Time to Review Your Internet Security
The current trend for more and more organisations to operate mainly (or even exclusively) online means that we are forced to share some of our information via internet websites. Cyber criminals are keen to take advantage of this and we all need to be aware of the risks and how to avoid them.
By observing a few fairly simple rules we can very much decrease our chance of being ‘hacked’ and bring us some peace of mind while operating online.
In addition to the information below, the website at https://getsafeonline.org has very comprehensive advice to help you review and secure your system.
Some things to be suspicious about
- Message from an unexpected source.
- Subject line looks odd – something not expected from that sender.
- Introductory line of the message atypical for that sender.
- Strange looking address in address bar – strings of odd characters after company name. In this case check the spelling of the company name carefully. Hackers will sometimes use an address which relies on mispelling when you enter the address.
- Message contains links to remote content e.g. video, photos, music. The joke videos passed around by email are notorious means of spreading virus infections.
- No reputable company will send you an email asking you to reconfirm (re-enter) your username, password etc. If you get one of these it is almost certainly suspect.
- Phone call from computer expert. Microsoft and other service comapnies do not make unsolicited calls. The aim of these calls is to persuade you to allow the caller to take over your computer (allegedly to fix it) giving them complete access to your system and the means to install the malevolent software of their choice.
Some tips on securing your system
- Make sure that your virus checker and system software updates are current. On recent Windows systems the updates are often configured to be automatic but you should check this in the security section of the settings (control panel). These updates will help to plug any new gaps being exploited by hackers. Note that new computers are often supplied with a limited time licence for a virus checker e.g. Macafee or Kaspersky. If you do not wish to renew the subscription when this expires change to the inbuilt Windows virus checker.
- Bookmark the pages of internet sites used regularly especially banking or email sites. This will protect against misspelling which can bring up a spoof page which looks exactly like the real thing but is used to capture your personal data.
- When using sites where security is vital e.g banking or online shopping where you will enter card details look for the lock symbol and https:// in the address bar. When present this tells you that all data from your computer to the server is encrypted. This protects against the so-called ‘man in the middle’ attempt to grab your data. Always check for the lock before entering your details.
- Beware of unsecured public wifi networks available in cafes, shops and some town centres. These are vulnerable to ‘man in the middle’ attacks (is that guy in the corner of the cafe with the laptop working or snooping or sending you a spoof login page?). If you regularly use such networks you should consider using a VPN (virtual private network). This requires a subscription but hides your IP address and makes hacking your device very difficult.
- Choose a username and password which are very difficult to guess. A number in your username makes it difficult to guess from your name. Your passwords should be a minimum of 8 characters long and should contain both uppercase (preferably not the first letter) and lowercase letters, numbers and a symbol (e.g. £$%& ). There is more detail on choosing passwords on this website https://www.getsafeonline.org/protecting-yourself/passwords/
- Use a different username and password for each site. History shows that passwords do get stolen and in some cases have not been encrypted. If you are informed that your password has possibly been compromised then you must change it without delay. Your other sites, with different passwords, will not be at risk.
- Because remembering multiple passwords is very difficult you could write them in a small notebook kept at home. This would only be at risk if your were unlucky enough to be burgled and is safer than using the same password on multiple sites. Alternatively use a password safe. (search online for details of these) or see above webpage for some tips on remembering passwords.
- Consider using two factor authentication where available (most email systems offer this as an option). You may be familiar with this from logging into internet banking where you generate a unique code using your debit card. For details of methods of 2FA consult the security section of your email account online.
Email in our U3A.
- On our website we take steps to protect members details.
- When using email to communicate within interest groups please ensure that you protect the email addresses of fellow members by using the blind copy (bcc) facility rather than entering all addresses explicitly in the To section.
- Group leaders who use email regularly to communicate with their group members can apply to webmaster@ pemburyu3a.org for a firstname.lastname@example.org address to protect their own email address.
- Reply to all reveals your email address to all original receivers (including those blind copied). It is bad email etiquette unless you know that all original addressees and the original sender need to see your reply.