Whether you’re in the office or browsing the internet from your phone, ensuring your data is safe is extremely important. Knowing what you can do to protect yourself against modern digital threats is key but knowing where to start can be difficult. Don’t worry though because Everything Tech is here to help. Our team has put together their top eight cyber security tips which are simple but effective ways to protect yourself online.
1. Keep software up to date.
Installing software updates for your operating system and programs is critical. Updates are released all the time so make sure you regularly check that you have the latest updates installed.
How you can do this:
- If your IT systems are not managed by an MSP, such as Everything Tech, then you should switch on your automatic updates.
- Ensure all of your third-party apps, such as Java and Flash are also kept updated.
2. Always use a strong password
We all have too many passwords to remember so it’s no secret most people reuse the same password for multiple sites. However, you wouldn’t have the same key for all your locks so why use the same password for all your accounts? To make things simple you could use a password manager, such as LastPass, which will securely store all your passwords in an encrypted vault. They allow you to automatically generate a very complex password that you don’t have to remember because the programs store them for you.
Whether you use a password manager or not, ensure you follow these best practices:
- Update your password periodically – at least once every three months
- Use a strong mix of characters including numbers and special characters
- A long password is more secure than a short one. Try to make the passwords at least 10 characters. 20+ is the recommended amount.
- Never share your password with anyone.
3. Avoid Phishing scams and other malicious emails.
Phishing emails, which try to trick you into entering your details to gain access to your online accounts, have become prevalent over the last couple of years. Phishing scams can also be over the phone, by text, or through social media, so it’s important to be vigilant when entering your account details into any site, especially one you’ve not requested access to.
Always remember:
- Be wary of any emails or websites that ask you to enter your account or personal details.
- Messages that say “You’ve been hacked” or “please login to remove threat” are usually malicious
- If you think something doesn’t look right the chances, are it isn’t.
- Switch off your PC/laptop if you are concerned that your device has been taken over by someone.
4. Think before you click
Along with Phishing scams, you should be mindful when clicking on any internet links.
Things to bear in mind:
- Hovering your mouse over a link will reveal its true destination. For example, a link to thecompanyyouwanttolookat.com may go to ihavenowgotyourdata.com
- Email attachments should always be verified before clicking. If you’ve recently spoken to the person sending the email, you’re generally OK to open the attachment. However, if an email comes in and you’re not expecting an attachment, double-check by contacting the sender. Do this by phone or by sending a separate email and not replying to the one you’ve just received. Much like links, email addresses can be spoofed. You can check them in the same way as a website link.
5. Never leave your devices unattended
Physically securing your devices is as important as locking your PC. Once you’ve lost your data you can’t encrypt it or delete it unless that feature is enabled.
Remember to:
- Never leave your laptop, PC, or mobile device unattended.
- Don’t store sensitive data on a USB stick or USB hard drive without locking them away when not in use.
- Encrypt your USB sticks using Windows 10 (BitLocker feature).
- Look at using a secure cloud to store your data rather than a physical device.
6. Use your mobile devices safely
Many of us rely on our mobile devices, however, they’re susceptible to attack in much the same way as your computer.
Our advice is to:
- Always lock your device with a PIN or password.
- Only install apps from trusted sources.
- Keep your device’s operating system updated.
- Don’t click on links or attachments from unsolicited emails or texts.
- Avoid transmitting or storing personal information on the device.
- Backup your data.
7. Implement MFA
It is very important to implement Multifactor Authentication (MFA), or two-factor authentications. The main goal of a phishing attack is for a cybercriminal to gain access to an email inbox so they can manipulate and send messages to suppliers and customers, usually asking them for money. Phishing attacks are most common when a person clicks a link in a phishing email, which is an email that looks like it has come from a reliable source such as a bank or Microsoft 365 but has come from a cyber-criminal. These links usually take you to a very similar website page to the real login page, but this page has been imitated by cyber criminals. Once someone has entered their username and password this is now in the hands of the cybercriminals. MFA helps prevent these attacks as in addition to the username and password as when logging in the site will send a 6-digit passcode to your mobile phone, the cybercriminal may have your username and password, but they will never have the 6-digit code because they haven’t got access to your mobile phone, which is how MFA cuts out a good portion of these cyber-attacks. The main goal of phishing is to gain access to your email so they can manipulate and send messages to your suppliers and customers on your behalf, usually asking them for money. MFA is usually very easy and low-cost to implement however is one of the biggest defences against these types of attacks.
8. Back up your data
If all else fails and your data is encrypted by a cyber-attack or your device is stolen what is your backup plan?
- Backup software is inexpensive and can offer a range of storage – local USB stick, NAS (Network storage), or Cloud.
- Cloud storage can be accessed from anywhere with an internet connection.
If you are concerned about your company’s cyber security, contact Everything Tech today to see how we can help.
