their site to ask if it was them.