by Sarah Potter
Calling all millennials: In an age where we all have the attention span of a goldfish, reading a lengthy article about the ins-and-outs of online security is probably the last thing on your mind.
In an effort to hold onto that dwindling attention span, however, you’ll be pleased to know that this cyber-insight is in everybody's favourite form of... memes.
Software Updates, the bane of your life.
Windows 10 got you down? Antivirus constantly interrupting your 10 hour YouTube spree? Unfortunately, like most of the important things in life it’s annoying because it’s important.
Just like constant dentist check up reminders and texts from your mum about going to the doctors, without constant badgering you’d probably never get it sorted.
If you’re the kind of person who likes nothing more than clicking ‘remind me later’ then have a rethink. The recent WannaCry attack stemmed from a Windows vulnerability that was quickly patched and updated.
Unfortunately too many folk continued on ignoring the update reminders, blissfully unaware that a 20 minute update may have saved their machine…
If you’re an individual?
Update your computer! 20 minutes, after all, is enough time for a biscuit and a brew.
If you’re a business? Set up your IT policies so that users can only ‘remind-me-later’ so many times before they’re forced to update. Sure, it’s annoying – but then again so is losing all of your data to would be hackers.
Catch of the day when out Phishing
Ok, so this is technically incorrect, but we’re pretty sure no working day goes by without filtering through a couple (or hundreds…) of emails.
Once the preserve of rather unsophisticated emails asking you to transfer bank details, so you could be sent your winnings from a lottery you didn’t enter, or a message asking for your passport details so you could be matched with a long lost rich relative – phishing emails have become increasingly sophisticated.
Spoof email addresses that mimic Gmail or PayPal are all too common. we’re even seeing emails that look like they’ve come from a person within your organisation, which can make a simple Outlook browse quite the minefield.
So, what should you do?
Always check the sender's FULL email address, if it’s a phishing mail the address will likely appear somewhat out of place. For example an official PayPal email will be from an address such as firstname.lastname@example.org. Check the ending, something like .net or .org would be unusual.
If the email asks you to log into a specific account to check over purchases or details, open a separate browser window and navigate to the site from there.
Phishing emails often include links that open to near-identical login pages – which are then used to steal your login details. Finally, if you have ANY concerns over an email DO NOT CLICK ANY LINKS. We can’t state that too many times. DO NOT CLICK ANY LINKS. One more time for those at the back: DO NOT CLICK ANY LINKS. Phew.
Something doesn’t look right? Be sure to give your IT department a heads up so they can monitor for these sorts of things. Even better, if your in IT, would be transition to a online security platform such as Touch Secure; protecting your perimeters, public cloud and internet to keep your business safe from such phishing attacks.
Password? Let's try 'Password'
Sorry to spoil the illusion, but most people will get into your computer or network because your password is usually *sighs*… ‘Password’. Or ‘Password1’ if we’re being fancy.
Know how hackers usually hack? By exploiting the end users inability to create decent passwords.
‘Facebook’ for your Facebook login
‘LinkedIn’ for your LinkedIn login
‘Chelsea’ because you have questionable taste in football
Sure, they’re easy to remember – but they’re also easy to guess. A lot of the blame lies with websites and your own network rules. If you let people get away with weak passwords then you’re partly to blame, because folk will always pick the easiest route.
A good password has traditionally consisted of an uppercase and lowercase letter, a number and a special character (!£@?) and no, P@ssword1 is not going to cut it.
There’s also some thought online that the ‘Correct Horse Battery Stapler’ method of choosing four random words actually generates even better password strength – and is easier to remember than a hundred various combinations of numbers, letters and special characters.
Oh, one more thing… don’t go to the trouble of writing a brilliant password only to write it on a post-it note and stick it do your monitor. It’s like driving a car with no wheels, good to look at but utterly useless.
Same as a would-be burglar is more likely to pick the house with open windows and unlocked doors, someone with some not-so-great intentions is more likely to attack a device or network that’s easy to get into.
What's your biggest weakness in online security?
Sorry to tell you, but it’s you. And your IT team are probably tearing their hair out over it. But, just like passwords can be hard to remember, so can being aware of your online security.
So, for simplicity, try these three Ss:
- Software – Update it when prompted
- Strong – Passwords. Make it strong, make it memorable.
- Savvy – Scrutinise emails, be smart when you click links and if in doubt, ASK
Keep browsing and keep safe out there. After all, you don’t want the world to know that you’ve got a terabyte of kitten pictures stored on your work laptop… do you?
Enjoyed this article? For candid advice on how to manage and defend your own online security posture, contact one of our online security experts here or read more about our own cloud based managed firewall service, Touch Secure.