The pandemic has seen a significant uptick in fraudulent activity, whether it’s on the doorstep, over the phone or online, it’s never been more important to be vigilant. Just last week we had the news that scammers can spoof caller id, so they can call you and it will appear your bank is calling or more confusingly they can insert themselves into a text conversation that you have already started with your bank.
Today, I’m particularly focused on online security because we’ve had a targetted attack on our website. When you run websites there is a constant background level of spamming and malicious activity, but the attacker today either knew a bit about the company or had done some research before they attempted to break in. I’ve not seen that level of sophistication before and as a consequence I’ll be undertaking a full security audit.
What can we do to protect ourselves?
Passwords
Passwords are the bane of our lives! You seem to need one for everything – even reading the paper! I personally have hundreds! Not only do we have all these passwords to remember, but they are all supposed to be different. They should be strong and they should be changed regularly! Hopefully we will come up with something better in the future, in the meantime there are steps we can take to mitigate some of the pain.
I recommend the use of a password manager. This is a program that allows you to store all your sensitive data in an encrypted, passworded database. I use the open source keepass which is available to run on your computer or you can also have it as an app on your phone. I run the desktop version, which I then sync to my phone, so I have my passwords on me at all times. There is also a browser plugin that can autofill websites. Obviously the more things you do the more you add possible weaknesses into the system, but I’m confident in my methodology.
If you want to give yourself a scare, enter your email address into one of the websites that monitor hacks and you mey well find out that your email and password are already out there on the internet, through no fault of your own. This happens when a company is broken into and their database of logins is stolen. Sometimes we don’t even find out straight away, because the company doesn’t want to admit it got broken into.
One more note on passwords. Where possible and not everywhere will allow this, I tend to use “several memorable words or phrases” as a password rather than the traditional “A78!£lks” type password. Not only is it easier to remember and easier to type, it is also far harder to crack on account of it’s length.
Two Factor Authentication
Where 2FA is available, turn it on. It is a second layer of protection for your accounts. There are two main types:- app based or email / text verification. Where possible use the app version. There are a number of apps from the likes of Google and Microsoft. I’m currently trialing a catch all authentication app called authy which I’m really impressed with so far. It works for all your accounts.
Email Security
Turn off images in your email client. Images can be external links and those links can be used to track you or worse. Most importantly never click links and that applies to any kind of message. If you need to visit a site go to the browser and type in the URL yourself. Scammers create sites to look exactly like the real thing and if you follow their link you might not realize you are on a fake website. I recommend Thunderbird as a desktop email client. The world of mobile email apps is much murkier. I found a brilliant free one, but discovered it was free because it was tracking me! The default iOS mail client is solid. On Android if you can live with gmail the google app is good.
Then there’s all the obvious stuff
- Run a virus checker.
- Run a malware scanner.
- Don’t install anything unless you know where it’s from.
- Keep software updated.
- Put a lock on your phone.
- Install a phone locator.
If you need advice or training on how to make yourself or your
business more secure get in touch with us. We’ve been doing this a
long time.
As for my security audit, I’ll be logging into all the websites we host, checking the logs, changing the passwords and ensuring all the software is updated. Then I’ll review my own online security and accounts.