NEWS
HMS TRAINING AND SUPPORT
REGULAR IT TIPS AND NEWS - MARCH 2024
This information is a general guide about how to stay secure. There may be some detail missing or you may have had a poor experience with apps/methods of security suggested below, if so please do let me know. If you need a “security overhaul” of your online accounts, email or device setup, please contact me.
SECURITY
SPECIAL
Over the last couple of months, some people have
experienced a worrying number of security warnings and problems regarding
logins and passwords. A couple have had their accounts
hacked. I believe this could be due to the largest ever leak, or
breach, earlier this year of data from multiple sources, consisting of billions
of user IDs and passwords. All these account credentials are now
available on the dark web for purchase and can be used to try to log in to the
accounts listed.
The question is, if we assume that
hackers/criminals/scammers have access to our email address details (commonly
used as usernames) and some passwords, what can we do to protect ourselves from
them?
FIRST STEP
Check whether your email address (username) and password
is on a publicly available list by:
1.
Going
to the password settings on your device either in Settings, Passwords on your
phone or tablet, or in your browser (Edge, Safari, Chrome, Firefox etc) on your
computer, and checking the security recommendations. As an example of how
to do this (I don’t have room here to describe every option in detail, so
please contact me if you need help) on your iPhone:
a.
Tap
Settings
b.
Passwords,
enter the security information to view passwords
c.
Tap
Security Recommendations
d.
Take
note of the security recommendations provided
Urgent action needs to be
taken when it says, “This password has appeared in a data leak”. I
recommend changing the password as soon as possible (again if you need help
please contact me). Alternatively, or if you don’t save passwords on your
device or in your browser, there is another way to check if you’re on the
leaked lists. Visit Have I Been
Pwned: Check if your email has been compromised in a data breach and type
your email into the space provided. If it is, then go to the passwords
section of the site to check whether they have also been compromised. To
find out more about HaveIBeenPwned and those who created this useful site (and
why you can trust them) read their FAQs. Have I Been Pwned: FAQs They
help governments and are recommended by security experts such as Malwarebytes.
2.
When
creating a new password:
a.
Avoid
using personal information as part of a password
b.
Always
include a combination of letters, numbers and symbols using at least 16
characters
c.
Don’t
use the same password for multiple accounts. This risks a cybercriminal
being able to access more than one account from only one data breach.
d.
Avoid
using a single word found in a dictionary. Using three words joined
together is a good tip.
e.
Randomise
letters, numbers and symbols rather than using a logical sequence.
f.
If
you store your passwords online ensure the password manager used is encrypted
and you can access the account using a secure backup method (ie changing the
account credentials online using two-factor authentication) even if you lose
your master password.
SECOND STEP
Ensure you have two-factor authentication (2FA) set on
any account that allows it. Especially accounts that you use for email,
logging in to any account that holds financial information or that stores your
card details. These can include Microsoft, Google, Apple, BT, Sky, Yahoo,
banks and retailers. There may be more, each person has differing
accounts. This means that no one can log into your account/s without
first typing in or using a verification method via your phone, authentication
app or email account.
THIRD STEP
When paying for something online, set up and use a
digital wallet such as Apple Pay or Paypal. It’s more secure than
entering your card details on a website, it also negates the need to save your
card details in your web browser (Edge, Safari, Chrome, Firefox etc) for ease
of use. Of the two payment systems, Apple Pay is more secure as it uses
encryption linked to biometric authentication (Face ID or Touch ID) to protect
your payment information – the card details are not visible online at any time
during the transaction. Using Paypal can be a little clunky as you must
move away from the store’s checkout to the Paypal site to complete the
transaction, but again, providing your Paypal login is remembered by your
device and secured using biometric authentication (Face ID or Touch ID), all
information processed is secure. There’s the added benefit that Paypal is
accepted at a larger number of checkouts and Paypal monitors transactions to
help prevent identity theft, fraud and phishing.
WHAT ELSE
CAN I DO TO STAY SAFE ONLINE?
