5 Top Tips to Stay Cyber Secure from our Resident Ogi Expert 

We’re powering up online life for communities all around south Wales, but with great power comes great responsibility. So we’re taking no chances, we’re bringing in the best of the best to show us all how we can stay secure when we’re online.  

We’d like to introduce Kevin Herbert, our tech-savvy Director of Business Solutions. He’s been in the business for more than twenty years, and has a wealth of experience when it comes to cyber safety.  

He’s picked out five top tips which we can all use to practice good cyber hygiene all year round.  

Lady on phone and laptop working in a workshop.

1. Treat your devices right

We’re all guilty of ignoring those pesky ‘Software Update’ notifications, but the longer you leave your devices with old software, the more vulnerable you’ll be to cyber attacks. This is the case for your phone, tablets, laptops, and even SMART devices around your home. 

You see, with each software update developers are ‘patching up’ all kinds of bugs, as well as updating your device with the new shiny security features which fend off hackers. The best way to keep your devices cyber secure is to update the software regularly.  

Updating your software is one of the most essential steps in preventing an attack. Many studies have revealed that most successful cyber attacks have exploited known vulnerabilities with available updates. So, what are you waiting for? Get updating.

2. Password power

Think of passwords like a gateway to all your important, sensitive data. Gone are the days when phones were mainly used for calling and texting. Now the stakes are higher as information such as bank details, addresses, online copies of identification and more can be found on your phone. 

To avoid hackers getting their hands on this sensitive data, you need that gate to be as strong as possible. To make your passwords difficult to crack, make sure not to include any personal information that could be easily found. For example, using your dog’s name in your password, especially when Matilda the poodle is plastered all over your Instagram feed.  

One of the ways to create a strong, memorable password is by using three random words (pass phrases). To make them even stronger you can include numbers and symbols. An example of using this technique would be ‘BlueForestGate7!’. Try using a password manager if you struggle to remember your passwords, this way you can avoid making the cardinal sin of passwords…reusing them on multiple applications!

3. Add extra protection

If passwords are the gate to your home, user authentication is your front door and therefore the final preventative barrier against a cyber attack. Most platforms only require you to log in with a username and a password. However, if a hacker has already cracked those credentials, you’re left vulnerable as they now have access to your sensitive data.  

So, what is two-factor authentication? It’s essentially an added security step in the login process. In addition to having your username and password, you also have to provide a ‘second factor’ which you (and only you) can access. e.g. a mobile number. You will get sent a One Time Password which you have to input to complete the authentication. Using the mobile phone as your ‘second factor’, this password would be sent to you either via text or a phone call.  

It’s vital you use two-factor authentication wherever you can, as it blocks cyber criminals in their tracks, especially if they have already gained access to your username and password. You can turn on two-factor authentication for your Apple ID, social media accounts, email and work applications and more. You can make managing this process easier and more secure by using authenticator apps such as Google Authenticator or Microsoft Authenticator, which are supported by most two-factor authentication solutions.  

4. Click with caution

Some cyber attacks are specifically designed to download software onto your device that will disrupt or damage it. This is known as malware (malicious software). The two most common ways that malware accesses your system is through the internet or email, which means that whenever you’re online, you’re vulnerable.  

However, malware can’t just access your system by itself, it requires the user to download it. Simply put, malware attacks can’t happen without you. As a result, hackers must be crafty and come up with ways to make you download or install the disguised malware. This could be clicking on a pop-up advert when you’re online shopping or clicking on an unverified link or attachment in an email.  

As much as the preventative measures above are critical to keeping your devices secure, the only sure way to avoid malware attacks is to question what you’re clicking. Before downloading anything, ask yourself, do I trust this website or application? Before clicking any links or attachments think, do I trust the source of this email? It’s better to be safe than sorry, if you think for a second that something could be suspicious, don’t click.  

5. Watch out for anything phishy, vishy or smishy 

True to its name, phishing aims to reel individuals in to reveal personal and/or sensitive information. The end goal is usually to access login information or bank details. Traditional phishing is usually undertaken via website or email. However, since the first phishing lawsuit in 2004, ‘vishing’ (voice phishing), ‘smishing’ (SMS phishing) and several other phishing techniques have cropped up. 

There are a few things to look for when spotting a phish. Does it feel too good to be true, e.g. lucrative offers or lavish prizes? Is there a sense of urgency? Are there strange links and/or attachments? Does anything feel out of the ordinary with the sender, even if it looks like someone you know? If the answer to any of the above questions is yes, you’re probably looking at a phishing attempt.  

What do you do if you spot a phish? Firstly, and most importantly, with any online communication do not click on anything. Consider all links and attachments to be suspicious (remember tip number 4). If it’s an email or a text, delete it straight away. If it’s a phone call and you think its suspicious, hang up and do not reveal any personal information. You can also report a suspected phishing attempt to the National Cyber Security Centre to help keep the whole internet safe. Click here to find out how.