Cyber Security, it won’t happen to me.
Sorry? It already is happening!
Security of your IT is imperative whether you are a large corporate or the small home user. In this day and age when we all have to have access to a PC, you can’t do your Tax Return without one, we are all under constant attack form groups out there on the Internet who are trying to either make, sorry take, money from you, or to be just plain nasty and spoil you day, and probably quite a few afterwards.
If you have a PC you will be using email, and the spam filter sitting at the from of the receipt process will be picking things off all day long. The modem/router that youir Broadband connection comes through has setting s that constantly stop the less scrupulous getting inside your machine to look for useful snippets of information that along with bits purloined elsewhere will provide more details on potential targets for fraud and malevolent actions.
Cyber security is not the responsibility of someone lese, not even in big companies – it is the responsibility of everyone, and as such we will see these subjects below…
Cyber Security Standards
The Basics – your passwords
Oh, you do have one don’t you, you don’t let your machine go straight into Windows for you when you start it up surely. Sounds like a really silly thing to think, but an amazing percentage of people do!
I bet you’ve also changed the pin number on all of your bank cards to the same one – not a good move. If you lose your cards and your pin is known it is oh so simple to drain the cash from all of them. Don’t keep it on a piece of paper in your purse or wallet either!
Passwords would should be at least 8 characters long, preferable more. Many websites expect you to have 12 characters.
These character strings ought to be a mix of numbers and letters with at least 1 upper case letter and a special character, maybe one of those from pressing shift and a number key. Avoid having the same character repeated next to itself, and even avoid consecutive numbers. Use a different password for each site. You can do this by prefixing a similar string from elsewhere with the some character(s) that identify the site to you. Change the passwords on a regular basis. Corporate systems will have settings in them to force users to do this, and not allow re-use of a previous password for a set period.
mHal1,ifwas – Try using a well known phrase, to you that is, like the one at the start of this paragraph figure it out or go to the end of this page.
And you know those sites that ask for the answer to a security question, e,g, your mother’s surname, try using your dogs name as the answer
Don’t write your password down on a Post-It note! If you have to write it somewhere, maybe so that you don’t forget it while on holiday do so on a piece of paper you put in a sealed envelope, signed across the stuck down flap to be kept locked up until you need to refer to it, or change it.
Rogue emails, or spam
We all get it by the bucket load, whether it be the stuff that resembles the junk mail the Postie brings, as it is a good source of income for the Post Office, or cheap drugs or other ‘lifestyle’ opportunities, or even – still- the @i’ve got squillions of dosh I would like you to help me with…’.
What kind it is will determine how to minimise it. The ‘shopping’ junk mail will usually disappear if you follow the unsubscribe. Code of Conduct are now making that happen relatively painlessly. Lifestyle email work on keeping at bay by using a spam filter which will collect it and make deletion of it easy, do not unsubscribe – they will know they have a sucker. However, you will need to check the filtered stuff as it may collect important mail, which will mean changing the filter settings if you can or having a word with your email provider. I heard someones car insurance renewal reminder was filtered out and they drove round for a week or so without insurance!
If you don’t recognise the sender be careful! If the ‘bank’, or other official email, sender address doesn’t look quite right do not open it, delete it. All my bank accounts where I have never banked have been blocked so many times… If in doubt contact the perceived sender by phone. Any attachment can be doctored to include a virus of some kind or another, and if opened and nothing happens they will have still collected your email address for useful future use. Do NOT give passwords or bank details by email, nor any other information that might cause a problem for you in the future.
Comes by email and if invoked will work through your files encrypting them so that your system is unusable apart from logging in and using a browser. While paying the ransom may seem cheaper than working around the problem, work around it! Get hose backups restored to your system – Oh! You do have backups don’t you! OK, so you will from now on – and if you have a backup system make sure you know how to restore from it. I have a colleague who could backup wonderfully and reliably, restore now that is a different challenge.
Anything that comes down to you system can be malicious. Even if it comes from your best friend, they may just be passing it on from an unknown source, may have the potential to leave you dead in the water. It matters not if it is a download, a CD, a USB stick, or whatever the favourite device of the moment is, be certain it is clear of infection before committing it to your system.
Ensure your anti-virus software checks everything from everywhere. There are a number of good ones where the product is free to home users, there are others always being offered with those questionable downloads you keep coming across, every new machine comes with someones offering. Make sure they are up to date with virus their definitions on a daily basis.
Sharing, or not, PCs
What ever the device is you want to use login with a secure password. This will ensure no one else can tailgate on to the machine and get at your information. When you move away from your machine lock the screen or logout, especially in a work environment.
Cyber Security Standards
A primary objective of the UK Government;s National Cyber Security Strategy is to make the UK a safer place to conduct business.
Cyber Essentials is a cyber security standard that uses independant assessment to identify the security controls that an organisation needs to have in place within their IT systems in order to have confidence that they are addressing cyber security effectively and mitigating risks from internet borne threats.
The illustration below shows the 10 steps to be taken on board to achieve the required level for Business Certification.
The scheme provides users with clear guidance on implementation, as well as offering independent certification for those who want it. Certification means that the user can show that their dta is adequately protected, and that cyber security is taken seriously
Certification can be either…
- Cyber Essentials – companies completes a self-assessment questionnaire which is reviewed by an external Certifying Body.
- Cyber Essentials Plus – tests of the companies systems are carried out by an external Certifying Body.
To get certified contact us. To follow up and get more information go to www.cyberessentials.org.
But it’s none of those I want!
Whether we’ve covered your problem above or not get in contact and let us see if we can help.
Mary had a little lamb, its fleece white as snow