In the past I have written about other security
recommendations and actions to take when online. The internet as a whole
and public wifi connections are easily compromised if you know how and have
intent to steal, defraud or collect data for nefarious purposes. So, what
can you do to stay safe?
AVOID USING
LINKS IN EMAILS
Phishing emails are rife. If you receive an email
purporting to be from a bank, retailer, delivery service, utility company,
online service provider or even a friend you’re not expecting to hear from,
treat it with the utmost suspicion. Do not click on any links in emails
you do not trust implicitly. Instead use your browser (Edge, Safari,
Chrome, Firefox etc) and go to the website of the organisation concerned to
login or look for the information suggested in the email. Contact the
individual you’ve heard from, using a different method, ie text, Whatsapp or
phone, to check if they sent the email. If fear is used as a
prompt to action, or any sort of urgency to act is suggested by the email, be
even more suspicious – fear is used as a tool by scammers to persuade you to
act without taking time to think through the message content or check its
veracity.
CHECK THE
SECURITY OF THE WEBSITE YOU’RE VISITING
If you have need to make a purchase online without using
an online wallet or are entering personal information – look for the padlock to
the left of the web address in the address bar at the top of the window.
AVOID USING
UNSECURED, PUBLIC WIFI WHEN OUT AND ABOUT OR TRAVELLING
Have you ever been tempted to join the free wifi at an
airport, a hotel, café or public space where it’s offered? In the past we
thought nothing of it, except perhaps to enjoy the convenience. Nowadays
however, we must assume that someone is sitting on their computer looking for
devices that join the wifi, using specialist software they can potentially
access your device’s data or monitor the data being sent from that device to
the internet access point. To avoid this risk:
1.
Do
not join
wifi networks that do not have a password and show without a padlock next to
them in the available wifi list on your device.
2.
Do
not join
wifi networks that have a shared or publicised password, even if the padlock
shows. If everyone knows the password, it’s not secure.
3.
Do use your phone’s personal
hotspot if you know you have plenty of data available via your mobile
provider. Check if there’s a limit on how much you can use cheaply when
abroad.
4.
Do
use a VPN if
you have to join an insecure wifi network and there’s no alternative. If
you use a VPN, use a paid for, recognised and trustworthy one, such as Nord
VPN. If have explained and discussed the use of VPNs in previous
newsletters, for a good explanation of what a VPN is and how to install one on
your device there’s good explanation on MoneySuperMarket.com What is
a VPN and how does it work? | MoneySuperMarket whose information I trust,
or please do contact me for help.
KNOW HOW TO
WIPE YOUR DEVICE REMOTELY IF YOU LOSE IT
Most devices, even some Windows PCs, now come with the
ability to wipe them of data remotely if they are lost or stolen. This
means that, if your device gets into the hands of a criminal, you can delete
all your personal data from it before they stand a chance of getting to it.
AVOIDING
SCAMS AND INCREASING DEVICE SECURITY
DO NOT ENTER
YOUR PASSCODE INTO YOUR PHONE WHEN USING IT TO PAY IN A STORE
If you’re in a public place and are paying using your
phone, use biometric authentication in preference to entering your passcode
(Face ID or Touch ID). If someone can see your passcode being entered
over your shoulder, there’s more of an incentive to try to steal it.
Ditto entering pin codes for a card – tap and pay is far more secure.
SCAMS BY
PHONE OR AT YOUR DOOR
Many scams are still enacted by fraudsters via your phone
(predominantly landlines where the numbers are publicly available) or on your
doorstep. I have promoted the BBC’s Scam Interceptors programme before
and it’s still a great resource of info to help keep you scam-aware and
safe. Here’s a link to their website: BBC One - Scam Interceptors
I hope this is of interest and I will publish it as a
permanent reference on my website for future use.
Enjoy the Spring weather
Cathryn
Disclaimer: Copyright HMS Training 2024. Facts and prices published in this newsletter are time sensitive and may go out of date. The content is based on my personal research and opinion.