Unlike most jobs, cyber security is not something that ends after you take that step outside the office door. Cyber security is something we need to think about, not just as professionals, but as people who are internet connected daily. So I have put together a list of 10 things that you should be preaching from the rooftops to anyone that will listen. These 10 tips will help not only you to secure your online life, but will help anyone that has the patience to listen to you preach.
ONE – Look for browser warnings and the green lock before entering credentials.
Whenever you access a website your browser runs background checks to make sure that the site you are visiting is who they say they are. when they fail these checks, your browser will warn you. These warnings need to be respected and listened to. Remember this simple rule for enter passwords and credit card details - HTTP = never / HTTPS = secure.
TWO – Maintain unique passwords for every account and website.
Too often people will use the same email and password for their bank as the overseas online retailer that asked you to create an account. The issue with this is that if the overseas retailer gets compromised and your account details are stolen, bad guys will often use those same credentials against a variety of services like your paypal, big banks etc.
THREE – Use truly randomly generated passwords or long secure passphrases as your passwords.
With passwords, you are looking for length and true complexity. Complexity does not mean take your name and replace an ‘A’ with an ‘@’. Complexity means that you couldn’t break a password just by changing characters. But remembering truly random passwords is tough, so passphrases memorability and security are the next best thing. Simply take a saying or a line from your favourite song and use that as your password, spaces and all. Generally speaking if you add a number or two that should satisfy the outdated password complexity standards.
FOUR – Do not click links that arrive in unsolicited email.
Phishing is a scamming method that uses fear and urgency to get you to act irrational. If you are not expecting the sender and there a links urging you to “click here” otherwise something bad will happen like your email account getting shutdown or blocked, it is generally fake. If you are
still unsure, you can hover over the URLs in the body of the email and if it was meant to be from someone like Microsoft then the link should be Microsoft’s, some examples are:
Microsoftpasswordreset.suvlaki.co - FAKE
login.microsoftonline.com - GOOD
FIVE – Where possible enable multifactor authentication
Multifactor authentication is a second way of verifying your identity. This can be done using methods such as a text, phone calls or generated tokens. This should be enabled because even if your password is stolen, they can still not access your account. When multifactor is enabled you should always be aware that if you receive an authentication code without trying to log in, then it could mean that someone has your password and is trying to log in.
SIX – Know if your password is compromised
Knowing if your password is compromised is half the battle. Using services like “have I been pwnd” you can identify if your account has been involved in a breach and to what extent your information has been compromised. If you found out that your password has been compromised then change the password and if you were silly billy, change all other accounts that have that same password.
SEVEN – Try not to write down your passwords, if you do, do not store them in plain sight.
You should not have your passwords written down, all it means is that I have to be in your house or near your computer to obtain access to your accounts. The same applies for the office, all I would have to do is walk past your desk to get your password. So PLEASE hide them – and no NOT UNDER THE KEYBOARD!
EIGHT – Use a password manager to help you remember your unique passwords.
A strong password is one that is long and can’t be remembered, but I agree, that is tough. But no one is asking you to remember them, instead securely store them in a password vault. Password vaults are invaluable at keeping your everyday passwords safe, and then ensure that access to your vault is protected by a passphrase and multifactor (Step three and five)
NINE – Keep ALL software up to date.
Just updating your operating system or antivirus is half the battle against protecting your device. Malware will often exploit vulnerabilities in software and that have already been patched by the creators of the product. It is scary to think that out of date applications, such as Adobe, Zoom etc, can allow a bad guy to gain full access to your system and everything on it.
TEN – With emails, ensure that the send and the senders email address are correct.
It is incredibly easy to change your email address to appear as someone else. Your job is to make sure the person emailing you is actually the person you believe it is. At a high level this can be done by comparing their display name to the actual email address.
An example could be:
John Harry <email@example.com> –
John Harry <John.Harry@importantbusiness.com> - GOOD