Tip tips to work securely anywhere - Part 1 of 2

Gary Christie, one of our Presales Consultants, shares his top tips for how to be more cyber secure

We are living in unprecedented times.

On March 16th 2020, Boris Johnson urged everyone "to start working from home where they possibly can". The impact on all of us became even more dramatic when a complete lockdown was announced a week later. With very few reasons to leave our homes the whole nation has had to accelerate their learning in technologies to help stay connected. I want to share some practical tips to remain secure and keep those hackers at bay. These are best practices that should be taken by everyone, whether CEO's and sales managers, teachers and students or grandparents and grandchildren.

Turn on two-factor authentication for everything you can.

If there is one quick win to prevent hackers accessing your bank accounts, shopping apps, social media profiles, email accounts or smart home devices - it is two-factor authentication (2FA).

2FA is the second layer of authentication in addition to your password, to ensure you are the genuine owner of the account being accessed. It usually takes the form of a single use code that you can receive by email, SMS or through an app. Some authenticator apps are capable of more sophisticated multi-factor authentications - considering contextual information such as the device being used, location, app being accessed, etc. - allowing the user authentication to be a simple push to approve or thumbprint scan.

Lots of applications and services have the ability for 2FA but it is generally turned off by default. Turning this on will increase your security profile massively.

Use unique, long, and complex passwords

How do you know if your password is secure? The National Cyber Security Centre compiled a list of the 20 most common passwords in 2019, from 100 million passwords leaked in data breaches that year. None greater than 13 characters in length. If your password is less than 13 characters it is considered weak, hackable and has probably been hacked in a previous data breach. You can check if your account information has been part of a previous data breach here - https://haveibeenpwned.com.

If your account details are out there on the darknet you can bet that they have also tried your particular combination of email and password on lots of other websites to see if you have re-used those same credentials.

This is why all of your passwords must be unique, long and complex.

Use a password manager

A password manager automatically creates a unique complex password for each and every website you log into. You can choose the length, number of digits and symbols or even number of words to generate a long passphrase. It remembers all of these passwords/pass-phrases, so you don't have to.

You can secure your password manager with two-factor authentication and a long passphrase that you can remember such as "baker-peer-rife-hustings-mercury". What happens if I forget my passphrase? You won't. You will be using it every day and now there is only one to remember. If you are still worried, write it down. Write it on a sticky note and put in page 10 of an old book. If that seems counter intuitive, it is much better that you have a complex password/passphrase written down and hidden, than a weak password, used on multiple sites and easily cracked by a cyber-criminal. The likelihood of someone breaking into your house and ransacking your bookshelf is very low.