It is important to keep your online world safe in these difficult times when the internet is a lifeline for many people. We recommend reviewing your safety measures against these ten top tips for keeping yourself safe online:
1. Make sure your passwords are secure.
- Many websites will force you to set a password of minimum length and require a number and special character to be used, but these requirements are not enough to ensure that your password is secure. To strengthen your security:
- Avoid using common words with standard substitutions such as ‘P@ssw0rd’;
- Don’t base passwords on the names of children or pets as the criminals can use surveillance techniques easily to discover this information; and
- Consider using a long rather than complicated and difficult to remember password. Perhaps a phrase from your favourite book, or the words of a song. The length of phrases makes them a lot harder for criminals to guess with brute force attacks and phrases are generally easier to remember. Selecting 3 random words is also effective, though not necessarily as easy to remember!
2. Don’t re-use passwords.
Most people have done this at some point, thinking that the password is good enough for the banking app so will be just as secure on Amazon, Just Eat and the new magazine subscription that is keeping you sane during lockdown. The problem is that it is standard procedure for criminals to try an email/password combination that they have cracked on every possible website from which they may be able to obtain money or information, so every password reused reduces your security
3. Never click on a link you weren’t expecting whether it comes by email or text message.
All websites and other organisations that send you emails should have your express permission to do so. If a company you have never heard of emails you, don’t click on any links as there is a high risk that this will result in your security being compromised.
4. Use Gov.uk guidance to confirm that emails from Government organisations are genuine.
HMRC has confirmed that they will NEVER ask you to disclose your personal information such as full address, postcode, Unique Taxpayer Reference or bank details by email. They also confirm that no tax rebate or repayment will be offered by email. For further guidance on what HMRC may send you, visit https://www.gov.uk/government/publications/genuine-hmrc-contact-and-recognising-phishing-emails/genuine-hmrc-contact-and-recognising-phishing-emails.
If in doubt, try contacting the relevant department by telephone and remember that all Government organisations are taking a pragmatic approach to the current crisis and will not be requesting urgent action or immediate reply.
5. Don’t open attachments from unknown sources.
As with links, attachments can download malware and viruses that seriously compromise your security online. If you weren’t expecting the email then don’t open the attachment. Note that HMRC will not send you emails with attachments unless you have expressly confirmed that you understand the risks involved, an approach that should be followed throughout Government.
6. Make sure you install updates on all of your devices.
With the use of laptops, mobile telephones, voice assistants and tablets booming alongside the use of desktop computers we often share information and login details between many different devices. It is vital that you install updates to operating systems and programs on all these devices to ensure that there is no weak link enabling the criminals to access this information.
7. Use Anti-virus and Anti-malware software, and keep it up to date.
There are many paid and free anti-virus and anti-malware products available for all types of device. While some may be better than others none are perfect as the digital signatures of new types of attack need to be added regularly. Any such program will provide enhanced protection but it is vital to keep it updated to check for the latest attacks.
8. Use 2 Factor Authentication.
2 factor authentication means that as well as entering your password you need to enter a one-time code each time a service is logged into. This can be sent to your mobile phone by text, or you may be able to use a more secure method where an App on your mobile phone is set up to produce a new code for you at intervals. Where possible, access back-up codes that could be used if your mobile telephone were to break leaving you unable to access the authenticator as these can be used to get back in and set up a new device to produce the codes.
9. Back-up your devices.
Even if you follow every piece of security advice available there is a chance that someone will find a new way in, or that you simply break your device. Ensure that important data and other things you would not wish to lose, such as family photographs, are backed up to a separate device or cloud system so that you can access them if the worst were to happen.
10. Remember that your personal information has value.
While we would all be less concerned for someone to hack into our favourite news site login than if they got into our baking app, the first is by no means risk free. The criminals who set up these attacks have many ways of making money out of information that may seem irrelevant to you and I. It is well known in enforcement groups that criminals will sell any information they can obtain from any form of website and once the information has been released to other criminals the methods that can be used to monetise this information are endless. Care for yourself and your information to stay safe.