Lots of people are worried about cyber security, but intimidated by the challenge of improving things. Implementing just the first two steps here is a massive improvement for most people – why not do this straight away. The majority of cybercrime reported to us by individuals would be stopped by these steps.
Our advice follows the UK’s National Cyber Security Centre (NCSC) Cyber Aware guidance, with an extra emphasis on protecting social media accounts because of the crime types being reported by individuals in the South-East.
If you know you want to do something about this now, why not start by generating your own Cyber Action Plan on the NCSC website.
1) Use a strong and different password for your email using 3 random words
Your email password should be strong and different from all your other passwords. Your main email account is the key to your digital life, where important emails including password reset requests get sent.
Combining 3 random words that each mean something to you is a great way to create a password that is easy to remember but hard to crack. The key to a strong password is achieving the greatest length while still being able to remember it. We would encourage you to try and achieve a password that is 13 characters or more in length.
Do not use words that can be guessed (like your pet’s name) or words that are obvious from your interests shared on social media. You can include numbers and symbols if needed by the site, but achieving a long password is more important. For example:
LondonBeachMusic (16 characters)
or London#Beach3Music (18 characters)
2) Turn on 2-Step Verification (2SV) for your email and social media
2-Step Verification (2SV) gives you twice the protection so even if cyber criminals have your password, they can’t access your email or your social media account. Criminals obtain passwords by phishing you – that is, tricking you into handing it over – or by getting your password in a data breach on another site where you’ve used the same password.
2SV works by asking for more information to prove your identity. For example, getting a code sent to your phone when you sign in using a new device or change settings such as your password. The more robust form is 2-Factor Authentication (2FA) also known as Multi-Factor Authentication (MFA) which involves using authenticator apps or tokens.
You won’t be asked for the extra step every time you check your email or social media – most of the time you can choose to ‘remember this device’ and reduce the frequency of challenges.
You should consider turning 2SV on every other online account you have, wherever possible.
For guidance on how to turn on 2SV for email accounts, visit the NCSC Guidance on Turning on 2SV.
3) Start using a Password Manager for most Passwords
We’re often told that the passwords for our online accounts should be really strong, and to not use the same password anywhere else. Especially for those important accounts like email, banking, shopping and social media.
The trouble is, most of us have lots of online accounts, so creating different passwords for all of them (and remembering them) is hard.
This is where a password manager can help. A password manager (or a web browser) can store all your passwords securely, so you don’t have to worry about remembering them. This allows you to use unique, strong passwords for all your important accounts (rather than using the same password for all of them, which you should never do).
In addition, many password managers are helpful because they can:
- synchronise your passwords across your different devices, making it easier to log on, wherever you are, and whatever you’re using
- help spot fake websites, which will protect you from phishing attacks
- let you know if you’re re-using the same password across different accounts
- notify you if your password appears within a known data breach so you know if you need to change it
- work across platforms, so you could (for example) use a single password manager that would work for your iPhone and your Windows desktop
Read more about using Password Managers.
4) Back up your data
A backup is a copy of your important data that’s stored in a separate safe location, usually on the internet (known as cloud storage), or on removable media (such as USB stick, SD card, or external hard drive).
Once you’ve made a backup, if you lose access to your original data, you can restore a copy of it from the backup.
Most backup solutions allow you to chose what data is backed up, whether that’s just documents and photos and videos, or the entire contents of your phone/computer (including the apps and programs you use).
As a rule of thumb, you should back up anything that you value. That is, anything that would inconvenience you – for whatever reason – if you could no longer access it.
Read more about backing up your data on the NCSC website.
5) Install the latest software and app updates
Applying security updates promptly will help protect your devices and accounts from cyber criminals.
You should apply updates to your apps and your device’s software as soon as they are available. Updates include protection from viruses and other kinds of malware, and will often include improvements and new features.
If you receive a prompt to update your device (or apps), don’t ignore it. Applying these updates is one of the most important (and quickest) things you can do to keep yourself safe online.
You should also turn on ‘automatic updates’ in your device’s settings, if available. This will mean you do not have to remember to apply updates.
- updating your device may take some time and requires a reliable internet connection, so it’s best to do it at home where you can access your wi-fi (and keep your device plugged in)
- older devices will eventually stop receiving updates updates
Read more about keeping devices updated on the NCSC guidance on Installing the Latest Software and App Updates