CYBER SECURITY SUMMARY – DEVON & CORNWALL POLICE.
If you’d like to get started on the basics consider –
Home Wi-Fi – change your password away from a factory pre-set (i.e. the label on the back), as these are published on the dark web and are easy to find. (Your broadband site will have guidance on this).
‘Password99’ or ‘123abc’ common-type passwords can be cracked in seconds.
Change all of your passwords. (There are government approved sites where you can check the strength of a password – don’t use a real one, just test the structure). These sites will give advice to use lots of different random letters and symbols (hard to remember) or longer phrases, that when typed with no spaces are still strong but may be more memorable, perhaps as in a favourite breakfast ‘CornflakesTeaToastJam’.
Record your passwords securely – use a trusted encrypted password app such as ‘Last Pass’ or a similar trusted app (lots of reviews availablea) and find one that is recommended through the https://www.getsafeonline.org/ website.
Systematically record all your digital assets – hardware devices, subscriptions that you pay for, utilities/ banking that you use on line, digital photos, important files….whatever it is. (Don’t write down the passwords!).
Then imagine 1) that you’ve been burgled and all your hardware is taken, 2) that your system has been hacked and ‘identity stolen’.
In each case, who do you have to call to cancel/block accounts, or to regain control?
How do you prove that you are ‘you’ if the hacker now controls your email accounts?[tip – landline phone is great verification, mobile phone pretty good but not flawless, physical letters(?), attendance in person at your bank(?)]
How can you replicate what has been lost? (Cloud storage, duplicating your PC? Or separate USB or backup drive where you’ve backed up photos etc.? – kept away from your other hardware to minimise the chances of a burglar stealing it too).
Harm caused and how to minimise this?
Online banking – use credit cards (they have better fraud protection) and have a bank account used only for online purchases where the provider insists on an account. Use strong passwords and do not use public Wi-Fi without encrypting your connection (they can capture every keystroke, including your bank log in and password) – consider using a VPN (‘virtual private network’).
Talk to your family about sensible precautions and make sure everyone takes care (you being safe is little use if someone else then lets a virus onto your computer that takes it over.)
Emails– what do you send/receive? Would it be embarrassing/ damaging professionally if it became public? …most email systems are very insecure – assume they are not safe.
You can take time to encrypt all emails (fairly common now), or simply use good discretion.
Do not trust any email attachments (this is where the malware sits) and remember that all email headers and appearances can be faked exactly like the real thing (a phishing email) – it will look like it’s from your bank, the only giveaway is within the extended email header (technical).
Be careful in your main email account and set up ‘disposable’ email accounts to share when you have to sign into things or log into Wi-Fi etc.; then if these get sold on/ shared (and then hit with spam and phishing attacks) you can simply close it down and set up another.
Social media – what are you (and family) sharing?
Personal/ risqué/ banking info/ your address (or means or locating you)/ job, children’s schools?
Make sure your privacy settings are on, review your online footprint, discuss safe habits with family (and friends) too – they may take a picture of you in the pub and tag it exposing you/ your job etc.
Photos on Facebook and social media are not your photos anymore – they belong to FB, Twitter etc.
Social engineering attacks –
It’s usually simple to find out something about you – your bank, broadband provider, water/ electricity supplier, a subscription you have – whatever they can find out, can be faked and you may be emailed (often phoned as well) very convincingly – to get you to share passwords or bank details which can be exploited.
Often this will be in stages so that it seems harmless, but put together gives them all they need (‘for security reasons give me the first and third numbers of your pin’….seems harmless? Next call a week later, ‘give me the second and forth numbers of your pin’…harmless? Now they have your entire PIN and can empty your account).
Always decline, get a reference number and call/ email them straight back on a number or email address that you know is genuine (from an older statement maybe?)
Ensure all your software is kept up to date (software patches are almost always to protect against discovered weaknesses/ threats) – but only update from the trusted source (Apple App store/ Microsoft site directly etc.)
Use trusted security software (anti-virus and firewall) – not necessarily paid for, (free software can be good) but research these before using either and start from a trusted industry or government site… to make sure it’s not malware in disguise.
‘So you are now digitally safe?’….everything has strong passwords, you have anti-malware software running on everything, firewalls, a VPN set up for using public Wi-Fi ; you’ve all your passwords and account details carefully recorded and encrypted in case of emergency, you and your family follow the above steps …
…something can still go wrong or slip through at some point.
Assume the worst will happen and that you will have to replace or factory reset one or all of your machines at some point….plan so that this isn’t an irreplaceable loss – treat digital assets as you do physical ones, and if the worst happens retrieve your data from a backup, claim on insurance and move on.
Remember – technology can be great, it’s a huge part of our lives because we want it to be and enjoy it; so find the balance between security and isolation.
Minimise the risk of it happening, the harm it causes if it does, and have a plan…but continue to enjoy the benefits.