Tip - report phishing, vishing and smishing

Tip 12 from 12 tips of Christmas

This is the twelfth in a series of 12 tips to help you improve your online safety. We’ve seen the inexorable rise of phishing over the years - usually to get you to click a link which either downloads malware, or prompts you to put in personal details into a website. A successful variation in 2017 was to hijack the invitation links to edit a Google Document What are vishing and smishing? []

Tip - apply updates for computer chip problems

Tip 11 from 12 tips of Christmas

This is the eleventh in a series of 12 tips to help you improve your online safety. We’re just seeing details emerge of the Meltdown and Spectre vulnerabilities in most CPUs powering mainstream computers and phones. CERT’s official recommendation is that the only way to guard against this particular problem is to replace your CPU with one that isn’t affected but that’s probably not an avenue most of us will take, so watch out for patches and updates. []

Tip - keep an eye on program updates

Tip 10 from 12 tips of Christmas

This is the tenth in a series of 12 tips to help you improve your online safety. System Administrators know (from sometimes bitter experience) that updates to systems and programs are meant to improve things (add features, fix problems), but don’t always do so. The sheer volume of updates to programs and apps can mean that we click to install updates without checking. Given this tendency to trust program updates, hackers are now targeting the update mechanisms themselves. []

Tip - use administrator privileges sparingly

Tip 9 from 12 tips of Christmas

This is the ninth in a series of 12 tips to help you improve your online safety. In tip 5, we covered the fact that the Deloitte hack came about in large part because an intruder just needed to acquire a single password from an administrator of the firm’s email accounts Home and personal computers can be similarly susceptible - if a virus or other malware affects you while you’re logged on as the administrator account, then all data on your computer could be affected, or locked and made subject to a ransom []

Tip - use HTTPS everywhere

Tip 8 from 12 tips of Christmas

This is the eighth in a series of 12 tips to help you improve your online safety. Get 2018 off to a good start by: Going to the “https://” version of every website Checking that your browser supports modern security algorithms Ensuring any websites you manage have SSL certificates too Go to the “https://” version of every website Update your bookmarks and favourites to always go to the https version of a site. []

Tip - use security posters and leaflets

Tip 7 from 12 tips of Christmas

This is the seventh in a series of 12 tips to help you improve your online safety. Even though we’re talking about staying safe online, “old-school” methods such as posters and leaflets have their place in raising awareness, and providing targeted information. Posters Posters can be a great part of a security awareness programme - often displayed in communal areas such as workplace kitchens. SANS have some great free posters in their “Securing the Human” range and we’d particularly recommend: []

Tip - check you're not using one of these passwords

Tip 6 from 12 tips of Christmas

This is the sixth in a series of 12 tips to help you improve your online safety. If you’ve been reading the other tips so far, you’ll know the recommendations of: using a different password for each site using a password manager letting an automated password creator suggest a password for you. SplashData have done some analysis of the passwords collected from the many data breaches, and compiled a list of the worst 100 passwords in 2017. []

Tip - check if your account was in a data breach

Tip 5 from 12 tips of Christmas

This is the fifth in a series of 12 tips to help you improve your online safety. Data breaches are becoming more and more common Even if you’re responsible with keeping your information secure, it seems that not every company who has your details is able to hold on to them securely. Deloitte - data was compromised after an intruder just needed to acquire a single password from an administrator of the firm’s email accounts []

Tip - secure your home Wi-Fi - part 2

Tip 4 from 12 tips of Christmas

This is the fourth in a series of 12 tips to help you improve your online safety. Schedule firmware updates Hopefully you’re in the practice of regularly applying patches to your computer(s) and mobile devices. It’s also best practice to check for updates to your Wi-Fi router firmware. 2017 saw exploits such as KRACK and Reaper, which have fixes available in firmware. Stop broadcasting your SSID Unless you need to continually add new devices to your network (in which case you might consider the guest network approach listed in Tip 3), then find the option to disable SSID broadcast - if a hacker doesn’t know you’re there, it’s much harder to start trying to compromise your network. []

Tip - secure your home Wi-Fi - part 1

Tip 3 from 12 tips of Christmas

This is the third in a series of 12 tips to help you improve your online safety. Change the administrator password (and username if you can) Sites like DefaultPassword.com are really handy if you need to reset a device and no longer have the manual to hand, but are similarly handy to hackers. Disable WPS WiFi Protected Setup (WPS) allows you to pair a device with the router by simply pressing a button. []