The first thing to be said is that all of this is incredibly basic to anyone who’s really knowledgeable, but it’s still new and unknown to a lot of people. I’m not an expert, not at all, but I do most, though not all of this stuff – I don’t use a Password Manager, for example, my own (probably quite arbitrary) gut reaction is that I’d just be giving another hostage to fortune. I think I could describe myself as a committed lay person! I hope it helps.
Software and Apps
Install the latest updates and software, of browsers, operating systems and display software – they nearly always contain security upgrades and fixes.
Firewall and anti-virus software
If there’s an out-and-out attack, you need these, badly. Make sure you have them. Check out their comparative benefits at a site you trust already; for me, thats one of the big ones, or a consumer finance website like moneysavingexpert, which has the added bonus of showing you how to get what you want as cheaply as possible.
The National Fraud and Cyber Crime Reporting Centre (at the Action Fraud link below) offers free cybercrime protection named Quad9 and DMARC. I haven’t independently researched these yet, but that sounds a great offer.
Use a strong, secure password, notably for your email accounts. They can be used to gain access to all sorts of other accounts, including financial accounts.
Don’t use the same password for different accounts: that way, if one account does get hacked, the criminal won’t get access to your other accounts. GetSafeOnline recommends using three random words to create a strong password. Numbers and symbols can still be integrated into that, of course, for example SixBeaches18lorries** On another site, you might use SevenBooms47lychees((. Those are the same initials and processes, but almost completely different even so.
Don’t use anything that you would ever mention on social media: a child or partner’s name, a pet, a place of birth, favourite holiday, or a sports team. Keep it random but memorable for you, and you alone.
Where available, always use two-step authentication on your accounts. It adds an extra layer of insurance.
Safeguarding your data
Back up your computer regularly. It’s useful to store data in the cloud, but what would happen to your data if that firm was hacked? I store hobby data in the cloud, items that are important to me, but have no security implications at all. Backups should be safe too. An interesting point from CyberAware: make sure the external hard drive you use isn’t permanently connected to your device, either physically or over a local network connection.
I back up to an external hard drive regularly, kept in a fireproof “briefcase” type safe, which is stored somewhere safe (against burglars, against the house catching fire). If I have a particularly important set of documents and don’t have time to do a full backup, I’ll back up to a flash drive, stored in the same way. A set of flash drives is held in my bag ready to go at a moment’s notice.
Use a password to open and enter your computer or smartphone. Even if you do lose it, your data is then more safe. Can it also be encrypted? Check it out.
Use a surge protector – they’ve dropped in price tremendously in the last five years, and they’re well worth it. Many preppers think an EMP is inevitable – think how much more likely a too-near bolt of lightning is! It really is as simple as an extra plug at the mains.
Tape over the camera lens on the computer, the one that faces you. You don’t know if your computer might fall victim to a remote control hack, and then potentially anything you do in front of your computer screen is viewable to the hackers. Protection is as simple as a strong piece of tape that can easily be pulled back if you want to skype or facetime.
A very focussed news item from Buckinghamshire Fire and Rescue tells its own story: basically, don’t leave your laptop while its charging, and don’t leave it by combustible material (such as books!), don’t overload your sockets. Believe it or not, there’s a guide about not overloading sockets.
News to me, but I’m definitely using that in future.
Books have been written about malignant emails: just don’t open anything that you don’t already know or expect. If you’re not sure, hover over the Sender column – it should show the real email address of the sender, which can be quite an eye-opener.
Drive-by phone thefts
Whether you’re speaking with friends, or consulting Google Maps, it’s likely you’ll have your phone out at some stage when you’re on the street. I do myself. The only thing I can think of to do is to watch the local environment and to stand well away from the road, turned away from it, in fact. If you have suspicions, don’t get your phone out! Or go somewhere quieter, and safer.
Authorised Push Payments
Which, the consumer organisation, made a “super complaint” to the Payment Systems Regulator. This is the history of it, and the response.
The techniques used by criminals have become extremely sophisticated, mostly based on intercepting legitimate communications between the individual and their bank, or conveyance, or savings organisation, and diverting payments, with the agreement of the victim – which is what currently lets the banks say it’s our own fault, when it’s often a criminal either inside the bank or attacking the bank’s communications systems. Official websites aren’t yet covering the steps that individuals can take to guard against this – which says to me that it’s understood that it’s not individuals who are primarily responsible. But there are some things we can do, even so. I found these paragraphs at a private company’s website, at this link, and well done to Pettyson, a regional estate agent, for such clear, concise wording:
What you can do to protect yourself from APP fraud
Proactively protecting yourself from this kind of fraud can be difficult, as hackers can strike at any time. However, changing passwords frequently and using long and complicated alphanumeric strings – including upper and lower case letters along with special characters – is a good place to start, but these can be a pain to use. To help with this, password managers such as LastPass are highly recommended.
While frequently changing your email account’s password may scupper some scammers, others may still get through, so the best line of defence will always be your common sense. If anything at all seems fishy, be suspicious. In fact, be suspicious even if all seems well! You simply cannot be too careful.
Give the company asking for payment a ring to see if the request is legit. Dig out old paper records or search Google for the company in question to find their contact details – do not under any circumstances use the contact details listed in the email, as these are likely to be those of the hacker, not the genuine company.
If you are requested to make a significant payment (even if it is one you are expecting) via email, making a small payment first and then checking that the recipient is who it is supposed to be before transferring the rest can help protect your money. While it may be more inconvenient to make two payments instead of one, it’s a small price to pay if you want to keep your finances safe and avoid joining the tens of thousands of people who have already been adversely affected by APP fraud.
Finally, if you own a business that could potentially be targeted with APP fraud, make it a matter of course to call the beneficiary of payments over a set amount. Also, agree a ‘safe word’ with your accounts department and insist they call you before making any payment over a certain figure, it could save you thousands. Similarly, alarm bells should ring if you are ever asked to make a payment to alternative bank account to a regular beneficiary or supplier. Be on your guard…it’s a real threat.
Those are the main points I want to cover right now, but I’m absolutely sure there’s dozens and dozens of other points to be made – if anyone wants to share what they know or what they’ve found, please feel free. It will help us all. In the meantime, some useful websites:
UK Police: Action Fraud
UK government: Cyberaware
UK public/private sector partnership: Get Safe Online
UK charity furthering the work of the Electrical Safety Council: Electrical Safety First