Top Tips for Staying Safe Online- Part 2

09 Sep 2015

Top Tips for Staying Safe Online- Part 2

By Adam King - Security Consultant at PGI Cyber  

As a security guy, the most common question I find myself being asked is, “how do I stay safe online?” In this second article, I will cover some other methods to keep safe online.

Recovery questions

If we drill down to the basic level, a recovery question is a type of password. The answer to the question is supposed to be a secret which only you know the answer to, however, the questions posed by almost every organisation are often very insecure – it is almost certain that close friends and family will know your mother’s maiden name or your first school. My advice for these questions is to use something which isn’t the correct answer, or something which is - in a sense, a password.

You may get a confused response when telling a customer assistant over the phone that your mother’s maiden name is Trombone123, however it is safe to assume that nobody else will think to give this answer when attempting to gain access to your personal information. By using this method, even if an attacker were to find out the required information from the likes of Facebook and, they will be unable to use this information against you.

Account Privacy and Security Settings

Leading on from recovery questions, it is important to recognise where this sensitive information may be in the public domain. For most users, the answer to this will likely be social media sites. Luckily for you, it is a very simple process to go to your privacy settings and remove this information or replace it with fake details – there is nothing wrong with leaving a few red herrings for the bad guys.

Enabling two-factor authentication is also highly recommended for applications which support this functionality. By doing this, you must login using a username and password, and also a security code which is sent to your mobile device, ensuring that nobody can access your account without physical access to your phone.

Finally, a lot of online applications will allow you to configure alerts via text or e-mail when your account is accessed. Receiving one of these alerts may start ringing alarm bells, and as such you may encourage you to change your password or contact the organisation to verify where this login has come from.

Phishing e-mails

Last but not least, phishing e-mails are a common cause of losing personal information to a malicious party. Most of us will receive these e-mails daily, however a lot of them will be filtered as spam and you may never see them.

It is important to think about the content of e-mails requesting personal information. Why would an organisation initiate contact with you and ask that you prove who you are? They are the ones who have made contact and should therefore be the ones to prove authenticity.

Verify the source of e-mails. Ensure that you have checked, double checked and triple checked the domain (after the @ symbol), for example has a spelling mistake which could be missed. If there are mistakes in the e-mail address, it cannot be trusted.

Given time, forward these e-mails to an appropriate handler. Many companies have teams that will investigate scams, and in some cases will distribute e-mails to all customers warning them of phishing attacks or will contact e-mail providers to block these messages.

Stay safe. 

Share this article


Your free global geopolitical
risk dashboard

PGI’s Risk Portal tool provides daily intelligence feeds, country threat assessments and analytical insights, enabling clients to track, understand and navigate geopolitical threats.

The Risk Portal gives users up-to-date information and analysis on global affairs.

The Risk Portal allows users to visualise information in a unique and instantly understandable way. Mapping filters enable the visualisation of incidents by threat category, time period, perpetrator and target type.

Risk Portal users can upgrade their accounts to include the Report Builder and Country Profile Generator features. The Report Builder allows users to select information, data and images from the Risk Portal and create bespoke reports and emails.

Subscribers to PGI’s Bespoke services receive tailored analysis on specific sectors and geographies of interest, delivered at a frequency they determine.

Visit the Risk Portal

Subscribe to our Cyber Bytes Newsletter

Keep yourself in the loop with PGI by signing up to our Monthly Cyber Bytes email. You will receive updates, tips and narrative around what has been happening in the world of information security.

Get in touch today

For more information on how we can help you or your business, please contact us via:

Related News

CISMP, CISSP and CISM - what's in an acronym?

20 Mar 2017

There is a wide range of different security courses available, and a mind-boggling array of certific...

Read news article

International Womens Day - Pioneering Women in Tec...

08 Mar 2017

Pioneering Women in Technology – Katherine JohnsonThe Oscar season has been and gone. The...

Read news article

Law Firms and why they need cyber security

06 Mar 2017

Suffering a data breach can be devastating for any company but for law firms the impacts can be part...

Read news article
Back to the News Hub

Follow us

+44 (0)207 887 2699
©2017 PGI - Protection Group International Ltd. All rights reserved.
PGI - Protection Group International Ltd is registered in England & Wales, reg. no. 07967865
Registered address: Cascades 1, 1190 Park Avenue, Aztec W, Almondsbury, Bristol BS32 4FP