Sensible computing

95% of cyber security breaches are caused by human error, according to the 2020 IBM Cyber Security Intelligence Index Report. Below is a list of good computing practices to help you reduce the risk of falling victim to computing fraud.

Verify Recipients

Emails are easy for an attacker to spoof, making it a very common practice for the malicious actor. As a result, whenever you receive a request via email to take a sensitive action, first verify that the sender is authentic, and when possible, enter the URL yourself (rather than clicking a link in the message)

Don’t Trust Your Popup Notifications

It is an easy task for a hacker to deploy fake pop-ups, either on your PC, phone or browser. If you click a popup, ensure the URL is correct before entering any information

Never Leave a Device Unattended

It is straightforward to retrieve data from an unattended device, whether lost or just left unsupervised, even if protected by a strong password – unless the device is encrypted. If it is a mobile phone you lost and have the ‘find my phone” function enabled, it is a good idea to remotely erase its memory to prevent unauthorised access to your data.

Prevent Camfecting

Webcam covers and microphone blockers are an inexpensive yet effective way to protect against a malicious actor, or app to be able to spy on you and your physical space, without your knowledge. Mute home assistants, (Alexa, Google Home and Siri) when you are not using them, or at least when you are discussing anything sensitive.

Stay protected from shoulder surfers

When using your device in a public space, you run the risk of somebody reading what is on your screen. To protect yourself from exposing potentially sensitive information in this way apply a privacy screen to your mobile device. A privacy screen (sometimes also called a filter) is a thin piece of plastic that’s placed over the display in order to prevent curious eyes from absorbing the information they are not privileged to see.

Educate yourself about phishing attacks

In recent years, phishing attacks – the attempt to obtain sensitive information (like an account password) by disguising as a trustworthy person or company – have become increasingly sophisticated and hackers are learning to use data that people put on the web to create highly specific and targeted attacks. Verify the credibility of a URL received in an email, before entering any information. Understand the context of the email: were you expecting the email or message, does it seem normal? Employ general good security practices to minimise the risk of falling prey to a phishing attack: Use 2FA, don’t reuse passwords, close accounts you no longer use and backup your data.

Beware of Stalkerware

This is a malware that is installed directly onto your device by someone you know (partner, parent, boss etc). It allows them to see your location, messages and other app data remotely. The app likely won’t show up in your app draw, (but may be visible in Settings –> Applications –> View All). Stalkerware can be disguised as a non-conspicuous app (such as a game, flashlight or calculator) that initially doesn’t appear suspicious at all. Unusual battery usage, network requests or high device temperature can be a stalkerware presence indicator. If you suspect that stalker ware is on your device, the best way to get rid of it is through a factory reset.

Install Reputable Software from Trusted Sources

It may seem obvious, but so much of the malware many PC users encounter is often as a result of accidentally downloading and installing bad software. Also, some legitimate applications try to offer you slightly dodgy freeware (such as toolbars, anti-virus, and other utilities). Be sure to pay attention while completing the installation process. Only download software from legitimate sources (often this isn’t the top result in Google) so it’s important to double check before downloading. Before installing, check it for example in Virus Total, which scans installable files using multiple AV checkers.

Encrypt your backup

Encrypt your backups, whether stored on your phone, laptop, USB or in the cloud. Should a hacker access it, it will be almost impossible for them to be able to read your private files.

Do not assume an HTTPS is secure

Unlike HTTP, data sent over HTTPS is encrypted. However, that does not mean you should trust that website by default. HTTPS Certificates can be obtained by anybody, so a cloned or scam site may have a valid certificate (as denoted by the padlock icon). Always check the URL, and don’t enter any personal details unless you are certain a website is legitimate. Avoid entering data on any site that is not HTTPS.