Keeping your IT secure

It goes without saying that we are living in very uncertain times. The last two years plus the terrible situation in Ukraine have left us all feeling, at best, unsettled and, at worst, terrified. None of us know what the future will hold or how the world will change in coming months, and much of the anxiety we feel is because we are out of control – all we feel we can do is to watch the situation unfold.

But is that true?  Largely, yes, but there are things you can do to make you, your family and your business just that little bit safer.

We already know that many of the recent cyber security issues, both large and small, have originated in Russia, so it’s not unreasonable to think that these will continue or may even escalate.  But even small businesses aren’t powerless to deal with these threats.  There is stuff you can do to secure your PCs, tablets, phones and websites.

Before I go any further, I must point out that I am not a cybersecurity expert, so if you think that your IT estate is at particular risk then you should consult a cybersecurity professional.  I have, however, worked in corporate and small business IT for longer than I care to remember, so the tips below come largely from my own experience.

Keeping your devices secure

There are three main types of ‘hack’ which happen with a fair degree of regularity:

  • A hack where someone gets access to your device and can then use that access to steal valuable information such as bank details, personal information or passwords.
  • A ransomware attack where you suddenly see a message saying that everything on your device has been locked and that you need to pay to get the password to unlock it.
  • Phishing, where you receive what looks to be a legitimate email that directs you to a site where they get you to enter your personal details and then use them to steal your identity and to hack other sites.

Disclaimer #2: the advice I’m going to give doesn’t apply to Apple devices as they have their own unique way of dealing with hackers.  What it does cover is Windows PCs, laptops and tablets, and Android tablets and phones.

Now that we’ve got that out of the way, here’s what you need to do:

Install a decent antivirus/firewall

You often see these described as ‘Internet Security’.  There are free ones available such as Avast, but free ones are limited in what they can do and the rate at which they’re updated when new viruses come along. The best free one for Windows is Microsoft’s own in-built firewall, but again it’s not the complete solution, nor is it as good as the best paid-for firewalls.  When choosing your antivirus/firewall look for:

  • Lots of good consumer reviews, which praise not only the security and ease of use, but also customer support
  • Extra functionality. The best ones will also include such things as protection against ransomware attacks, a vault to store your passwords, and a VPN (Virtual Private Network) which hides your connection completely when you’re visiting, say, your bank’s website.

Backup your PC, laptop, tablet or phone regularly.

Options for backing up tablets and phones are limited to cloud solutions (such a Google Drive, OneDrive or Dropbox).  These are for taking automated backups that run all of the time, but the big problem with them is that if you do get infected by a hack or by ransomware, the infection will instantly spread to your cloud storage making the backup useless. 

If you use a PC or laptop then you can get around this by buying an external disk drive (large enough to take a backup) and then regularly copying your files to this disk drive, remembering to unplug it from your device as soon as it’s finished backing up.  This way you’ll always have a clean copy of your data, though of course it won’t be bang up to date.

Keeping your emails secure

As with keeping your devices secure, there are two aspects to this – backups and securing against hacks and data theft.

Backups

The trick with backing up email is to first download them all to your computer so that when you run the backup for your device it will include your emails too.  Simply having your email app open when you run the backup won’t include the emails in the backup – you have to download them to a file. The instructions on this vary depending on which app you use to access your emails. 

Like backups, these instructions only apply to PCs and laptops. Backing them up using a phone or device is much more problematic. Here are some links to instructions for the most popular apps:

Gmail – https://www.theverge.com/21324801/gmail-download-data-back-up-save-email

Outlook (ie the app not the email provider) – https://support.microsoft.com/en-us/office/back-up-your-email-e5845b0b-1aeb-424f-924c-aa1c33b18833  

Thunderbird – https://www.ionos.co.uk/help/email/other-email-programs/mozilla-thunderbird-exporting-emails/

Yahoo – there is no good solution for this. This is their suggestion – https://help.yahoo.com/kb/SLN5033.html

Hacking and phishing

Phishing is something that only happens via email. Basically, the hacker will send you an email that looks as though it has come from a company you do business with, typically a bank. At some point it will ask you to login to the company’s website, only it won’t actually belong to the company, it will have been cloned but will belong to the hackers. In this way, they can harvest your personal information and use it to hack your real account.

There are ways to spot a phishing attempt but they’re getting harder and harder to spot.  Things to remember are:

  • Your bank will never send you a link to their site. If they want you to login, they will ask you to visit the site and login in the usual way.
  • Your bank will never ask for your full pin number, even when you do login via their site. Typically, they will ask for a selection of characters from the pin rather than the full thing.
  • If you have any suspicions at all, call your bank and ask them if they’ve sent an email for you to action.

And NEVER open an attachment unless you 100% trust the person who sent it, AND you were expecting to receive it. Again, if you’re even the slightest bit suspicious, it only takes seconds to pick up the phone and check with the sender.

Keeping your website secure

Finally, a word about websites.  Again, the same advice applies:

Firewall and antivirus

If you have used something like WordPress to build your site, make sure that it has its own firewall on there and that it’s been configured correctly. Don’t rely on your web host’s firewall as their firewall surrounds the whole server rather than just your website, meaning that if anyone else has a site that is hacked the hackers can easily jump from one website to another.  For WordPress sites, the market leader is called Wordfence, which can be downloaded for free from the WordPress repository. This is a great guide on how to set it up and configure it – https://www.wpbeginner.com/plugins/how-to-install-and-setup-wordfence-security-in-wordpress/

Backups

Again, don’t rely on your host’s backups. Not all hosts take backups, and even ones that do will never guarantee them 100% so it’s up to you to make sure that your site is backed up. If you have a WordPress site you can use a free backup plugin such as UpdraftPlus, but when you’re setting it up make sure that you store the backup in one of their external storage options such as Google Drive. If you don’t have a WordPress website, speak to your provider to ask them for their recommendations.

And finally, a word about passwords –

  • DON’T share your password with anyone
  • DON’T use the same password on more than one site
  • If you have the option, then DO switch on two-factor authentication.

I hope that’s been useful and has taken some of your worry away. Any questions, feel free to contact me, Jackie, at jackie@jackdawwebdesign.co.uk