Now more than ever, as we adapt to new ways of working, it’s important that we stay safe at work (and outside of work) by continuing to take the security of our data and systems seriously. Especially as we know that cybercriminals have considerably ramped up their efforts during the Coronavirus (COVID-19) pandemic, in an attempt to exploit public fear to catch out their victims.
Every member of staff within all organisations, whatever their role, has a responsibility for cyber security and that’s why this Cyber Security month, we’ve put together ten top tips that you can follow to raise your awareness of the dangers, whether you’re working in the office or at home, and the ways in which your actions can help or hinder these types of attacks. With the ultimate goal being to help you to keep yourself and your organisation safe from any attacks or breaches.
Realise that you are an attractive target to hackers. Don’t ever say “It won’t happen to me" and always remember that everyone has a responsibility for cyber security, so whatever your role you have a part to play in protecting yourself, your organisation and the device/s you’re working on.
Practice good password management. Use pass phrases that use three to four random words, and don’t use the same password for multiple sites. Don’t share your password with others, don’t write it down, and definitely don’t write it on a post-it note attached to your PC or laptop.
Never leave your devices unattended. If you need to leave your computer, phone, or tablet for any length of time, no matter how short, lock it up so no one can use it while you’re gone. If you keep sensitive information on a flash drive or external hard drive, make sure to lock it up as well.
Make sure you are running all the latest versions of software on all your devices. The updates will often contain new security patches and new security features. These new updates and features will make it harder for attackers to successfully compromise your devices.
Always be careful when clicking on attachments or links in email. If it’s unexpected or suspicious for any reason, don’t click on it. Double check the web address of the website the link is pointing to: bad actors will often take advantage of spelling mistakes to direct you to a harmful domain.
If you are still unsure, don't take any chances forward the email as an attachment, to report@phishing.gov.uk.
Be aware of what you plug in to your device/s and what you plug your device/s into. Malware can be spread through infected flash drives, external hard drives, and even smartphones. Additionally spikes in energy caused by storms and electrical power surges can cause damage to your device/s, which is why it’s always a good idea (where possible) to use surge protector sockets.
Sensitive browsing, such as banking or shopping, should only be done on a device that belongs to you, on a network that you trust. Avoid using a friend’s phone, a public computer, or a cafe’s free WiFi, as your data could be copied or stolen.
Watch what you’re sharing on social media. Criminals can befriend you and easily gain access to a huge amount of information - where you go to school, where you work, when you’re on holiday - that could help them gain access to more valuable data.
Offline, be wary of social engineering, where someone attempts to gain information from you through manipulation. If someone calls or texts you asking for sensitive information, it’s okay to say no. You can always call the company directly to verify credentials before giving out any information.
If a call, email or text you receive is asking you to act and to do it now, stop and think carefully before you take action, especially if there’s a deal involved that seems too good to be true. Additionally, be sure to monitor your accounts for any suspicious activity. If you see something unfamiliar, it could be a sign that you’ve been hacked.
Finally, you should be extra vigilant when it comes to attacks where cybercriminals pose as a legitimate organisation to lure their victims into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords.
These types of cyberattacks happen when you’re contacted by fraudsters unexpectedly via email (known as phishing), telephone (known as vishing) or text message (known as smishing), with the perpetrators often trying to get you to act and to do it now, to catch you of guard. So always stop and think before you act and take actions such as responding to automated telephone messages, or clicking on a link, and always contact the company directly to verify credentials before giving out any information.
