Get Safe Online Week – Our Contribution

We are halfway through Get Safe Online Week and although we are generally business-focused, we felt it was very important to get involved and to issue some advice that everyone can use. So we have some Personal User and some Business User advice below for you, Courtesy of Del Brazil, Advent IM Security Consultant. #GetSafeOnlineWeek

Here in my opinion, are some top tips for home users to consider when using their home computers.

iStock_000015534900XSmall  Personal/Home Users

  1. Password Management – Always keep your password secure and do not share it with anyone. Remember to change your password on a regular basis and avoid using previous passwords.  There are numerous password generators freely available online along with password assessment tools to test how secure your password is.
  1. Back-Ups – Always back up files, documents and photos that you deem to be sensitive or important as this will save you both time and money in the event that your IT fails. There are various methods of storing back-ups ranging from using a Cloud based service to using an external hard drive.  Each method has pros and cons and so you should find one that best suits your needs
  1. Anti-Virus – Having an up to date Anti-Virus product is essential in preventing virus attacks/infections from known threats/viruses. It is imperative that any anti-virus product is kept up to date and that a regular scan is carried out to ensure that any potential virus is either deleted or quarantined.
  1. Software Updates – Ensuring that any software, including the Operating System, is maintained in line with the manufacturer’s recommendations to ensure that any security vulnerability highlighted by the vendor is suitably fixed/patched.
  1. Parental Controls – Should you have children at home or just simply want to restrict access to various parts of the Internet then I would recommend the use of some form of parental control software. Again there are numerous on the market and some Internet Service Providers provide this capability as part of their service.  Any parental controls should be appropriately password protected to ensure that changes cannot be made without the knowledge of the responsible adult.
  1. Administrator Passwords – All routers, hubs and similar devices are shipped from the manufacturer with a default login and password for set up purposes. It is imperative that these login details are changed from their default settings to ensure that any potential hackers cannot change your router or hubs settings without you knowledge.  It is relatively easy for a hacker to identify the make and model of your router/hub and then with a little research on the internet he/she can discover the manufacturers default settings.  Once he/she has these default settings it’s only a matter of time before they are able to access your router, computer and documents etc.
  1. Account Management – When you first purchase your computer it takes you through a series of stages of set up and a default setting is to generate the first user as an administrator. This is normal practice; however it is recommended that once this first account is set up then all other additional accounts are set up as restricted users.  User restricted user accounts prevents users from installing software or downloading freeware without the knowledge of the main administrator account holder.  This prevents any potentially unwanted freeware/spyware from self-installing as part of another software package.
  1. Internet History – You would be wise to clear your internet history on a regular basis in order to free up space which would enable your computer to perform at its optimum speed. The clearing of the internet history should also include the clearing of any tracking cookies as again these can have an impact on the performance of the computer.
  1. Be Cautious when using Social Media – Social media is widely used throughout the world and although used safely is a fantastic way of keeping in touch there are a few points to be aware of:-

a.Keep your privacy settings as high as possible, never share your personal details etc.

b.Never meet up with someone you’ve met online without first letting someone else know as there are people out there masquerading as someone else.

c.Always remember what you submit on social media is quickly repeatable by anyone and everyone so think carefully about what you are saying.

  1. Buying a New Computer – If you decide to buy a new computer then remember to dispose of your old one carefully. It is all too easy to recover data from an old hard drive irrespective if you’ve deleted the information from it.  There are numerous pieces of software that are freely available that would enable someone to recover all of your photos, emails and documents despite you deleting them.  The best solution is to remove the hard drive from the computer and then physically destroy it; however if this is not possible then seek the assistance of your local computer specialist who can provide alternative solutions such as sanitisation software, although this can be expensive, which provides you the assurance that the hard drive has been ‘wiped clean’ to a certain level with which any would be attacker would need specialist software to recover any information.

iStock_000015672441Medium  Corporate/Business Users

Corporate Users/Business users should also refer to the tips related to the home user as these provide additional guidance:-

