October is National Cyber Security Awareness Month, and in this series of blogs we will be providing simple tips and tricks to help you and your staff remain ever vigilant against the threats that criminals pose to our digital lives.
This first blog will aim to look at you and your device, how you handle it and safe tips of use and secondly, how to use your device when out-and-about in a safe manner.
It’s all about you
Every day, we sit in front of devices, whether it be our mobile phones, our laptops, tablets, or desktop computers and spend hours typing and swiping away. You are doing this right now, and if you look around you right now, you can probably see countless other people doing the same as you.
Let’s get physical
Imagine you were a criminal right now. Take a moment to look around you. Can you see an easy target? Can you see an unattended laptop or phone? One often overlooked feature about technology is that we are often carrying hundreds if not thousands of pounds, euros or dollars-worth of equipment in our pockets and backpacks. Devices are now smaller and more powerful, and so it allows us to work in more flexible spaces, but often these smaller devices get forgotten, and so we read headlines about the number of devices left in taxis or trains. In 2014, it was reported 190,000 people lost their phones alone in Black Cabs (https://metro.co.uk/2014/10/06/lost-your-phone-in-a-cab-youre-one-of-190000-people-who-do-every-year-4893920/). It is too easy for your phone to slip out of your bag or pocket, and with it goes access to your life, your emails, bank and more. Watch your phone, zip your bags up and check them before you leave.
Show me the data
I do quite a lot of commuting on trains across the country. It never ceases to amaze me the number of laptops and bags that get left on tables while someone pops away from the table. Sometimes I get asked "could you just keep an eye on this?" For sure, and I might send an email or two as well. Maybe read the documents. With two hours to spend on a train, it is natural that we will get our laptops out and start working. However, be aware of prying eyes. The technical term would be shoulder surfing, someone looking over your shoulder at what you are doing. With papers strewn across the table, it is easy to be giving away details of plans, financial figures, potential new clients, your name and contact details. So, consider covering up your screen by using a screen protector to stop prying eyes looking at your screen. If you must get your paperwork out, always get the minimum amount of paperwork out of your bag and keep the rest hidden away from view. And, if you must leave the table, take your data with you. You may have to pack everything up, but it is better to be safe than having to explain to your boss why you no longer have any of your sensitive documents.
No password data
You may be feeling safe with your encrypted laptop and your fingerprint recognition phone, but have you ever stopped to look at your desk and realise, paperwork does not need a password. It sits there unencrypted for anyone to read. If you open your diary or notebook, what data do you have stored in there that, should it get into the wrong hands, would be useful to a competitor? Names of clients, details of meetings, telephone numbers, costs? I often see on public transport all sorts of paperwork out on tables. From solicitors reviewing case notes before a trial to a CEO going through the sale documents of their business and deleting the bits as he said to his colleague "I don't want to show them that bit." Sure, this comes under shoulder surfing I guess, but also remember, if you put a piece of paper in a bin, make sure the data is secure that is on it. Consider using a shredder instead.
Working when not in the office
In an office environment, we feel like we are in a safe and secure environment. We use a fob to get through the gate, walk past the security guard, into an office surrounded people who know who we are, and we plug our device into a corporate security system. But what if you are not working in the office? Working from home or a coffee shop means you are outside of those security controls, and you need to modify your behaviour accordingly.
Home Sweet Home
When working from home, you are still in a slightly more controlled environment; it is a known physical location, with known door locks and security and a known home router. However, some people may be living in a house-share. That shared internet connection means that the other members of the house will be sharing it with you. You do not know their security, so you need to protect yourself. A simple way would be to create a dedicated network that is secured end-to-end – this technology is called a VPN, a Virtual Private Network and this can connect you back to the office securely.
Another favourite haunt for the remote office worker is the coffee shop. Similar to above, you need to keep an eye on your devices. Who is looking at your screen and who can see your notepad? Also, think about that free wifi you connected to, was it Wifi_Cafe, WifiCafe or Free-Wifi? Criminals can use a device called amusingly, a 'pineapple.' This device creates a wifi access point that the criminal is in control of, it can be named to anything. Anyone who connects to it will find their data going through the criminals hands before going on to the internet. From an end-user view, you might not even know that you are connected to a criminal's access point. This "man-in-the-middle" attack is excellent for the criminals as all they need to create is a name similar to the Café's access name and sit back and wait. Everything you type and do will go to the attacker on the way to the internet. So that VPN we mentioned earlier would be advantageous here as the attacker won't easily be able to read your passwords or see your banking details. So check what network you are connected to and look carefully at the names. If you spot something odd, let the café owner know.
What’s in a name
The last tip when you are out-and-about is being careful about your identity. Let us take the coffee shop as an example. You order your coffee, and they ask for your name. Why do you give your real name? An attacker within earshot will know your name too. So, I am Dave, or Danny or any other names I give. So long as I get my coffee, does my real name count?
You find a table and you log on to the wifi. The online form asks you for some details to 'register'. Consider using a free email address and fake name to access these services. This will ensure that you won't get spammed on your regular email account and that anyone reading that data cannot easily tie it back to you.
Summary of tips
- When you travel in a vehicle, ensure before you stand up to leave your seat, you have your devices to hand, phones and laptops,
- Use privacy screen protectors to reduce shoulder surfing,
- Only put the minimum amount of papers on display,
- Be aware of shoulder surfing,
- Take your bag (and therefore data) with you wherever you go,
- Securely shred unused paperwork instead of just putting it in the bin,
- Use a VPN to connect to your office environment safely,
- Look twice at wifi names before using them,
- Don't give your real name if you don't need to.