The last 18 months has seen many of us transition from office to home working, and with positive benefits of this, comes new risks to you and your data. So this week for Cyber Security Month week 3, the WJPS team have created a guide to staying Cyber Secure at home.
Avoid keeping a physical copy of your passwords (written in a note pad for example,) as the loss of this may result in your accounts being compromised, instead you can opt for a password keeper application on your computer which is password protected. Another good password protection practice is to not re-use passwords and create strong passwords (See Steven’s guide to creating a strong password at the end of Week 1s tips!).
When working from home, many people have needed to use their own personal computers and laptops for work. By using your own personal devices, the sensitive data is then stored on a less secure device, opening the business up to risks. To avoid this, we recommend downloading an anti-virus software or firewall, and making sure it is kept up to date (or updating the one you already have!) It is also important to keep all of your applications up to date, Updates often patch security flaws. Hackers take advantage of security flaws to gain access to your personal information, keeping your software up to date prevents hackers from finding and exploiting these flaws.
Working from home means some people may choose to work in a café or be forced to use public Wi-Fi for other reasons. Public Wi-Fi creates many risks, including malware attacks distributed through the Wi-Fi and Hackers using Public Wi-Fi to track what you’re doing online.
If you have no choice but to use Public Wi-Fi, make sure toy know how to disable file sharing and log out of accounts when you’re finished using them.
Knowing how to spot a phishing email can be a great advantage. Hackers will send emails in the hope that you won’t realise that the link or email address is not genuine. These can look like officials, with hackers hoping you will hand over your credentials to them. Please see Toby’s guide to knowing the risks to find out how to spot a Phishing Email.
Often when protecting their technology, people forget about their mobile phones. Mobile devices are often very vulnerable to online threats. Making sure you only download apps from official sources like Apple’s App Store or Google Play Store, you can also check apps reviews to see how legitimate they seem. Even on mobile, be careful clicking links and be sure to avoid replying to strange, unexpected emails and messages.
Whilst working from home, it can be even more tempting to shop online as you work! It’s important that when shopping online, we remain safe and vigilant to protect our data.
Sometimes it’s hard to know what information a site does or doesn’t need from you in order to buy from them. No online retailer would need any information like your National Insurance Number, but if they got their hands on it, along with your card details, serious damage could be done.
Even if you’re not someone who shops online, regularly checking your bank statements is great practice. Spotting a payment that you did not authorise early can help you avoid further money being taken from you. If you spot something that doesn’t look right, contact your bank immediately.
Shopping on mobile is just as, if not more, safe than shopping on a laptop or tablet. Many online retailers now have their own apps, which means you can be sure that you are buying from the legitimate site. Many retailers now have their own Apps, including Amazon, Ebay, Asos, Tesco, Argos and Next.
Most sites nowadays use HTTPS (Hyper Text Transfer Protocol Secure) on their website. HTTPS ensures that all data submitted by you to the websites server is encrypted, preventing possible man in the middle attacks on site log ins. HTTPS is normally indicated with a lock icon next to the address bar in the browser. Clicking the lock will give you more information, such as if the SSL certificate used by the site is valid, and any cookies in use from the site.
If a site is not secured with HTTPS and an SSL certificate you will see a grey i Icon. When you press the icon it will inform you that the connection is not secure. When this is the case it means any information you submit is not encrypted, and if intercepted, will be readable.
For example, if you sign into a website with the email “firstname.lastname@example.org” and the password “mypassword”, on a website not secured by HTTPS this would look just as you entered it:
Using this, an attacker could easily log into your account. However if you are logging into a site secured by HTTPS your username and password would look like the following to an attacker:
This would be useless to an attacker.
TLDR: Look for the padlock icon before entering any personal information or login information into any website.
Published: 19/10/2021 Published by: WJPS
Return to News Page.