Written by Gerard Healy
2020 has been a very challenging year for most of us, if not all. Our lives have been disrupted immensely, from how we socialise and work to how we shop. COVID-19 has greatly accelerated the shift towards electronic payments, be it online shopping, Google or Apple Pay or the adoption of new digital-only services like bitcoin or Revolut. Zoom parties have replaced face-to-face get-togethers and many of us have been forced to work from home, often for the first time. This big-bang evolutionary jump in our electronic lives has been often jarring, disorientating, and has required substantial effort to get our heads around. In a rush to adapt to this new “normal”, the focus for many of us might have understandably been on connectivity and productivity, rather than cybersecurity.
Good practices around information and cybersecurity should be a norm for us all. Just like eating your greens. If we shy away, our diet becomes unbalanced. Equally so, if we embrace it above all else. Achieving that balance allows us to imbed good practices into our daily lives. Here are some cybersecurity best practices that we can all keep in mind while working from home –
Don’t be a victim of Financial Fraud
With physical shops closed, many have flocked to online shopping as default or first preference. While eCommerce was already on the rise, many of us who traditionally shied away from it have now joined the fold for the first time. With this increase in online sales, payment card is now the most common type of fraud in Ireland today. We can protect ourselves against this fraud with a few simple changes in how we interact with these services.
- Use a credit card where possible. Credit card payments are insured and as a result, you’re protected against fraud. You don’t have such protection with Debit cards.
- The use of e-payment services such as Revolut, PayPal or similar can protect those who don’t own a credit card. By topping up, you limit your exposure is limited to your top-up values.
- If you have concerns with such services, you can protect your debit card with Strong Customer Authentication. This is effectively 2-factor authentication whereby you receive an SMS with a password that will expire within a short period of time, (e.g. 15 minutes). This stops someone who has stolen your card details from using it.
Protect your computer
This advice is as old as time. Ensuring that your computer is protected will protect you from viruses or malware that can damage, steal or hold ransom your data. Here are a few simple steps you can take:
- Always run an up to date anti-virus solution on your computer. Regardless of whether it’s a Windows device, a Mac, a tablet or smartphone, anti-virus solutions protect your data from theft or damage from malware. Companies such as AVTest will give you clear and impartial advise on which antivirus is best.
- Software firewalls such as the in-built Windows firewall should always be left on, when not you are connected to a network that is not known or not secured by a corporate firewall appliance.
- Where you’re not protected by an enterprise firewall, consider sandbox products to limit the potential of an infection spreading. These tools create a virtual segregation that protects your computer from the applications running in them. By running your web browser in a sandbox, it greatly hampers any malware from infecting your computer.
- Always split administration functions away from your main account.
- When you can, use your corporate VPN. VPNs encrypt all traffic from your computer back to your office. This means that if you’re working on an insecure Wi-Fi, e.g. in your local coffee shop, the data cannot be snooped or stolen.
- Install your updates. Updates are released to close security vulnerabilities, as well as improvements to functionality and stability, so should always be applied.
Get rid of that USB
Many of us still carry a USB hard drive or fob for moving data between computers and locations. These devices can easily be lost or stolen. In cases where company data is stored on these devices, such losses must be reported to the Data Protection Commission. That can do a lot of harm to your employer’s reputation and damage customer confidence. Even if the data is only your family photos from your last holiday, once these devices are lost, the data is gone forever. Rather than using such hardware, transfer your data through cloud storage solutions such as Google Drive, OneDrive, Dropbox, etc. Where the data is corporate data, speak with your IT. This will ensure that you use the appropriate service, as data processing, data retention and other information security agreements may be in place with a preferred vendor.
Backup Your Data
Always, always, always back up your data. When a computer fails, when a USB is lost or stolen, when a DVD (remember those?) is damaged, the data is almost always gone. Expensive and often futile services can recover some data, but that can be a role of a dice, especially when the hard disc is the part that failed. Many free backup tools can be pointed to a service of your choice, such as OneDrive or Google Drive, but where possible use these services’ native tools. They’re usually much more secure!
Never Reuse Passwords
Last and by no means least – never ever re-use a password. Passwords are a huge part of cybersecurity. So make sure to never write passwords down and always change your passwords regularly. Use a password management tool to generate complex passwords and store them. They’re worth the investment of a few Euro.
When you reuse a password, you increase your exposure. If a hacker identifies your username (which is usually your email address) and password combination, they can use this to compromise every service that you’ve used this combination on. If you’ve also stored your card details on one of these sites, then your card is now compromised. And if this card is a debit card, you’re not insured against any fraud that may occur. It’s your choice, but I’d rather pay for a password vault.