Adambrae - Residents Association & Neighbourhood Watch

Online Security

Keeping safe online is becoming increasing important as we spend more of our time on the internet and share our information to many different online companies and services.

The best practice is to think what information you are giving out and to try to limit or obfuscate it where possible.

How to protect yourself

One of the most effective ways to protect yourself is to keep all your software up to date - it is easy to delay updates, but you really need them for maximum security.

Similarly, you should really try to run the newest version of your operating system, that you can. Windows XP and Windows Vista are now no longer supported, so no new security updates for them.

Windows 7 support ends on 14th January 2020 and Windows 8 will end support on 10th January 2023 - MacOS (formally OS X) is dependent on what hardware you have, the older the machine, the older the maximum version you can upgrade to.

Next is to have a good backup strategy, and use security software like Microsoft's built-in Windows Defender - we'll go into that in more detail below.

Malicious Software

Things like viruses, worms and trojans can spy on you, steal your sensitive data, and gain backdoor access to your system.

Ransomware will typically encrypt your data and send you a ransom message to unlock it - but even if you were to pay the crooks there is absolutely no guarantee that you will get your data back.

This is why having a good backup strategy can help because you can simply wipe your drive, restore an image backup and you will be back to normal.

Attachments

Email attachments are one easy way for malicious software to get onto your system. So only open attachments from people you know - and even then, only if you are expecting one.

If you are unsure, then contact the person and ask if they sent you something - and what it is before you decide to click on it or not.

Installing Software

Installing software is another prime way for malware to be installed on your computer.

If you have to download software, please go the original website that made the software and not somewhere else like downloads.com

Sites like that will quite often wrap the actual download with their own software that will install unwanted and possibly malicious software.

You should also slow down a bit when installing software and actually read the dialog windows that popup - as you quite often have to opt-out of automatically installing additional unwanted software. They also hide these opt-out checkboxes by placing them in an advanced or custom section that you have to click to see.

Online Payments

Ensure any payment pages you use are secure before you enter your personal information or card details.

You can tell if this is the case if the address starts with 'https://' (the 's' stands for secure) and there's a locked padlock in the address window.

This padlock or even the whole address bar may also be coloured green which is an easy visual indication that your connection is encrypted and safe.

The exact way this may look on your computer will vary depending on what browser you are using - but the "s" in "https" is the definitive way to know. If there is no "s" then it is NOT secure and you should not continue.

Free Payment Protection

If you use a credit card for purchases between £100 and £30,000 you will get FREE protection under Section 75 of the Consumer Credit Act.

If a company that has sold you something goes bust before the item is delivered, or if it's broken and the supplier won't sort things out, you can still get a refund from your credit card provider.

This applies even if you only pay a portion of the total cost of an item on your credit card.

For example, if you put a £100 deposit down on your card for a £25,000 car and pay the rest via a loan, you can still claim the full amount on your card if you have a problem with your purchase.

Adobe Flash

Flash is becoming ever increasingly vulnerable to online threats, some web browsers have even started disabling Flash Player content by default for security reasons.

However, some websites still require Flash Player to display certain types of content but this is becoming less common.

Please always make sure you are using the most recent version of Flash and NEVER update the plug-in directly from a pop-up warning message as these can be bogus.

The best thing to do is to download the update directly from the Adobe website and remember to check for opt-out checkboxes.

Adobe Flash: Optional Offers

Currently, that page has optional offers for McAfee Security Scan Plus and True Key™ by Intel Security checked to be installed - please uncheck these as they are not required and could be another vector for malicious software.

User Accounts

Within Windows, there are admin and standard user accounts.

Most people's account will be automatically set as an admin - this means that their account can do anything within Windows.

However, if someone gains access to your computer then they can do everything that you can - so it is better to restrict your account by making it a standard account.

Don't worry as you will still be able to make administrator-level changes; you will just need to provide your administrator password when making these changes.

You should first create a brand new administrator account (with its own username and password), then you can downgrade your main account to a standard user account. Please google for a detailed guide on this process.

Phishing

Phishing (pronounced fishing) is the attempt to obtain sensitive information such as usernames, passwords, credit card details (and indirectly money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication.

They may try to gain access to your computer or trick you into installing something which will secretly give them access.

Often, they will disguise themselves as your bank, Microsoft, Apple, Sky, Amazon or basically any identity that they believe will get you to trust them.

There will quite often be a sense of urgency or panic in these communications to try to get you to act quickly without thinking.

Phishing emails may contain links to websites that are infected with malware or to a website that visually looks identical to - for example - your bank's website and ask for information like a login username and password.

These and other social engineering techniques are used to try to deceive people into voluntarily giving over information or access.

The easiest way to protect yourself is to NEVER click on links in emails - if it is your bank or other service feel free to manually go to their website by opening your browser and typing in their web address and login like you normally would.

From there you will probably see any urgent messages - if not it was probably a scam email. For peace of mind, you could call your bank and report the email.

