Top 5 cyber security mistakes: by home users
Home users are just as vulnerable as businesses to malicious cyber activity, but are less likely to put basic security measures in place to protect their information. Here are the most common mistakes made by home users.
1. No antivirus software
This is one of the easiest and most effective ways to safeguard your computer and personal information and yet it is something many home users just don't use. There are also a lot of myths around anti-virus software—from making your system unstable, to it being unnecessary for Mac computers—but the truth is that anti-virus software is critical to safeguard your information.
Your information needs protecting, as it includes online banking details, passwords, identity details and files you would be very sad to lose.
If you have antivirus software already installed then you're halfway there. The other part of this measure is to make sure your program is updated regularly. Most programs have an 'auto-update' option—enable this if possible.
When you first install anti-virus software on a device, run a 'full scan' of the system to ensure there are no pre-existing virus infections, and then set up regular scans.
2. Password pain
The old post-it note next to the computer, using words like 'password', or not having a password at all… Passwords must be strong and secret to protect your information. Many malicious cyber actors will use programs to crack your password. If you have used a word from the dictionary, it's not going to take long to crack it.
Use a passphrase adopting symbols and numbers rather than just letters, for example change "waltzing matilda" to "Wa1t$in9m8ti1da". These strong passwords are very hard to crack.
It's also important not to use the same password across multiple accounts. If this password is stolen or cracked then all accounts with this password will be vulnerable before you realise it's not secure. Using a password manager is a handy way to keep track of all your passwords.
Remember also to be mindful of passwords on smart devices—anything that connects to your network—and change the default password (smart fridges, baby monitors, air conditioners, etc.).
3. No back-ups
A regularly overlooked measure, this one can save you a world of pain. If you are a victim of Ransomware (very common threat facing home users), hardware failure or theft, then having a back-up can save you a lot of distress. Imagine losing all your family photos or all your music. Back-ups are definitely worth it!
Many backup services offer an option to automatically schedule backups, so it's easy to perform them daily or weekly. Remember to store your back-up offline in a safe location—many victims of Ransomware have also had their back-ups infected because they were still connected to the network!
It's also recommended that backups are performed shortly after completing a virus scan.
4. Not installing software updates
Keeping your operating system and applications up-to-date is one of the best ways to protect your information and system.
Hackers or malware can find weaknesses in software (called vulnerabilities) that they exploit to access your computer or device. As the software owners become aware of the vulnerabilities, they issue updates to remove the vulnerability. This is not just for smaller software companies—in 2017 a massive Ransomware attack that crippled systems across the globe exploited a vulnerability in a Microsoft operating system. The attack actually happened after Microsoft issued an update to fix this vulnerability (which means the affected systems had not installed the available update).
Why is it important to install updates as soon as possible? To limit the amount of time hackers have to find and use these weaknesses. The longer a vulnerability is left unpatched, the more hackers will know about the weakness and how to use it.
You receive a strange email from someone you met once inviting you to join a new social media platform so you …click.
You receive an email with a free coffee voucher from a café or a discount on sunglasses attached so you …click.
You receive an email from your bank telling you to use click the below link to login to read a message so you …click.
Opening unknown websites or downloading attachments is an easy way of compromising your system. This is a tricky measure because we receive legitimate emails constantly with legitimate links and attachments.
Here are some tips:
- Pause and think carefully before clicking on links in email, messages or on social networking sites. Don't click on links in messages if you don't know the sender or if the message is unexpected.
- If you think a link looks suspicious or you can't tell where it leads to, before you click hover over that link to see the actual web address it will take you to (usually shown at the bottom of the browser window). If you do not recognise or trust the address, try searching for relevant key terms in a web browser. This way you can find the article, video, or webpage without directly clicking on the suspicious link.
- Many banks and other service providers will never send you a link to login—always navigate to websites that hold your trusted information (rather than follow a link).
Expand shortened URLS to check if they are safe. Short URLs are often used in social media. There are a number of services that create short links - such as goo.gl, bit.ly, tinyurl.com, ow.ly and youtu.be. To check if these links are safe you can use an URL expander to get the original URL from a shortened link without having to click through to the destination.