29th September 2017
SureCloud Cybersecurity Practice Director Luke Potter provides some expert guidance on staying safe online.
Following SureCloud’s recent feature as part of the BBC’s Rip Off Britain program, I wanted to share some steps we can all take for staying safer online.
Choose Security Question Answers Carefully
Some security questions are used to confirm your identity; for example, when setting up a bank account or applying for a credit card you will often need to provide your date of birth. However, many services ask questions that are used simply to verify you for key account changes or password resets. With these kinds of questions, we would recommend always setting random answers that only you would know the response to. For example, if a website asks you for your pet’s name or what your first car was, instead you could create a response that is not the actual answer to the question such as YellowKeyboard26. Doing this ensures that someone who knows you or has scoured your social media profiles is a lot less likely to be able to deduce the answer and impersonate you.
Never Use the Same Password Across Multiple Accounts
You’ve probably heard this advice many times, but it is so critical to follow: Never share passwords across multiple accounts. Ensure that each and every account (for the same or different websites) has a strong and unique password that doesn’t follow a pattern. Password manager applications and software can help here, but it’s always important to ensure the password for the password manager itself is strong. This usually also means that the only password you have to memorise is the one that allow you access into your password manager. Some even integrate with mobile and laptop device fingerprint readers.
Where supported by services and websites that you use, we’d recommend taking advantage of multi-factor authentication. The purpose of multi-factor authentication means that instead of just a password you would need to login using two methods to access your account. The most common two authentication factors being ‘something you know’ (such as your username and password) and ‘something you have’ (such as a unique code text to your phone or a code from an authenticator app).
Take Advantage of Security Features
Many websites will provide additional security features for your online accounts that are not enabled by default. You may have to actively navigate in to your account/security settings and enable them manually. A typical example of this would be in the case of online banks that don’t enforce all of their security features, but give you the option to enable them. So, we would recommend digging around in the options available to you and to take advantage of what is there. A great example here would be to enable multi-factor authentication if it’s supported.
Unique User Names
Many websites will ask you to provide a username to access the services that they provide. Along with setting the unique passwords as mentioned earlier, it’s also wise to use unique usernames for each site that you use (again, these can be stored safely in your password manager if you use one). This makes it more difficult for people to track your activity online and link your association with other online services if one is compromised. Where the website uses an email address as the username, consider setting up multiple email addresses that can be done by registering for multiple online email accounts. Some of the large free email providers allow you to use a ‘+’ character between domain in the email address and the user name, which can be used to note where you have registered an email address. For example, if we registered a new user account at ‘example.org’, we could use firstname.lastname@example.org. This method will also help you to identify if you are receiving unsolicited marketing that you haven’t opted into from a provider.
For the more tech savvy, consider registering a domain with a ‘catch-all’ style email configuration so that anything sent to that domain in terms of email is caught and forwarded to your primary account.
Check Those Social Media Settings
The majority of social media services give users the ability to adjust privacy settings and controls within their accounts. However, similar to taking advantage of additional security features, it’s often up to you as the user to review these privacy settings to ensure you are sharing only what you want with the people you want to. We would recommend restricting these various options to share your content only with people you trust, and for any individual posts or photos on these websites to adjust the individual settings as desired.
Think Before You Post
When posting on social media, whether it be a picture or comment, think before sharing that material. Review the photo to ensure there is nothing shown within it that you are not comfortable putting out to the world. For example, does the picture contain a bank statement, password or even a set of keys in the background? If so, a cybercriminal may use this to target you. Also, potential employers often check social media and even one derogatory comment could cost you your job. Even the costume you choose for a costume party could impact the social media perception of your personal reputation! Consider any details posted online to potentially be permanent.
Cybersecurity is everyone’s responsibility. These steps should not only be part of your own personal online safety, but also your due diligence when working online with your company or any accounts associated with your job.