How to stay safe online
The online world presents everyone with many opportunities, yet also possess risks and challenges. That’s never been more apparent than during the pandemic, throughout which many people are spending more and more time online.
As an education provider, Decoded has a role in helping you stay safe and protected from harm online. Our June newsletter highlighted safeguarding online. This issue, we’ll take a look at basic internet safety and how to protect both your own and your organisation’s data.
Check out Microsoft’s video on Internet Safety at work for some basic tips on how to stay safe online.
As a learner on the Data Academy, it’s important to be aware of your legal, ethical and company-specific responsibilities when you share data. You will most likely have internal policies on data sharing within your organisation. It’s always a good idea to make sure you are handling data in line with those policies.
Decoded have also put together Data Sharing Guidelines to help you gain awareness of your responsibilities as a data handler, and give you a set of informal guidelines to follow when sharing data on the Academy.
Hacking and Cyber Security
Britain’s National Cyber Security Centre (NCSC) has dealt with a growing number of coronavirus-related incidents involving hostile states and criminal gangs, which led to the overall number of serious hacker attacks reaching an all time record over the past year. A survey of UK CTOs, CIOs, and CISOs has found that 99% of UK organisations suffered security breaches in the last twelve months.
Spoofing: disguising a communication from an unknown source as being from a known, trusted source. Spoofing can apply to emails, phone calls, and websites.
Social Engineering: tricking someone into divulging information, usually through technology. Social engineering takes advantage of our natural tendencies and emotional reactions.
Phishing: Creating plausible emails targeted at key individuals designed to encourage them to click on a link to malware.
Beyond passwords, 2FA and encryption — humans will always be the most vulnerable part of an organisation. Here’s why:
How I Socially Engineer Myself Into High Security Facilities
Sophie is a physical penetration tester and information security consultant. She specializes in social engineering…
It’s important to also think about the information we freely give away:
- Use your access to the internet, social media and mobile phones in a way that keeps you safe from harm
- Think! Do I really need to share my entire life on social media. How does this make me vulnerable? Who am I adding to my networks? What info am I sharing that someone could use to impersonate me, or steal my identity?
- It’s good to think beyond an individual social platform. Most likely you have linked them all; sometimes with the same password and sharing different data points across each platform which may be used against you
- It’s also useful to check who you are friends with and if you actually know and trust them? Social media encourages us to lower our guard and admit people we may not normally trust, as we are dealing with a version of reality where individuals may create viable personas
- It’s best to keep your profile set for friends only view and be sure of 1) who you trust and 2) how you admit people to that circle of trust
- Review and update the security of your personal technology and browsers regularly, including turning on your spam filter
- Always check the senders email address and check URLs before clicking, by hovering over them with your cursor
- Typos, bad grammar, and unusual syntax is another red flag that you may be dealing with a hacker
- If you’re on a login page and you see “http” as opposed to “https” in your browser’s address bar, you should be suspicious, as the site is not secure
- Ensure that usernames, logins, email accounts and passwords are used effectively. Use a password manager, such as last pass or 1Password
- If you’re using a password manager and navigate to a spoofed site, it will not recognise the site. The password manager won’t fill in the username and password fields for you. Should this happen, it’s best not to manually enter your login details!
- Ensure your personal information is held securely and use two factor authentication whenever possible
- More than half of all phishing emails are now related to the Covid-19 pandemic. Keep this in mind the next time you receive a Covid related email and follow the tips above to make sure it’s legitimate