Avoid connecting to free public wi-fi connections! especially unsecured ones that do not require a password or any type of registration to log in. These are often targeted by hackers who look to exploit and steal passwords and data from people using these networks. You should always tether to your mobile phone where possible and if you really MUST use a public Wi-Fi connection, then you should use a secure VPN whilst connected to encrypt your data in transit. Nord VPN https://nordvpn.com offer a reasonably priced VPN solution if you do not have a business VPN to use.

Never click on a link or open an attachment in an email unless you are expecting them, even if you recognise the sender. The sender may have had their account compromised or it could be a spoofed email to appear to come from that known contact. It is always best practice to go to a website address directly and log in to access information and files where possible. If you ever click on a link or an attachment and you get prompted for a username and password unexpectedly, STOP! speak with either the sender on the phone or check with your IT department before proceeding.

Avoid saving passwords and credit card information within website browsers when prompted, this sensitive information can easily be extracted from the browser with just a few basic tools and a little IT Knowledge! If you would like to save passwords to make things easier, we would recommend using a professional business-grade password manager such as Keeper Security. This encrypts the database to keep all your precious passwords and personal data safe.

When connecting to websites it’s key to ensure that they are protected with the HTTPS:// and the SSL padlock. Especially when entering any personal or financial details into a website. Secured websites deliver end-to-end encryption to prevent your personal data from being intercepted. Don’t enter personal information into websites without the padlock symbol.

Outdated software and operating systems are vulnerable to security threats. Regularly update all software, including antivirus and anti-malware programs, web browsers, and operating systems. Many cyberattacks exploit known vulnerabilities in outdated software, so staying current is crucial.

Ensure that you install all the latest Windows and Mac OS Security patches and updates for Third-Party applications to your Desktops, Laptops and Mobile Devices. This should be performed at least once weekly!

DO MAKE SURE YOU BACK UP YOUR DATA BEFORE PROCEEDING WITH ANY UPDATES!

Windows – https://support.microsoft.com/en-us/windows/update-windows-3c5ae7fc-9fb6-9af1-1984-b5e0412c556a

iPhone/iPad https://support.apple.com/en-gb/HT204204

Mac OS – https://support.apple.com/en-gb/HT201541

Pay special attention when manually typing in website URLs into a web browser, for example: Metrobank.co.uk and Mtrobank.co.uk could lead you to completely different websites. It has been known for hackers to register domains with just one character difference to present fake bank login pages to capture your banking or other sensitive credentials and information.

It’s always worth paying a bit more and purchasing reputable Anti-virus Software or even better investing in a newer type of protection called Endpoint security, Detection and Response (EDR). EDR offers much better options for remediation from security events and Ransomware (without having to pay the ransom). Anti-virus software protects from known viruses, EDR looks at all endpoint activity that is unusual allowing it to pick up unknown viruses and malware and respond or stop an attack before it spreads to other devices on your network.

Even if your data is synched to the Cloud, if a hacker managed to gain access to your Cloud account, they could quite easily delete your files and empty your recycle bin! This would leave you without your key business data. A second backup to a different secure location will protect you if your cloud account details are to be compromised.

Deploy a website filter to all machines in the business, this will block most known malicious websites like email phishing sites and prevent illegal and adult content from being accessed (which could potentially leave you liable, even if this were to be accessed by your employees). This also protects you against accidental access, where a member of your team could inadvertently click on a link or advert and end up on a malicious, Adult, or illegal site.

Do use Two Factor Authentication.

Although it can seem like a real pain using two-factor authentication, it is essential that you use it on every internet-facing account that you have. The pain of putting in a code from an app on your phone occasionally is MINIMAL when compared to having to deal with the STRESS and HUGE cost implications of recovering from a serious Cyber Attack. Avoid using two-factor authentication methods that just allow you to approve the login with a click in the app or via a call to a mainline telephone number. If a hacker kept trying to log in to your account repeatedly, multiple calls could be received and from sheer annoyance and exhaustion, people just tend to approve the login. The more secure two-factor authentication methods are the ones where you have to type in a code from the Microsoft Authenticator app https://www.microsoft.com/en-gb/security/mobile-authenticator-app

And if all this seems a bit too much like trouble, perhaps you would like someone to help you manage your IT Security for you?

Please contact BlueZeon or call 01908 711570 as we LOVE IT!