Bytes - Smarter together
Bytes - Smarter together

Bytes Blog: Safer Internet Day – Top Tips for Staying Secure

Monday 6th February 2023

Writer: Gennaro Migliaccio, Contributor: Giuseppe Damiano, Editor: Daniela Miccardi 

_______________________

Safer Internet Day is an annual campaign to help make the internet a safer space for people of all ages to use and enjoy. To honour Safer Internet Day, we’ve put together this short guide that provides tip tops for staying secure online!

Watch out for Phishing!

Phishing is where an attacker pretends to be a legitimate source (eg. HMRC, PayPal, etc.) in order to obtain key personal information or gain access to a device… think of Phishing as being scammed or conned.

Phishing is one of the main causes of compromise. The majority of phishing attacks happen via Email, however, research has shown that attackers ultilse other streams of communication when attempting to compromise a user. These other techniques are known as known as Smishing (via Text Messages) and Vishing (Voice Chat/Calls).

Phishing attacks are designed to trick you into sharing details, such as passwords or personal information, and in some cases, they can prompt a user to download files which will infect their device. In most cases, phishing messages will contain text instigating urgency or pressure to make the recipient act irrationally. Examples of these are:

  • HMRC demanding payment for Taxes, normally including  a deadline and consequences for not complying, creating urgency and panic.
  • Your Bank suspending your account for suspicious activity, normally worded in a way to create fear of loss, and therefore driving urgency.
  • A postal delivery service stating they have attempted delivery and you need to schedule redelivery of your package. Normally no deadline, but chances are you have ordered something, and are keen to receive it sooner rather than later.

Beware! Phishing techniques have evolved and improved over the years to look credible and legitimate. Remain vigilant and query everything that makes you feel under pressure or uncomfortable.

Beware of Downloads

A key method used to compromise or infect a device is a download from a malicious source. Always be careful over what you download and ensure it is from a credible source.

Untrustworthy or questionable websites, as well as credible sites that have been compromised, will automatically download files to a device, hoping the user will view and open the file. This is known as a drive-by download and can abuse insecure & outdated apps, and browsers, forcing them to run automatically.

Always ensure the browser and operating systems in your device(s) is fully up to date. Also – activate, maintain & update anti-malware software on all devices.

Please note – the above is not limited to desktops and laptops, mobile devices are an equal target by these types of attacks.

Public Sharing

Don’t make it easy for attackers to steal valuable information by sharing and/or publishing personal details. It is common to overshare on social media, pre-post, consider how and where the information can be used against you.

Phishing attacks are more likely to be successful if the attacker holds key information about the user. For example, a particular phishing attack may reference a post code that the user shared on a public social media site, making the malicious message appear more legitimate.

There is no hard and fast guide on what should or shouldn’t be shared online, as it is ultimately a personal choice. However, pieces of information that – if shared - increase the risk, include:

  • Your Home Address - this includes photos of your home with identifying features (Ie. Door Number, Street Sign ect.)
  • Photos of your post or any letters will also have these details (ie. Someone who has just passed their driving test)
  • Identification/Official Documents
  • Pictures of your Driver’s License, Passport, and other official documents. These can be used quite easily for identity fraud
  • Banking, Credit Cards, Bank Statements
  • The information contained on these can be used for fraud and identity theft. It’s surprising how many people still do this!

Use Strong & Different Passwords, as well as Multifactor Authentication

Easy to guess passwords are a favourite for hackers, as well as passwords that are reused for different services/apps. However, even complex passwords are not 100% secure. Users should consider configuring Multifactor Authentication (MFA) wherever possible, available and/or supported within the service (i.e Banking Apps or Social Media Apps).

Top Tips:

  • Use different passwords for the different services you are using
  • Use strong, complex passwords. Including Uppercase and Lowercase letters, numbers and symbols can make a password harder to crack
  • Whilst remembering a lot of complex passwords represents an issue, consider using a Key Vault/Password Vault for storing your passwords. Just make sure that the ‘master’ password you use to secure your Password Vault is Secure
  • Where possible, enable Multifactor Authentication (MFA). MFA is a secondary form of authentication such as using your mobile device to validate who you are (Normally via SMS or a smart phone app)

Summary

The online-verse can be a safe place for all, if the right pre-cautions are in place.

Always stop and think about your actions and how they can be used maliciously.

The best piece of advice Bytes can give is: Make time for security! For many users, this is an afterthought. It is important to be proactive and set aside some time every month to make sure your data is secure.

Here are a few things to consider when looking to improve your online security:

  • Update all devices and applications (including web browsers)
  • Turn on MFA for all applicable applications (including Social Media)
  • Change passwords to more secure/complex ones, on a regular basis
  • Ensure devices are protected by an Anti-Virus
  • Restrict application permissions on mobile devices
  • Remove unwanted/unused applications on all devices
  • Ensure suitable backup of data
  • Review privacy settings/personal information on your social media applications
  • Close online accounts that are not used

Psssh: you don’t need to be a security expert to do any of the above. 

Visit the Safer Internet Day campaign - https://www.saferinternetday.org/.

Thanks for reading. 

If you have any questions, or would like to learn more about any of the topics covered in this blog, please email our friendly team via [email protected].

Want to keep informed? Sign up to our Newsletter

Connect