How are you supposed to keep yourself safe online when nearly every day we see stories about some Megacorp being hacked or the American government announcing its own recent elections were hacked? Surely if these guys can't stop it happening to them, there is little hope for us?
Following these basic top tips will help you keep yourself safe.
Patching, keep your system up to date - Whether its a phone, tablet or computer, keep it up to date with the latest operating system and application patches. The exploits that happen usually happen due to out of date or unpatched software. Keeping yourself up to date is the easiest thing to do. When you are prompted to update your system, don't keep putting it off!
Backup your important and sentimental files - Errors happen, hardware fails, accidents occur and you might be unfortunate to be hit by Ransomware. All of these can lead to upset at the loss of files that can never be replaced. Backing up regularly means you can get back most, if not all of your files. Use more than one backup and consider the use of a cloud solution such as Microsoft OneDrive.
Antivirus and Malware protection - Viruses are still common and malware is getting more and more sophisticated, there is a subtle difference and whilst most antivirus vendors claim their software protects against Malware, it is not necessarily the case. Run at least antivirus, even the one supplied by Microsoft if you run Windows 8 or newer is better than nothing. Apple and Linux users are not immune. Consider running specialist anti-malware tools such as Malwarebytes or Heimdal Secuity (links at the end).
Ransomware - You may have heard or seen reports where someone has had their machine and all of its files encrypted by Ransomware leaving them with a hard set of choices:
Rebuild and recover files from the latest backup - as long as there was a backup or the files on the backup weren't encrypted too...
Pay the ransom and hope the files are restored and the money isn't just taken
Lose everything and start again (assuming no backup available
If you have been hit by Ransomware, DON'T PANIC (not right away). There may be free tools available to recover your information - https://www.avast.com/ransomware-decryption-tools
Passwords - General - don't be complacent with your password. Change them regularly, say every 3 months and use a good, strong password. Passwords don't need to be complex to be strong. They should be easy to remember but difficult to guess. We've published a guide to help you here: http://www.datalossprevention.co.uk/single-post/2016/12/30/How-to-pick-a-good-password
Passwords - Default Users - All devices, from our routers to our SmartTV's tend to come with default user accounts built in. These are great for getting up and running but with ever smarter malware attacks, the use of default usernames and passwords are a real nightmare. Take simple steps to change any default usernames and passwords that you can. There are attacks in the wild that simply need you to visit a compromised website and from there they can take control of your Internet Router and even your Smart TV (sometimes locking it so you cannot use it!)
Phishing - email scams - Phishing is now the most prevalent method of attack where people are lured into clicking a link or opening an attachment inside an email. Many of these attacks are obviously a scam but they are getting much more sophisticated. We'll update this article soon once we publish a dedicated guide on how to avoid being phished.
Keep informed with security news - Our News App (for Windows) is free for anyone to use and is available in the windows store: https://www.microsoft.com/store/apps/9pm9xhq285r8?ocid=badge
Wi-Fi at Home - Visitors - If you have friends or family over and they want to access your network, offer a guest network to them - http://www.datalossprevention.co.uk/single-post/2017/01/03/Offer-guest-networks-protect-yourself
Wi-Fi at Home - Passwords - Use a good, strong password for your Wireless Access, this will help from people getting access to your network and using it for free - http://www.datalossprevention.co.uk/single-post/2016/12/30/How-to-pick-a-good-password
Wi-Fi at Home - WPS PIN - The WPS PIN is an 8 digit pin that many wireless routers let you use instead of having to remember the longer password. The trouble is, WPS is really flawed and easy for anyone with a small amount of knowledge to crack. If you would like to learn more about the technical flaw, our friends over at Naked Security have an excellent post: https://nakedsecurity.sophos.com/2015/04/13/we-told-you-not-to-use-wps-on-your-wi-fi-router-we-told-you-not-to-knit-your-own-crypto/
Wi-Fi on the move - When at hotels or anywhere else that offers a free Wi-Fi service, consider it as unsafe and untrusted. A padlock showing the link is encrypted doesn't make it safer. Just remember that it is an untrusted location, if you are using Windows it will ask you to identify the network, simply set it to Public. When browsing the web if you see a page saying there is a problem with the sites certificate, such as below, treat the link as untrusted and don't try to connect - otherwise everything you send including your username and password could be seen by whoever runs the Wi-Fi.
Some useful links
Heimdal Security - https://heimdalsecurity.com/en/
Malwarebytes - https://www.malwarebytes.com/
Avast Ransomware Recovery tools (FREE) - https://www.avast.com/ransomware-decryption-tools
Please note: Any software, that we link to or mention, is not endorsed by DataLossPrevention.co.uk. You install and use software at your own risk, except our fantastic news app which is available for Windows devices from the Windows App store :)