Supported by
Society of Chief Officers of Trading Standards in Scotland
Scotland
Trusted Trader

Cyber security advice - protect yourself online

News: Thursday 10 March 2022

Cyber security advice

Take Five

We live in an increasingly uncertain world, and with current events unfolding, there has never been a more important time to review your personal, family and business online security.

Online attacks can range from tricking you to downloading rogue applications that may steal your data, ransom type demands or simply deceiving you into giving out personal or financial information.

If you use a computer, smart phone or have an email address, then you need to pay attention. Take five minutes now and review your security. Five minutes now could save yourself lots of heartache, stress and damage later on.

Prevention is always better (and cheaper) than cure

  • Backup your data - What would happen if you lost access to your data? From treasured digital wedding photos to year end accounts or customer data. If you don’t know how to back up your data, read this guide from the National Cyber Security Centre.
  • Software updates - Make sure your computer or software applications are patched and up to date. Set it to automatic updates so you don’t have to worry about it. See links on how to do this at the end of this article.
  • Antivirus / Anti-malware - Is your antivirus or anti-malware up to date and current? These applications are regularly updated to reflect new threats and usually automatically updated. But it would be worth manually checking your antivirus application just to double check it is up to date. They are normally very obvious if they need any attention, with pop ups or a red warning telling you what needs to happen.

    Note - If you don't have any antivirus on your computer, download one now! One of the most popular and effective ones, Norton Antivirus has a variety of paid options, or there are free ones such as AVG.
  • Change / update / strengthen all of your passwords - The biggest thing you can do to make yourself safer online is to use complex and unique passwords. But this is seen as as time consuming and considered to be too difficult to manage, which is why so many people use the same username and memorable password. This is now a very dangerous strategy and you are putting yourself at risk.

    There is lots of confusing advice on passwords such as pick three random words etc. Ideally all passwords need to be random and complex, but help is at hand. Use a free password generator to create random passwords such as 1password.com/password-generator.
  • Use a password manager - there are a multitude of password managers that allow you to save login and password information, meaning you no longer have to worry about remembering passwords.

    Note - Try and steer clear of saving passwords in browsers, such as Google Chrome or Microsoft Edge. Although very convenient, if your Google or Microsoft account is compromised, then a third party will have access to all of your passwords! Instead consider a dedicated password vault. A lot of antivirus programs such as Norton now include or offer the option of a password manager.
  • Use Two Factor or Multi-Factor Authentication where available - Sometimes abbreviated to 2FA, this adds another layer of security to user accounts by asking you to add either a code or text message after you have entered your password. At the very least, ensure you enable 2FA to any Google, Microsoft and Social Media Accounts. See the links at the end of this article to learn how to configure them.
  • Protect your privacy - Unscrupulous people are desperate to learn more about you. Be more guarded about how much of your personal information you are giving away. Do you really need to add your date of birth? For personal social media accounts, make sure you lock down your privacy settings. For business accounts, only display public information that you are happy to share, such as contact information. See how to secure your social media privacy.

Have a plan

If the worst happens and your accounts are compromised, you lose access to your computer, or the office PC simply dies of old age, what will you do?
  • Can you still access your data and restore from a backup? Have you tested this?
  • Do you have master passwords written down locked away safely so you can access your password manager when it is installed on a new computer? Do you need to add a hardcopy code to access your Google account?
  • For business owners, how long would it take you to get back up and running again?
  • What would be the cost or disruption? How would it impact your reputation?
Have a think and revise your security based on your findings.

What threats are out there?

  • Your user details on the dark web - Unfortunately, no matter how hard you try to look after your data, third parties will and do get hacked, meaning customer information ends up in the public domain. This information is bought and sold, particularly usernames and passwords, regardless of the fact they may be encrypted.

    What you can do - There is a website called haveibeenpwned.com which holds information on all major data breaches. If you enter your email or telephone number, you can see if your details have been potentially compromised. If you have, then you will see the website listed that was compromised and you should change your password or delete your account from that website. This is another reason for using individual passwords and will protect you from future data breaches.
  • Phishing scams - Most people are now aware of phishing scams, but these get more sophisticated and do catch more people out. They normally arrive via email and their main aim is to either get you to part with credit card details by asking you to enter details into a realistic fake website, or to open a web link to download a malware application (see Malware below).

    Another form of phishing a lot of people may not be aware of, are some of the social media chain letter and annoying posts that tell you what kind of rockstar you would be, or what your hippy name is. Some of these are actually deceptive methods aimed purely at hoovering up your personal information and trick you into giving away personal secrets. Dates of birth of your kids, pets’ names, all the usual suspects used in weak passwords. Steer clear of these and never forward chain letters, regardless of what bad luck is prophesied.

    What you can do - Unfortunately phishing scams prey on people’s honesty and good nature. Never feel guilty if you fall for one but learn from it. Be more sceptical about emails you weren’t expecting or emails or social media posts asking for too much information. Why does your bank need you to enter either your banking information including password and any secret codes, or full credit card info. Educate older or more vulnerable family members, friends or neighbours. If you have fallen for a phishing scam, report it immediately to your bank if it is financial. You can also report phishing scams here.
  • Malware - These are malicious applications that unscrupulous people will want to try and get on your computer or device. They may collect passwords, try and take over your machine or more recently there have been reports of destructive malware that seeks to damage your computer by stopping it from booting up.

    What you can do - Malware needs a way of getting onto your device, normally by trying to deceive you to open weblinks which will download an app, normally as a phishing scam. Make sure any computer users are aware and undertsnd not to open untrustworthy or suspicious emails or web links.

    A lot of antivirus programs will automatically catch a lot of malware, so make sure you have antivirus and it’s up to date. You can also buy dedicated anti-malware applications if you feel you are at increased risk. If you suspect you have malware installed and your machine is not responding, seek professional I.T. help.

Summary

The internet is a fantastic and invaluable resource. Following some of the relatively straight forward steps outlined above, and without a need of any technical knowledge, you can mitigate a lot of the risks and enjoy a safe and trouble free experience.

But you do need to be aware of the threats and common issues. You will protect not only yourself, but your family, friends, along with employees and customers in regard to small business owners.

Useful information

Below are a list of handy resources, starting with the excellent Take Five campaign which is full of useful advice.
Please forward this to anyone who could find it useful.