Cold Calls

Phone calls from someone pretending to be Microsoft are in particular popular but you can get these scam calls from any company.

These tend to say that you have a problem, and might even walk you through doing something on your computer to either install malicious software or to scare you into doing something, providing payment or personal information.

Microsoft is a big pull for scammers because Windows has about 1.5 billion active users, so nearly everyone they call could be a potential victim.

With 1.5 billion active users - Microsoft will NEVER call you - it is completely unfeasible financially or from a staffing point.

Either ignore these calls or simply say you don't have a computer and hang up.

Call screening using your answerphone or something like a Truecall Call Blocker is another great option to avoid scammers and indeed all cold callers or silent message callers.

Passwords

Remembering and entering passwords can be a nuisance which is why many people tend to use one or just a few passwords over and over again on different websites.

This practice is particularly dangerous as all it takes is one website or service online to have a security breach and then all of your online accounts could be at an increased risk.

Recently there have been many examples of security breaches online with companies like Yahoo, LinkedIn, Wonga, Tumblr, Sony, Cloudflare to name but a few. In the case of Yahoo, they had over 1 billion accounts compromised in what was the biggest data breach in history.

If you want to see if you have some potentially vulnerable online accounts you could visit haveibeenpwned.com and enter in your email address or username. You will then see information about any breaches you may have been subject to, what types of data that were compromised and what to do about it - like changing your password.

One of the most important things you can do to protect yourself online is to have good strong passwords for every website that you log into. These passwords really do need to be unique for every single website or online service you use.

Obviously, over time, you can accumulate hundreds of websites that each require a password to login and it is, therefore, unfeasible to remember all of these without some sort of help.

This is where password managers come in.

A password manager is a simple program or online service that will keep all of your login details safely in one place - and usually encrypted. There are a whole load of password managers available, some better than others but whichever one you do pick, they will be far better than reusing passwords.

Lots are free, some have a one time charge, whilst others have a small monthly or yearly amount. Most of them will work on multiple operating systems e.g. Windows, Mac, Linux, Android, iOS or Windows Phone but please check before selecting your password manager.

Some popular password managers are Lastpass, Keepass, 1Password and Roboform.

To enter your password manager, you will only need to remember one master password to access everything within - so please make sure you make it a strong and long password. Access will generally time-out after a period of time - whereby you will be prompted for your master password to regain access.

Most managers will also offer more features other than just remembering your passwords.

Password generation

What this feature does is to create random passwords using uppercase and lowercase letters, numbers and special characters like ?!$%*)

Normally you can change what types of characters it uses and the length of the passwords it will generate.

It is generally considered that the longer the password the better, so try to set it to something like 20 or more. 14 should be your minimum, but as you do not need to remember them, you may as well set it higher.

Form filling

Every time you shop online or visit a website with a form to fill in - it will quite often be asking you for the same information time-after-time.

As your password manager has this information within its database, it can offer to fill out your name, address, and other information automatically.

This will save you lots of time, but also prevent miss-typing of information.

Secure Notes

Sometimes, as well as login details you may want to remember other private information like Wi-Fi Network passwords, PIN's, email settings, software license keys, etc

Most password managers will let you create secure notes which you can use to remember anything you want.

When you visit a website your chosen password manager should popup and offer to fill in the login information - you just confirm that is what you want and it will fill in and submit the form.

If you want to find a safenote or login then most managers will allow you to search your secured data.

Two (or multi) Factor Authentication

A lot of password managers will support two-factor or even multi-factor authentication for added security - which we recommend you use if available.

In fact, you may have already used this feature elsewhere without knowing what it was called.

e.g. If you have ever tried to login to something and been told that they are sending you a code to your phone that you'll have to type in - then this is one form of two-factor authentication.

Authentication can be something you know (like a password), something you have (like a phone) or something you are (like a fingerprint).

Increasingly, most banks, financial services and some online accounts will require two-factor authentication for all or certain access.

Backup

The most important part of any computer is your data - hardware and software can be replaced but data is priceless. Everything from photos, videos and documents are what really matters - just imagine how you would feel if you lost any of them forever. This is why a good backup system is vital for peace-of-mind.

Having just one copy of data is just asking for trouble as you could lose it in many different ways:

Hardware Failure: storage like hard drives will ALL eventually fail - either slowly over time or suddenly without warning.
Damage: Physical Shock, Fire, Flood, Electrical surges or strikes can all kill your hardware and data.
Malicious Software: Things like viruses, trojans and ransomware can delete, change or encrypt your data.
Theft: If your computer is stolen you can wave goodbye to your data.

There is no reason to put off backing up your precious data as you can do it all for free - or for added benefits or features for a small one-off, monthly or yearly price.

The more copies you have the better, but implementing a 3-2-1 backup policy is generally all that most people need.

3-2-1 Backup

This is a strategy where you have 3 copies of your data on 2 different storage types with at least 1 being in another physical location.

If you have data stored on an internal hard drive, make sure you also have a secondary storage type, such as external or removable storage, or the cloud.

