If you’re with a Managed Service Provider, like TechQuarters, then you’ll likely have an excellent security strategy for the whole business. On top of this, there’s plenty that the individual must be aware of in terms of security. We offer instructional videos for all of our customers, teaching them the fundamentals of day-to-day cyber security to help users stay safe online. The following is some of the main things to consider:
A scam email is the most common form of attack you’re likely to get. Although Outlook has a Junk Filter with several levels of protection, you might still receive some. An important thing to note is that scammers want to contact unobservant users – this is why you often see emails with poor spelling and grammar, and which use urgent language to persuade or scare recipients into taking action without taking a moment to consider if the email is legitimate.
Never take an email at face value when it is asking you to make decisions about your money, or your sensitive information. You must always be 100% certain of the legitimacy of an email – even if it involves contacting a user or company directly to verify this.
The purpose of most scam emails will usually be to acquire sensitive information. If you receive an email that instructs you to give some form of person identifiable information – by following a link for example – it is probably a scam. A legitimate company will never make requests sensitive information directly in an email, due to compliance obligations.
You should also look out for generic greetings. Of course, plenty of legitimate companies will send unsolicited emails with generic greetings – however a company that you’ve already entrusted PPI with will definitely have your name, or at least a user name that you have provided them with. Sometimes, a scammer might take the time to copy the first part of your email username – the first part of your email address that you set – to appear like you have had contact with them before.
Unfortunately, we all make mistakes sometimes and you may accidentally click on a link in a scam email. Make sure to close the site it took you to, and immediately change the password you use for your email (and any other website); then, for good measure, scan your device for malware and contact your IT provider for any further advice.
In fact, the biggest security risk most individuals take on a day-to-day basis is browsing the internet, which is something most of us hardly even think about nowadays. That’s why we’d recommend some basic practices to follow when browsing the internet.
Before you start browsing the web on a device, always make sure that your software is up to date – this includes your operating system, your web browser, any security software you have installed, and browser plugins such Java or Adobe. There may be vulnerabilities in older versions of software; and updates and patches to the software might be to eliminate specific faults that hackers have learned to exploit. Therefore, it is always important to install any updates that are available, even if it is a bit disruptive to your routine. You should also always check that the security settings of your chosen browser are set to the highest level.
As well as your software, check the security of the network you are using. Internal networks such as your work or home network are much more secure than an external network, such as your mobile data network, or a shop / café’s network. You might consider using a Virtual Private Network (VPN) if you often need to browse on the go; it is worth noting that the most secure VPNs are subscription services.
And while you are actually browsing, make sure you’re doing it safely. For example, only download files and applications from websites that you trust; and be aware that sometimes whole websites can be set up to trick online shoppers into sending money to the wrong person. You can tell if a site is secure if it has a padlock next to its URL and uses the secure extension of Hypertext Transfer Protocol (‘HTTPS’ rather than ‘HTTP’) will be secure. Links should also be inspected before clicking on them – you can do this by hovering over it and looking at the URL that appears in the corner. Sometimes URLs will be compressed into a TinyURL, which you can expand and inspect.
Firstly, you should enable multi-factor authentication (also called two-factor authentication) on every account that it is available on. This is the best thing you can do to secure your account and as important as using strong passwords.
Unless there has been a security breech on a website that has revealed one of your passwords, the main course of action hackers will take to acquire your password is with a brute-force attack – essentially, they will use a computer program to guess passwords; some of these programs can test anywhere between 10,000 to 1 billion passwords per second. A password can take less than a second to crack, or it can take several millennia; the more complex your password is, the longer it would take a brute-force attack to acquire it.
There are websites that will indicate how long it would take to crack your password – a good tip is to use two or three random words as your password, because whole words are harder to crack than random collections of characters; if you can also replace some letters in each word with numbers or symbols, the password will be even stronger.
It also advised to use a different password for each site or account, and to change your passwords every 3 months. If a security breech has revealed your password on one website, and that happens to be the same password for several of your accounts, suddenly you’ve got multiple accounts that are at risk. This underlines the importance of not using the same password for multiple websites / accounts; this doesn’t mean you have to keep track of every single password you’re using – you can use a password manager to securely hold them all so you don’t forget them.
The individual user is perfectly capable of protecting themselves online; but if you are ever unsure of what to do, you should be able to contact whoever provides your IT services for help. At TechQuarters, we are always happy to advise our customers on cyber security and how to help users stay safe online.