Top Tips for Staying Safe Online- Part 2

09 Sep 2015

Top Tips for Staying Safe Online- Part 2

By Adam King - Security Consultant at PGI Cyber  

As a security guy, the most common question I find myself being asked is, “how do I stay safe online?” In this second article, I will cover some other methods to keep safe online.

Recovery questions

If we drill down to the basic level, a recovery question is a type of password. The answer to the question is supposed to be a secret which only you know the answer to, however, the questions posed by almost every organisation are often very insecure – it is almost certain that close friends and family will know your mother’s maiden name or your first school. My advice for these questions is to use something which isn’t the correct answer, or something which is - in a sense, a password.

You may get a confused response when telling a customer assistant over the phone that your mother’s maiden name is Trombone123, however it is safe to assume that nobody else will think to give this answer when attempting to gain access to your personal information. By using this method, even if an attacker were to find out the required information from the likes of Facebook and, they will be unable to use this information against you.

Account Privacy and Security Settings

Leading on from recovery questions, it is important to recognise where this sensitive information may be in the public domain. For most users, the answer to this will likely be social media sites. Luckily for you, it is a very simple process to go to your privacy settings and remove this information or replace it with fake details – there is nothing wrong with leaving a few red herrings for the bad guys.

Enabling two-factor authentication is also highly recommended for applications which support this functionality. By doing this, you must login using a username and password, and also a security code which is sent to your mobile device, ensuring that nobody can access your account without physical access to your phone.

Finally, a lot of online applications will allow you to configure alerts via text or e-mail when your account is accessed. Receiving one of these alerts may start ringing alarm bells, and as such you may encourage you to change your password or contact the organisation to verify where this login has come from.

Phishing e-mails

Last but not least, phishing e-mails are a common cause of losing personal information to a malicious party. Most of us will receive these e-mails daily, however a lot of them will be filtered as spam and you may never see them.

It is important to think about the content of e-mails requesting personal information. Why would an organisation initiate contact with you and ask that you prove who you are? They are the ones who have made contact and should therefore be the ones to prove authenticity.

Verify the source of e-mails. Ensure that you have checked, double checked and triple checked the domain (after the @ symbol), for example has a spelling mistake which could be missed. If there are mistakes in the e-mail address, it cannot be trusted.

Given time, forward these e-mails to an appropriate handler. Many companies have teams that will investigate scams, and in some cases will distribute e-mails to all customers warning them of phishing attacks or will contact e-mail providers to block these messages.

Stay safe. 

Share this article

Subscribe to our Cyber Bytes Newsletter

Keep yourself in the loop with PGI by signing up to our Weekly Cyber Bytes email where you'll be receiving updates, tips and narrative around what has been happening in the world of information security.

Related News

CISMP, CISSP and CISM - what's in an acronym?

20 Mar 2017

There is a wide range of different security courses available, and a mind-boggling array of certific...

Read news article

International Womens Day - Pioneering Women in Tec...

08 Mar 2017

Pioneering Women in Technology – Katherine JohnsonThe Oscar season has been and gone. The...

Read news article

Law Firms and why they need cyber security

06 Mar 2017

Suffering a data breach can be devastating for any company but for law firms the impacts can be part...

Read news article
Back to the News Hub

Follow us

+44 (0)207 887 2699
©2017 PGI - Protection Group International Ltd. All rights reserved.
PGI - Protection Group International Ltd is registered in England & Wales, reg. no. 07967865
Registered address: Cascades 1, 1190 Park Avenue, Aztec W, Almondsbury, Bristol BS32 4FP