Presentation Notes

HTTPS and Encryption

  • Always ensure https is at the start of the address bar when entering sensitive information into a website (logins, credit card info etc..).
  • At the same time, check that the website name hasn’t been tampered with when entering sensitive information. Just because it has https doesn’t mean it’s the correct website. When in doubt use google, eg: “barclays login“.
  • Use a VPN to encrypt all of your internet activity on your computer and phone, especially when using public wifi. I use privateinternetaccess.com ($39 per year).

 

Social Engineering

  • This is used to trick you into giving information (passwords, personal data) or have you do something (make a payment, install an app or interactive with a video).
  • Phishing [fake] emails and websites can look vey convincing. Never click the links in emails when asked to do something (eg: login) or open attachments when you’re not expecting them. Instead, use the advice mentioned above about going through google to find the login page or verify the message via another means.
  • Consider the websites and social networks you post on so you know what information is public and what can be used against you. It’s very easy to pretend to be someone else online.

Passwords

  • Enable 2 Factor Authentication or 2 Step Verification wherever possible to add an extra layer of security. Use google to find it fast (eg: “twitter 2 factor”).
  • Sign up to haveibeenpwned.com to be notified if your details have been included in a data breach.
  • Use a Password Manager to handle secure and unique passwords for every website you use. Remember, when one of these websites is hacked someone could try and reuse your password on another website. I use lastpass.com (free or $12 per year for teams)

Malware

  • Malicious software can take over your computer or phone and do whatever you can do.
  • It usually requires input on your part to install an app, open an attachment or download a file from a website or pop-up.
  • On computers, a common way to receive it is through an email attachment containing a Word, Excel or PDF document. Usually, once opening it you would then need to “Enable Macros” or “Enable Content” but you never want to as far as that stage!
  • Phishing techniques are often used to trick you into opening the attachment. As mentioned before, double check with the sender via another means when in doubt. Picking up the phone for a 20 second call could save you a lot of time and money.
  • Ransomware is particularly common. It encrypts all of your files and depends a ransom fee to get them back. By paying, you don’t guarantee that they honour their side or will have installed malware for later use on your machine.
  • Taking regular backups is vital! Make sure these backups aren’t just using cloud services (like Dropbox or Google Drive) and that it is physically disconnected from your computer and network when not in use otherwise it can become infected too. Make sure to test the backup recovery too.
  • Install any device and app updates as soon as they’re available. These often include security updates.
  • Be careful of the software you install on your computer. Especially when advertised on Pop-ups. Use an Ad blocker in your browser. I use uBlock Origin in Chrome.
  • Avoid using unofficial app stores on your devices. iOS only permits it’s official App Store however Android allows other stores to the default Google Play Store. Be careful of these as you don’t know what vetting these apps have had, if any.
  • Run Anti-virus software. I use sophos.com on Mac (free).