Cyber Security Tips

As we spend more of our lives online, we become more vulnerable to cyber threats that can affect both our personal and professional lives.

The digital world is constantly growing, so everyone needs to be aware of cyber risks and take steps to protect themselves.

Here are some valuable tips from Richard Gordon, a Cyber Security Engineer at D&A College.

Cyber Security Tips

1: set up a strong PIN

When setting the security PIN for your devices, using a minimum of 6 digits is recommended. A 4-digit PIN may seem secure with 10,000 combinations, but it can be quickly guessed through 'brute force' methods, even if there's a lockout after multiple attempts.

In contrast, a 6-digit PIN offers 1,000,000 combinations. Increasing the PIN length increases the possible combinations, making it much more difficult and time-consuming for someone to guess.

2: check if you have been pwned

Have I Been Pwned (haveibeenpwned.com) is a website that enables you to check if your email address(es) or password(s) have been compromised and appeared on a breached list online. This occurs when we register for a service that experiences a data leak for various reasons.

The email addresses and passwords we used during registration are compiled into large lists, which hackers can then use to impersonate and access services that also rely on these credentials for access (authentication).

3: be careful buying new devices

Please be careful when purchasing devices from lesser-known manufacturers, especially those that connect to a network or store important data.

Such devices are often no longer supported by their manufacturers, making them vulnerable to hackers.

Without updates and support, these devices can be hacked or open to hackers to steal information and data.

4: watch out for phishing emails

Email phishing attacks account for approximately 90% of cybersecurity threats colleges in Scotland face. Phishing attacks often occur when you receive an email from an individual pretending to be someone they are not to trick you into clicking on links or providing personal information.

It's best to ignore emails from unexpected senders to avoid falling victim to these attacks. If something sounds suspicious or too good to be true, it likely is. Also, please be careful of spelling mistakes, although these phishing attempts are becoming more sophisticated to look legitimate.

If I ever receive an email that seems strange from a provider, I head directly to the website rather than via any links in the email. Signing in directly indicates typically if you need to update any information.

5: multi-factor authentication

Use multi-factor authentication on everything you can; it adds another layer of protection by confirming two different methods for access – this essentially works by signing in with a password on an app or website.

By using a different device that is trusted, you can confirm access either via an app or a text message. Most services now require this by default, and it is important that if you have not signed in, you deny access and update your password.

6: set up strong passwords

Use strong passwords at least 12 characters long, including a symbol, an uppercase letter, and a number.

It is worth using a highly reviewed password manager to generate strong, unique passwords for each account you have. Please have a strong password and ensure multi-factor authentication to access your password manager account.

If you can't use a password manager, use a long phrase you would use for all services and add the service name at the end. You could also add spaces to your password for added complexity.

7: report suspicious emails

If you have received any suspicious emails at Dundee and Angus College, you can contact icthelp@dundeeandangus.ac.uk for any queries and concerns or to get these blocked. We have many methods to prevent these emails from getting through; however, we occasionally require your help highlighting and preventing them.

If you receive anything suspicious, you can mark it as spam. Don’t click on anything within the email; contact ICT help for any questions or queries. You can also go to the National Cyber Security Centre (NCSC) website (www.ncsc.gov.uk/collection/phishing-scams), which helps guide you through reporting different types of phishing scams.

8: beware of malware

Malware is malicious software designed to be a collection of names you may know as viruses, spyware, ransomware, trojans, etc. Malware can be distributed and spread in many ways. Over 500,000 new methods of malware are created daily.

Having an up-to-date anti-virus and doing regular scans will help keep you protected, along with being vigilant on websites, browser extensions and applications.

9: keep updated

Updates... "Not again!" Yes, it might feel like a daily occurrence, but these are crucial. Often, updates are released because a new security vulnerability has been discovered in the software. As a bonus, these updates usually come with added features or improvements.

It's always wise to keep your software up to date. If you are no longer using a particular app or program, consider uninstalling it from your device until you need it again.

10: final points

- Could you share and keep updated on how cyber security relates to you and your chosen subject area? The stories are interesting, and you might be surprised that they can affect so many different areas of our lives now.

- Always have backups of anything digitally important.

- If something or someone online offers something too good to be true, or you have no idea who they are, ignore it.

- Stay up to date as much as possible.

- Finally, be confident to ask for more advice from someone you trust before being pressured into anything online.

 

 

Cyber Scotland website