How do I stay secure?
While no method is perfect, below we have listed some simple things you can do to make your accounts, computers & data notably more secure.
1. Use multi-factor authentication (MFA) where possible.
Gaining access to accounts by weak or compromised passwords is very common. Multi-factor security means services use more than one thing to confirm it’s actually you accessing the account. Instead of just a password, you’ll be required to enter a separate code (often from an app, or texted to you) when logging on. This second “factor” means a hacker would need both your password and that code, making your account much harder to get into. Banks have been using this for some time but in recent years many other services now often it (or in some cases, require it). If given the option always opt to turn it on.
2. Use multiple passwords or a password manager.
If you use the same password for all your accounts, when one is compromised they all are. You should at minimum have a separate unique password for email accounts (as they can be used to reset password for other accounts), and anything else that is important such as work, banking, etc.
3. Keep up to date
Security updates from companies such as Apple and Microsoft are released frequently, and address vulnerability in your software that some may try to exploit. Turning on automatic updates helps protect you from these newly discovered weaknesses.
4. Read security prompts
When you get prompts or popups like this, pay attention and read what it has to say:
The first is a safety check to make sure you’re ok for the listed program to make changes to your PC. If you’re changing a setting or installing software, you would select yes. If an unexpected program shows up, you should click no, as this will restrict what changes that program can make.
If you see the above notice in a downloaded word or excel document, it means you are previewing it in a secure protected view that stops any malicious activities from running. It does not mean the document is malicious, just that Microsoft is limiting functionality to provide protection. You should only disable protected view if you trust a document and need to edit it. Be extremely suspicious of documents that contain instructions on how to turn off protected view (supposedly in order to access content), this is a common trick.
Both of these notices there can stop attackers in their track, so carefully read them before selecting yes, or unblock.
5. Be suspicious of strange emails or websites
If you get a strange email that is unexpected or out of character for the sender, it may be worth confirming if they actually sent it. Email containing unexpected links leading to login pages or requiring you to download a file you are not expected should be cause for caution. If you don’t recognise the sender, it’s probably best you don’t follow the instructions in the email. If you do, it’s worth contacting them via anther method (as their email may be compromised), to confirm if they did send it. Emails that require you to action something urgently or straight away should also raise suspicious as this is a common tactic used by scammers to reduce the chance an unsuspecting victim will double check and realise it’s a dodgy email.
6. Make sure your data is backed up
This helps provide a solution if your data is encrypted and held to ransom, it also protects you against accidental data loss.