1. Keep your device updated
Weaknesses in operating systems and software are discovered on an ongoing and continual basis and whilst it may not be possible to protect your devices from all threats, regularly updating your devices will reduce the threat of a weakness being exploited. Ensure that you download and install patches and updates for all the software you use.
2. Ensure Your Device Has Anti-Virus and Identity Protection
Anti-virus, or as its normally termed – protection software, is often included for free with the operating systems that run Windows and Apple devices. If you make sure that this built-in solution is activated the device is instantly safer and less vulnerable. There are of course a wide variety of subscription and purchased services also available. The key is to ensure whatever system you use is installed, activate and kept up to date.
3. Create strong passwords
The shorter or weaker the password the easier it is to crack. The longer and more unusual your password is, the harder it is for a cybercriminal to crack. Avoid all the common passwords that are easy to guess (like Password123). Also avoid creating passwords based on personal information (family birthdays, pets names etc.), as some of this could be found within your social media profile. Obviously, it can be difficult to remember various unique passwords. This is where a password manager can help. A password manager can store all your passwords securely, so you don’t have to worry about remembering them. This allows you to use unique, strong passwords for all your important accounts (rather than using the same password for all of them, which you should never do).
4. Use multi-factor authentication (wherever possible)
As long as passwords are used for authentication, there will always be a chance that they will choose machine-guessable passwords and be susceptible to social engineering. Whilst using a separate password for every service provides a fair degree of protection, but not all, and it’s impossible for someone to do this across all their passwords without help of some kind. Multi-factor authentication (MFA), on the other hand gives a great deal of additional security for relatively little pain, which is always going to be a good thing.
Multi-factor authentication generally consists of a combination of the following:
- Something you know, typically a password.
- Something you have, such as a trusted device that’s not easily duplicated, like a phone or hardware key.
- Something you are – biometrics like a fingerprint or face scan.
Everyone should use multi-factor authentication whenever its available. This is particularly important when authenticating to services that hold sensitive or private data.
5. Use a strong and separate password for your email
Always use a strong and separate password for your email; that is, a password that you don’t use for any of your other accounts, either at home or at work. If a criminal can access your email account, they could:
- access private information about you (including your banking details)
- post emails and messages pretending to be from you (and use this to trick other people)
- reset all your other account passwords (and get access to all your other online accounts)
- Having a strong and separate password for your email means that if cyber criminals steal the password for one of your less-important accounts, they can’t use it to access your email account.
6. Protect yourself against phishing – don’t take the bait
Phishing or more formally:
“ a type of social engineering where attackers influence users to do ‘the wrong thing’, such as disclosing information or clicking a bad link. Phishing can be conducted via a text message, social media, or by phone, but these days most people use the term ‘phishing’ to describe attacks that arrive by email. Email is an ideal delivery method for phishing attacks as it can reach users directly and hide amongst the huge number of benign emails that busy users receive” – UK NCSC
Is rising significantly and can lead to the theft of information, installation of malware, sabotage of systems, or theft of money through fraud.
Be wary of opening unsuspected emails or messages which meet some of these characteristics:
Undue urgency – You might be sent an email with a tight deadline on it with a subject line like:
Re: Update your system password NOW
Authority – the email might appear to come from a trusted authority with an email address like:
From CEO@almost.my.company.com
Curiosity – sometimes the attacker will rely on your natural curiosity;
Subject: Breaking News from HR
The key advice is to think before you click and verify the communication is actually genuine before replying or engaging at all.
If you receive a suspected ‘phishing’ email, spam, or other suspicious email which claims to be from Banking Circle please do not click on any included links or reply to it. Please forward it to our security@bankingcircle.com and we will investigate and respond.
When you forward the suspicious message, add the phrase “Possible Phishing Email” to the subject.