  1. Password Management – Always keep your password secure and do not share it with anyone. Remember to change your password on a regular basis and avoid using previous passwords.  There are numerous password generators freely available online along with password assessment tools to test how secure your password is.
  1. Account Management – IT Departments should maintain an up to date and accurate record of accounts issued and their respective permissions. These account records should be reviewed on a regular basis with any old or unused accounts weeded out.
  1. Asset Management – Knowing where all of your assets is crucial to ensuring that any loss or theft is quickly identified and any counter compromise measures are deployed as soon as possible to minimise any potential impact.
  1. Anti-Virus – Having an up to date Anti-Virus product is essential in preventing virus attacks/infections from known threats/viruses. It is imperative that any anti-virus product is kept up to date and that a regular scan is carried out to ensure that any potential virus is either deleted or quarantined.  It is especially important from a business perspective as any virus may quickly replicate throughout a corporate environment potentially resulting in a significant impact to services or activities.
  1. Firewall Rule Sets – The IT Department should ensure that all Firewall rule sets are reviewed on a regular basis to ensure that only the services permitted access are actually granted access and that any rule set is finished with an implicit deny. This will provide the assurance that only those identified business services are permitted to pass traffic through the firewall.
  1. Software Updates – Ensuring that any software, including the Operating System, is maintained in line with the manufacturer’s recommendations to ensure that any security vulnerability highlighted by the vendor is suitably fixed/patched.  Any software update should be appropriately tested prior to roll out to ensure that there are no compatibility issues that may impact on business activities.  IT Departments should also monitor the deployment of any update to ensure that all terminals/devices are updated as there is a possibility that mobile device users may not routinely connect back to the corporate network to obtain the updates.
  1. Back-Ups & Business Continuity Plans – A routine review of any current back-up regime should be carried out to ensure that it is line with the current business need. Any back –up should also be routinely tested to ensure that in the event of an outage that the back-up actually works and allows the organisation to continue to operate.  There are numerous organisation that have well documented BCPs and yet never test them on a regular basis.  It is imperative that any BCP is routinely tested; whether that be as a desk top exercise or as a full interruption test but any test will highlight areas for improvement or errors that need to be corrected.  Any test will also highlight as to whether the documented critical activities/services are afforded sufficient resourced to ensure they can recover in line with the identified Recovery point objectives.  In essence any BCP testing regime should be low impact and high frequency or high impact and low frequency to avoid disruption to any business or organisation.
  1. Incident Management – Any incident management plan or procedure should be reviewed and tested in order to establish that it provides the necessary direction to the incident management team. After any incident or practice a lessons learned meeting should be convened to establish as to how things could have been improved and what worked well.
  1. Policy Reviews – All policies should be reviewed on a regular if not annual basis so that any changes can be correctly captured and communicated to all staff accordingly.
  1. Education & Awareness – Ensuring that staff are aware of current or emerging threats is considered one of the best ways of avoiding any potential attack. Running a series of educational seminars, poster campaign, splash screen awareness programs or even online training packages will increase the awareness of staff.  Education & Awareness can also include refresher training with regards to how to report an incident and what actions should be taken in the event that a user is found to be posting inappropriate comments on a company website or as part of a social media chat session.

 

Advent IM HMG accreditation concepts training

Generic Online Safety Tips

  1. Online Banking – Always start at your bank’s homepage as they’ll never send you a link to an online banking login screen. A secure web page is normally indicated by a padlock in the web address bar along with the website address start with ‘https’.  Should you have any concerns that feel free to click on the padlock as this will verify the webpage’s authenticity and validity period.
  1. Email Hyperlinks – If you’re unsure as to where a hyperlink in an email is taking you, don’t click it! It is highly likely that you’ll be taken to a site that you weren’t expecting and more importantly that you’ll be potentially opening yourself up to more Spam email.
  1. Personal Information – Do not give out personal information unless it is absolutely necessary, alot of the time companies request your information for legitimate reasons however; some companies also sell on your details to Spam emailers or similar cold calling agencies so beware, always read the small print carefully and ensure that you tick or untick the relevant boxes.
  1. Untrusted Open WiFi – There are hundreds if not thousands of free WiFi access points around the UK and although they are relatively safe to use for internet browsing they are certainly not safe for doing any form of internet banking etc. It is true to say that when you open up a secure web browsing page you are communicating with your bank but what you may not be aware of is how you are getting to that secure web page.  It is highly likely/probable that the free WiFi access point you are using has been infiltrated by a man-in-the-middle attack or is actually a ‘spoof’ WiFi point.

ID-10079289

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s