Thinking about Cyber Safety

Posted in Course Related on the .
Thinking about Cyber Safety

October is Cybersecurity Awareness Month and we are asking you to think about the actions you can take to stay safe online. 

Choosing Strong Passwords

It’s important when choosing passwords for your accounts that you use unique passwords for each one, but people often feel overwhelmed when trying to create different passwords for each service and can slip into bad habits, such as using common words or personal information.

The key is to find a strategy that works for you

Making Strong Passwords  

Longer passwords with a mix of letters, numbers and special characters are often required by sites. You should never reuse passwords or use passwords containing personal identifiable information, such as birthdays, locations, or family names. You can still create a password that is memorable for you using the three random words method, adding special characters and numbers if required.

Password managers can encrypt and securely store your password, generate passwords for you, and even share them across different devices. Many have additional features such as fake website detection, or notification of passwords that may have been breached. They can be browser or app based. If you are someone who has a lot of online accounts and are required to work across different personal devices, using a password manager to generate and store passwords for you may be the best option.

Is saving your password in a password manager the same as saving it in a browser?

Yes and no. It’s safe to use a browser to save passwords on your personal account or device, but you should never use this on shared computers or accounts. A password manager will have a separate log in. 

Is it safe to save passwords in our browser on the VDI?

Yes, browser is linked to your login, not to the device.  If you do decide to use a password manager it is important to use strong passwords for this, and to enable Multi-Factor Authentication.

Multi-Factor Authentication (MFA, also known as 2-step verification or two-factor authentication/verification)

MFA makes it a lot harder for criminals to hack your account. Commonly, the app will send a pin code to your mobile phone or email when you log in, but you could also be asked to confirm it’s you via a browser window on a different device, or via a card reader, fingerprint, or face scan. Certain applications will allow you “trust” devices so you don’t have to do this every time to log in: remember if you do this you must have your device well protected.

An alternative to a pin or fingerprint lock is downloading and using an Authenticator app. These use a random, time-sensitive, security code and provide a higher level of protection than SMS or email pin codes. The NCSC has advice on enabling MFA/2SV

Phishing, Vishing and Smishing

Criminals use email, phones, messages, or social media to try and scam you. How can you spot these fake messages? Scammers use our emotions to pressure us into replying. Messages will ask for urgent responses, come from someone important, or link to current events 

If you think your social media account has been hacked 

  • Contact them straight away
  • Check your linked email account for forwards
  • Change your password
  • Log out of all devices and apps
  • Enable multi-factor authentication (MFA) is you haven’t already 

What if you accidentally share information? 

  • If it is a college account – contact IT and let them know
  • Change the password immediately
  • If it is bank details, contact the bank straight away 

Update Your Software 

You shouldn’t put off applying updates to your phones, tablets, and computers. These are often to update your security and are the most important thing you can do to protect yourself online. 

It’s tempting to click “remind me later” to apply updates, but it is quick and easy. Don’t forget to: 

  • Turn on automatic updates, if available
  • Keep data costs low by updating over secure Wi-Fi (at home)
  • Keep the device plugged in
  • Check for app updates after systems update
  • Regularly restart devices such as phones