Vodafone shares Top 10 Tips for staying safe online
To coincide with Cyber Smart Week, run by CERT NZ, we wanted to share our Top 10 Tips for staying safe online.
As of one Aotearoa’s leading connectivity companies, offering Kiwis access to the world’s best digital services and network technology, we want to remind everyone of the importance of cybersecurity.
Cyber-attacks can impact anyone with an internet or phone connection, whether they’re an individual or a business, so we all need to take steps to protect our data and stay safe online.
1. Back-up your data
In recent years storage has increased in size and decreased in price so backing up your data, both at work and at home, is more accessible than ever. Hackers are not always out to steal your data. Sometimes the end goal is to encrypt or erase it or threaten to do so. Regular backups mean you always have a recovery option so if they encrypt your data, you don’t have to worry.
Top tip: Back-up your data both at a physical location and on the cloud for an extra layer of protection.
2. Keep your devices and apps up to date
Keeping your software and apps up to date is often overlooked, especially on home computers and mobile devices. Software and app developers publish updates on a regular basis with security patches to keep up with the latest security threats. It’s essential that you keep every device updated, including IoT devices like home assistants and wireless speakers. The next time you see a notification to update your software, don’t click ‘Remind me tomorrow’.
Top tip: Turn on automatic updates for your operating system and in your App store.
3. Practice good password management – longer is stronger!
Good password management is essential for online security. It’s fundamental to use strong passwords to prevent them being breached by cyber attacks.
- Choose passwords that are at least eight characters long, using a phrase based on at least 3 random words helps.
- Don’t reuse passwords on multiple sites, if one gets compromised, they all do.
- Your passwords should contain a combination of upper- and lower-case letters and symbols
- Reset your password when you forget it and change them regularly as a general refresh.
Top tip: To make password management easier, use a password management tool or account vault such as LastPass or Password Safe, or save passwords in your browser account (e.g. Chrome)
4. Use multi-factor authentication
Two-factor or multi-factor authentication adds something you ‘have’ to something you ‘know’ in addition to a standard password. With two-factor authentication (2FA), instead of entering your username and password, you will instead be required to complete an additional form of authentication. This could be as simple as a PIN or more complex like an authentication app on your phone. Most mobile devices today have two-factor authentication via a biometric identifier such as a fingerprint or facial recognition. In future, expect iris (eye) recognition to be an additional option on more devices.
Top tip: Using two factor authentication is like having a deadlock as well as a key on your door. Enable it.
5. Install anti-virus protection and host-based Firewall
Anti-virus (AV) protection software is the most prevalent solution to fight malicious attacks. AV software blocks malware and other malicious viruses from compromising your device and data. Use anti-virus software from trusted vendors and only run one AV tool on your device.
Using a host-based firewall is also important when defending your data against malicious attacks. A firewall helps screen out hackers, viruses, and other malicious activity that occurs over the Internet and determines what traffic can access your device.
Top tip: Both Windows and Mac OS X come with built in firewalls so take the time to invest in a trusted anti-virus software for all your devices.
6. Be careful with removable storage drives
Malware can easily be spread through infected flash drives, external hard drives and even smartphones. In the workplace, businesses should have policies to restrict access to removable media devices and scan any device for malware before plugging it into a computer. On particularly sensitive systems, consider disabling removable media altogether. At home, also ensure that your antivirus software will scan any removable media before it connects to your device.
Top tip: Ideally the removable media device should be encrypted, if not ensure any sensitive data is encrypted before being copied to the device.
7. Monitor user accounts and privileges
This applies more in the workplace than at home, however you should be aware of who has access to your device and network (including your home network) and ensure they are secure. In the workplace, employees should only be allowed access to the information they need to do their job. Limit the number of privileged user accounts and monitor user activity. Have a list of all accounts an employee has access to and remove their permissions when they leave the company.
Top tip: Conduct regular access reviews across your network and devices to ensure access is appropriate for your users roles.
8. Embrace training and awareness
Cyber security training and awareness is an essential part in keeping your information and network secure. Workplaces should hold a mandatory cyber security training session for every staff single member and include anyone with access to the network. At home, you should educate yourself around the latest scams and phishing attacks as keeping on top of the latest threats will help to keep your data and devices secure.
Top tip: The more security aware that people are, the stronger the human defence will be.
9. Patch patch patch! Security patches that is
Apply security patches as soon as they are released on all your devices. In the workplace, close critical and high vulnerabilities, and configure systems securely. Prompt patching is essential for effective cyber security. When a new patch is released, attackers will quickly identify the underlying vulnerability in the application and release malware to exploit it. If a criminal hacker can successfully attack before the target patches the vulnerability, there is a high risk of a system being compromised.
Top tip: Always apply the latest security patches promptly.
10. Don’t think it won’t happen to you
Thinking that it will never happen to you is the first step down the rocky road towards a cyber-attack so it’s important to stay vigilant and deploy as many defensive mechanisms as possible to stop potential cyber-attacks to your business or to your personal devices. Do not be the weakest link!
Top tip: Be cyber aware, as cyber criminals do not discriminate.
For more information about Vodafone’s cybersecurity services, please visit: https://www.vodafone.co.nz/business/security-services/
For CERT Cyber Smart Week tips, check out: https://www.cert.govt.nz/cybersmart/