Keeping your IT secure – some hints and tips from Jackie Latham of Jackdaw Web Design
It goes without saying that we are living in very uncertain times. The last two years, plus the terrible situation in Ukraine, have left us all feeling, at best, unsettled.
None of us know how the world will change in coming months, and much of it will be out of our control. But there are things you can do to make you and your charity just that little bit safer.
We already know that many of the recent cyber security issues, both large and small, have originated in Russia, so it’s not unreasonable to think that these will continue or may even escalate. But even small voluntary organisations aren’t powerless to deal with these threats. There are things you can do to secure your PCs, tablets, phones and websites.
If you do think that your IT network is at particular risk then you should consult a cybersecurity professional. However, based on my experience of working in corporate and small business IT for longer than I care to remember, here are a few tips to keep you safe:
Keeping your devices secure
There are three main types of ‘hack’ which happen with a fair degree of regularity:
- A hack – where someone gets access to your device and can then use that access to steal valuable information such as bank details, personal information or passwords.
- A ransomware attack- where you suddenly see a message saying that everything on your device has been locked and that you need to pay to get the password to unlock it.
- Phishing – where you receive what looks to be a legitimate email that directs you to a site where they get you to enter your personal details and then use them to steal your identity and to hack other sites.
Apple devices have their own unique way of dealing with hackers but if you have Windows PCs, laptops and tablets, or Android tablets and phones, here’s what you need to do:
Install a decent antivirus/firewall
You often see these described as ‘Internet Security’. There are free ones available such as Avast, but free ones are limited in what they can do and the rate at which they’re updated when new viruses come along. The best free one for Windows is Microsoft’s own in-built firewall, but again it’s not the complete solution, nor is it as good as the best paid-for firewalls. When choosing your antivirus/firewall look for:
- Lots of good consumer reviews, which praise not only the security and ease of use, but also customer support
- Extra functionality. The best ones will also include such things as protection against ransomware attacks, a vault to store your passwords, and a VPN (Virtual Private Network) which hides your connection completely when you’re visiting, say, your bank’s website.
Back up your PC, laptop, tablet or phone regularly
Options for backing up tablets and phones are limited to cloud solutions (such a Google Drive, OneDrive or Dropbox). These are for taking automated backups that run all of the time, but the big problem with them is that if you do get infected by a hack or by ransomware, the infection will instantly spread to your cloud storage making the backup useless. If you use a PC or laptop then you can get around this by buying an external disk drive (large enough to take a backup) and then regularly copying your files to this disk drive, remembering to unplug it from your device as soon as it’s finished backing up. This way you’ll always have a clean copy of your data, though of course it won’t be bang up to date.
Keeping your emails secure
As with keeping your devices secure, there are two aspects to this – backups and securing against hacks and data theft.
The trick with backing up email is to first download them all to your computer so that when you run the backup for your device it will include your emails too. Simply having your email app open when you run the backup won’t include the emails in the backup – you have to download them to a file. The instructions on this vary depending on which app you use to access your emails.
Like backups, these instructions only apply to PCs and laptops. Backing them up using a phone or device is much more problematic. Here are some links to instructions for the most popular apps:
Outlook (ie the app not the email provider) – https://support.microsoft.com/en-us/office/back-up-your-email-e5845b0b-1aeb-424f-924c-aa1c33b18833
Yahoo – there is no good solution for this. This is their suggestion – https://help.yahoo.com/kb/SLN5033.html
Hacking and phishing
Phishing is something that only happens via email. Basically, the hacker will send you an email that looks as though it has come from a company you do business with, typically a bank. At some point it will ask you to login to the company’s website, only it won’t actually belong to the company, it will have been cloned but will belong to the hackers. In this way, they can harvest your personal information and use it to hack your real account.
There are ways to spot a phishing attempt but they’re getting harder and harder to spot. Things to remember are:
- Your bank will never send you a link to their site. If they want you to login, they will ask you to visit the site and login in the usual way.
- Your bank will never ask for your full pin number, even when you do login via their site. Typically, they will ask for a selection of characters from the pin rather than the full thing.
- If you have any suspicions at all, call your bank and ask them if they’ve sent an email for you to action.
And NEVER open an attachment unless you 100% trust the person who sent it, and you were expecting to receive it. Again, if you’re even the slightest bit suspicious, it only takes seconds to pick up the phone and check with the sender.
Keeping your website secure
Finally, a word about websites. Again, the same advice applies:
Firewall and antivirus
If you have used something like WordPress to build your site, make sure that it has its own firewall on there and that it’s been configured correctly. Don’t rely on your web host’s firewall as their firewall surrounds the whole server rather than just your website, meaning that if anyone else has a site that is hacked the hackers can easily jump from one website to another. For WordPress sites, the market leader is called Wordfence, which can be downloaded for free from the WordPress repository. This is a great guide on how to set it up and configure it – https://www.wpbeginner.com/plugins/how-to-install-and-setup-wordfence-security-in-wordpress/
Don’t rely on your host’s backups. Not all hosts take backups, and even ones that do will never guarantee them 100% so it’s up to you to make sure that your site is backed up. If you have a WordPress site you can use a free backup plugin such as UpdraftPlus, but when you’re setting it up make sure that you store the backup in one of their external storage options such as Google Drive. If you don’t have a WordPress website, speak to your provider to ask them for their recommendations.
And finally, a word about passwords
- DON’T share your password with anyone
- DON’T use the same password on more than one site
- If you have the option then DO switch on two-factor authentication.
I hope that’s been useful and has taken some of your worry away. Any questions, feel free to contact me, Jackie, at firstname.lastname@example.org