What do You Meme, Online Security?

Look, in an age where we all have the attention span of a gnat, reading a lengthy article about the ins and outs of cybersecurity (or online security, infosec - whatever you want to call it) is probably the last thing on your mind. In fact, you’ve probably wandered off to browse Instagram, haven’t you?

You back yet?

Cool.

In an effort to try and hold that notorious attention span, you’ll be pleased to know that this informative read is in the form of memes.

Software Updates, the bane of your life.

Windows 10 got you down? Antivirus constantly interrupting your 10 hour YouTube spree? Unfortunately, like most of the important things in life it’s annoying because it’s important. Just like constant dentist check up reminders and texts from your mum about going to the doctors, without constant badgering you’d probably never get it sorted. If you’re the kind of person who likes nothing more than clicking ‘remind me later’ then have a rethink – the recent ‘WannaCry’ attack stemmed from a Windows vulnerability that was quickly patched and updated. unfortunately too many folk continued on ignoring the update reminders, blissfully unaware that a simple 20 minute update may have saved their machine…

If you’re an individual? Suck it up, update your computer. 20 minutes, after all, is enough time for a biscuit and a brew. If you’re a business? Set up your IT policies so that users can only ‘remind me later’ so many times before they’re forced to update. Sure, it’s annoying – but then again so is losing all of your data to would be hackers.

Catch of the day when out Phishing

Ok, so this is technically correct – but we’re pretty sure no working day goes buy without filtering through a couple (of hundreds…) of emails. Once the preserve of rather unsophisticated emails asking you to transfer bank details, so you could be sent your winnings from a lottery you didn’t enter, or a message asking for your passport details so you could be matched with a long lost rich relative – phishing emails have become increasingly sophisticated. Spoof email addresses that mimic Gmail or PayPal are all too common – we’re even seeing emails that look like they’ve come from someone within your organisation which can make a simple Outlook browse quite the minefield.

So, what should you do? Always check the senders FULL email address, if it’s a phishing mail the address will likely appear somewhat ‘dodgy’. For example an official PayPal email will be from an address like [email protected] (check the ending, something like .net or .org would be unusual) whilst a dodgy sender will look something like the below:

If the email asks you to log into a specific account to check over purchases or details, open a separate browser window and navigate to the site from there. Phishing emails often include links that open to near-identical login pages – which are then used to steal your login details. Finally, if you have ANY concerns over an email DO NOT CLICK ANY LINKS. We can’t state that too many times. DO NOT CLICK ANY LINKS. One more time for those in the back: DO NOT CLICK ANY LINKS. Phew, think you got that. Something doesn’t look right? Be sure to give your IT department a heads up so they can monitor for these sorts of things.

Password? Let's try 'Password'

Sorry to spoil the illusion, but most people will get into your computer or network because your password is usually *sighs*… ‘Password’. Or ‘Password1’ if we’re being fancy. Know how hackers usually hack? By exploiting the end users inability to create decent passwords.

‘12345’

‘Facebook’ for your Facebook login

‘LinkedIn’ for your LinkedIn login

‘Chelsea’ because you have questionable taste in football

Sure, they’re easy to remember – but they’re also easy to guess. A lot of the blame lies with websites and your own network rules – if you let people get away with daft or weak passwords then you’re partly to blame, because folk will always pick the easiest route. A good password has traditionally consisted of an uppercase and lowercase letter, a number and a special character (!￡@?) and no, P@ssword1 is not going to cut it. There’s also some thought online that the ‘Correct Horse Battery Stapler’ method of choosing four random words actually generates even better password strength – and is easier to remember than a hundred various combinations of numbers, letters and special characters.

Oh, one more thing… don’t go to the trouble of writing a brilliant password only to write it on a post-it note and stick it do your monitor. It’s like driving a car with no wheels, good to look at but utterly useless.

Same as a would-be burglar is more likely to pick the house with open windows and unlocked doors, someone with some not-so-great intentions is more likely to attack a device or network that’s easy to get into. And what’s the biggest weakness? Sorry to tell you, but it’s you. And your IT team are probably tearing their hair out over it. But, just like passwords can be hard to remember, so can being aware of your security. So, for simplicity, try these three S’s:

Software – Update it when prompted

Strong – Passwords. Make it strong, make it memorable.

Savvy – Scrutinise emails, be smart when you click links and if in doubt, ASK

Keep browsing and keep safe out there. After all, you don’t want the world to know that you’ve got a terabyte of kitten pictures stored on your work laptop… do you?