It’s National Cyber Security Awareness Month this October, and there’s never been a better time to make sure you’re protecting yourself, your information, and your devices in the digital world.
As we continue to entrust more and more of our information and lives to the technologies around us, those technologies become an increasingly large target for cyber criminals. Protective technologies continue to be developed by the day, but the single most powerful tool available to secure your data from attack is you.
Acting securely online can be a challenge, and much of the information available online can be vague, overly technical, and in some cases directly contradictory. To help you make sense of how best to keep yourself safe, we’ve compiled a list of resources we think you might find useful – links to which you will find at the bottom of this email – and more immediately, a list of the most important tips and tricks.
Use strong passwords – easy to remember, hard to guess. Avoid using single dictionary words or personal information, even with “substitutions” (0 for o, 1 for I etc.). These substitutions are well known and will be included in most common attacks. Instead consider a passphrase – a collection of words, or try the “Three Random Words” scheme.
Consider a password manager. Password re-use is extremely damaging to your security, but the number of password-secured services we use day-to-day makes remembering so many unique passwords very difficult. By using password manager software, you can concentrate on remembering one extremely secure master password, and leave the software to generate secure passwords for all your other services. Best combined with Multi-factor authentication (MFA).
Multi-factor authentication (MFA). MFA is the single biggest improvement that you can make to improve the security of password-based login. No matter how careful you are, and how secure your password is, it may still be discovered, and without MFA active, easily used to grant an attacker access. Modern MFA can be delivered unobtrusively via notifications on your smartphone, or by one of many other means, and enabling it on your accounts is a surefire way to improve security.
Keep up to date. Updates to devices and software can serve a number of purposes, however many if not most include changes to fix known vulnerabilities and improve the security of your experience. If you ignore them, you open yourself up to some of the most well documented flaws out there. Try and install updates as soon as you can.
Exercise caution when downloading and installing files. Whilst antivirus software can and does catch mistakes, it’s better not to test that yourself. Use caution when browsing, and only download or install files and programs that you trust the safety of.
With all of the security measures outlined above, and the increased adoption of them, direct attacks are becoming less and less likely to succeed against most systems. As such, by far the best way for a cyber criminal to get their hands on your credentials is to get you yourself to give them out.
Phishing attacks can be very tricky to spot amongst the vast amount of emails we receive daily, however there are a number of effective signs you can use to help you identify them:
- Unusual / unofficial “From” address
- Claims that urgent action is required
- Generic / impersonal greeting
- Fake links
- Spelling errors, poor grammar, unusual syntax
- Requests for personal information
- Unsolicited attachments
Nobody’s perfect – Speak up!
Cyber-attacks are getting more sophisticated by the day, so whilst it is important to remain vigilant, chances are you may sometime make a mistake, be that falling for a phishing scam or installing software that turns out to be malicious. Don’t be embarrassed, even experts can struggle with this sort of thing – instead take action quickly to limit the impact.
You can contact UIT Support via the IT Portal https://itportal.sunderland.ac.uk, Action Fraud (the police cybercrime service, available at https://www.actionfraud.police.uk/ or on 0300 123 2040), and if you believe your financial information is at risk, you should also contact your bank.
The Technical Services website will be receiving updates over the next few months and beyond to provide more detailed, up to date guidance: