Cyber Security Month: four tips to secure your digital life

October is Cybersecurity Awareness month, and as the name implies it serves as a reminder for businesses and ordinary people alike to check their own online security.

Now of course, that’s something we’d advocate that people should continually be doing anyway, but why not take the time this Cybersecurity Awareness month to spend a few moments reviewing the security of your digital life.

1) Don’t lag behind

If you're a regular PC, smartphone or tablet user, you'll be used to constantly being encouraged to update your device to the latest operating system or firmware. And there's a good reason for that, because cyber security is often a game of cat and mouse between criminals who are looking to exploit software and hardware weaknesses, and manufacturers trying to patch those weaknesses.

So here’s our challenge to you…

How many internet-connected devices do you have at home, and when was each device last updated to its latest operating system or firmware?

If you have devices that aren’t running the latest available software, they could be a real threat to your online security. Keeping connected devices up to date can help to protect against constantly emerging threats and help you stay one step ahead of (or at least keep up with) the hackers.

2) Be careful who you trust

From phishing emails to text and call scams, it seems like we’re dealing with con merchants every day of the week.

But just being aware of ofthose threats can go a long way toward keeping you safe online. And we want to touch on two of those threats in particular here.

Emails

If you ever (and you surely will) receive an email that you weren't expecting, asking you to follow a link to provide updated financial details or some other form of personal information, please think very carefully before you do anything. Usually you can provide most or all of that information on the (actual) provider's (genuine) website. So instead of clicking the email link, if you're not already certain it's a scam, visit the official website and log into your account there.

Please also think twice before downloading (and opening) any attached files. It's unlikely that a genuine service provider (for example) will ask you to click on an attachment, but that's exactly the sort of thing a criminal would want you to do. Often, extremely harmful malware can be delivered to your PC under the guise of innocent-looking PDF or text files.

Many scam emails contain obvious errors and inaccuracies, but you can't always rely on this to set off your suspicions, so we recommend that any email (or text or other message) that asks you to follow a link, access a file or provide personal information is treated very carefully.

If you receive any such correspondence claiming to be from us, please contact us via email at support@zen.co.uk

One more thing here, as well as the phishing variety, many users also report receiving emails that suggest the sender is in possession of some incriminating evidence, which will either be shared with all their contacts or conveniently deleted on receipt of a bitcoin payment. These emails often claim 'authenticity' by providing one of the user's passwords as 'proof'. The strong likelihood however is that this password was obtained from an unrelated security leak elsewhere and should serve as nothing more than a reminder to change the affected password and otherwise delete the threatening email.

Social engineering

Most of us wouldn't dream of sharing our bank account details or phone numbers on social media, but the tricksters can still obtain plenty of our personal info without us even realising.

Social engineering, which happens mostly on social media, can use deceptive means to trick unsuspecting users into giving away what should be confidential personal information. Once they know your date of birth, your children's ages, your address, your job, your favourite hobbies and pastimes, even your precise location, hackers and criminals can use that data for fraudulent purposes.

And even beyond the obvious oversharing of photos, important dates, etc. you should also think carefully before playing the 'games' that fill your social media feeds. You know the sort: 'list three random facts about yourself', 'if you were an ice cream, what flavour would you be'. All seemingly harmless, but the personal answers you provide could well be used for social engineering.

3) Secure your passwords

We do make this point often, but with good reason: we cannot stress enough the importance of good password security.

That means no longer considering P@55word or your dog's birthday to be sufficient. Instead, as well as being unique, passwords should be long (16 or more characters), containing upper and lower case letters as well as one or more special character (!@[]?:, etc.). And they should be difficult to guess (that P@55word example above might follow some of the rules but it wouldn't require much effort to crack).

The memorable phrase approach can help, but it isn't really scalable when you're dealing with dozens or even hundreds of unique passwords.

Our recommendation is to find a good password manager; one that can recommend highly secure passwords and safely store them. Save the memorable phrase for unlocking the password manager itself (that really isn't a password you'll want to forget!).

4) What you know, what you have, and what you are

In our previous article, ‘Five reasons why you need to enable two-factor authentication’, we underlined the important point that password security alone is often not enough.

We’d encourage you to take a few moments to review the security of each of your online accounts. Do any of them offer two-factor or multi-factor authentication? Are you already using it? If not, seriously consider doing so.

There are no absolute guarantees when it comes to online security but enabling 2FA can be a great step to making your digital life considerably safer.