External Storage

Large capacity external drives are an ideal option as you can have fast, low-cost local backups in one simple unit. These can be bought in varying sizes and costs depending on your personal data needs.

e.g. A 1TB drive can be bought for roughly £60, a 2TB for £75 and all the way up to a 5TB drive for £135

Network-Attached Storage

Another option is a NAS drive (Network-Attached Storage) which in many ways is like an external drive but will in most cases have multiple drives inside.

These cost much more but will allow every computer to access the unit through your network - making multiple device backups easier and data sharing a doddle.

You can also use them for a whole host of other things like a media server, cloud syncing, surveillance system, etc.

The big benefit, however, is redundancy. Depending on how many drives you have installed, you can be sure that your data will be safe even if one hard disk drive fails (or in some cases multiple drives).

Backup Software

As well as the hardware, you will probably want automated software to do the actual backing up.

You could actually do manual backups by clicking and dragging files and folders from your computer to your backup drive but this is prone to mistakes and you are only going to remember to backup occasionally so you should use some sort of backup software instead.

Some good examples are: Acronis True Image, EaseUS Todo Backup Free, SyncBackFree, Paragon Backup & Recovery Free

Most software can be set to backup automatically on a regular basis - without you having to do anything. This is a great feature as remembering to do backups it one of the biggest stumbling blocks for protecting your data.

Some will do fancy things like detect when you attach your external drive and automatically start the backup process - literally plug in and backup.

Others can take a complete "image" of your drive so that if your computer breaks or you get a virus, you can restore the computer back to working condition in minutes.

Cloud Backup

Cloud Backup is a good option if you need offsite backups for your 3-2-1 backup strategy.

There are many different options for this, but here are some popular services that you may want to take a look at: Carbonite, dropbox, onedrive, CrashPlan, Backblaze, box, SpiderOak

Most online solutions will cost a monthly or yearly charge as their free service is normally limited in size or speed.

However, if you subscribe to Microsoft Office 365 then you will have up to 1TB of free onedrive online storage already. And even better than that, you can have 5 users on that one license, each with their own 1TB of storage - great for a family. A free 5GB plan is also available.

If you have an Amazon Prime account you will have access to unlimited photo storage.

iCloud storage has 5GB free space but will cost £6.99 for 1TB per month.

The single best online service for photos and videos is google photos where you can have free unlimited storage and automatic organization as long as they are only up to 16MP and 1080p HD.

You don't need to use cloud backup for the 3-2-1 as long as you keep a backup on say an external drive that you then keep offsite - like a family members house.

This can be pretty awkward to keep it going as you will have to move the drive between both locations in order to do subsequent backups.

But for a one-off backup of all your data say every few months, this could be a viable option.

Photos

If like most people you use your smartphone as your camera, then you can set it to automatically upload all of your photo's.

It is probably best to set it to only do this over Wi-Fi so that you don't incur charges - and besides it will be faster.

Remember that if you backup your files to another location and you then delete the files off your computer - you have NO backup as there is only one version of your file.

You can also set it to backup to more than one place for added redundancy. So for example, you can use google photos AND Microsoft OneDrive - the more services you use the safer your photos and videos will be.

Sync or Backup

I should also point out that backing up a file is quite different to syncing a file.

If you backup a file you make a copy of it and put it somewhere else - you then have two copies of the file.

If you sync a file it will look at two or more locations the file is, work out the newest file and overwrite the oldest ones with the newest.

This can be good if you want to keep changes to your file up-to-date on all devices.

But if you change the file or delete it and it then syncs, there is no going back (unless your backup provider has versioning).

Security Software

One of the best things you can do to protect yourself is to make sure that your Operating System (Windows, macOS) is up to date. You also need to make sure that your browsers are also updated to the newest version to make sure you have the best protection.

Some of the biggest threats on the internet today are viruses, spyware, ransomware, malicious software, phishing scams and potentially unwanted programs (PUP's) as well as many others.

If you have Windows 10, you already have a good free antivirus program called Windows Defender. If you're following common sense and other good security practices, Windows Defender is probably all you need.

Anti-Virus & Malware Software

There are so many security software packages available - some free and some paid.

Kaspersky Internet Security 2017 costs about £15 for 3 device protection each year and is consistently ranked at the top of various antivirus tests,

BitDefender Antivirus Plus 2017 costs about £25 for a similar 3 device license.

There are also free options like Bitdefender Antivirus Free Edition, Avast Free Antivirus and AVG Antivirus Free

Please also note that paid software usually has free but limited versions of their software.

McAfee is a well-known antivirus but has consistently shown poor performance in detection and removal so you should avoid it and pick one of the ones mentioned above.

Antivirus by itself is not always enough, sometimes you may need something like Malwarebytes to detect and remove malware and PUP's

You can download the trial of the paid version and use it for two weeks, after which you can keep using it for free Anti-malware, Anti-spyware and Anti-rootkit which is more than adequate - or you could buy it for the full software features.