In the wake of the high profile ransomware attack that hit the NHS in the last few days, several people have asked me for my tips on ‘safe’ computing. So I’m putting down the rules I follow to try and avoid viruses and other computer nasties. That said, I’m not a security expert, so my tips are just that tips; unfortunately I can’t offer you any guarantees.
- Don’t open attachments on emails from people you don’t know
- If the attachments come from someone you do know before you open it ask yourself:
- Is this expected?
- Does it make sense for this person to send me the attachment?
- If you get an email/text message about verifying account details DONT follow the links or ring the numbers in the email. Open your web browser or ring a known number and go to the page as normal. Log in as normal and see if you have the same message there. If there is a problem with your account the instructions will be there. Most places wont send you an email/text asking you to follow and link then log in to reconfirm your details, especially not Banks, iTunes, Apple and HMRC. NOTE: Some organisations do ask you to confirm unusual transactions by text or automated phone calls, but NEVER to send full personal details or account numbers or internet log in details to do so.
- If you open a link to a web page (from email, Facebook etc) and that web page opens other tabs or only has a single button on the page to close it. Its probably a nasty. Close the web browser (use Force Close on a Mac, use Task Manager on a PC, and find out how to do it on your phone/tablet now, so you know for the future)
- Always check the web address of a site when following a link from search/email/text. There are fraudulent web sites that look correct to harvest your details but the web address will always be slightly different, as all web addresses are unique.
- Only install apps from sources you trust, ideally the app store for the device you are using
- Do updates as soon as practical for you. Most little updates are issued to patch security holes (and yes I mean on Macs, PCs, and all types of Phone/Tablet)
- Back up your important files regularly, especially photos and important documents.
- Use different passwords for different sites. But have a system to make them easy to remember, yet difficult to hack. My system is based around a small number of core words. Each new password I need is made up of (in randomised order):
- one of my 3 words
- a short abbreviation of website or system
- a number
- & or !
- Keep a cryptic note of passwords. My password notebook contains the name of the site, email registered, username and password but with *** in place of the core word. My core words are NOT written down anywhere. So even if my notebook gets hacked my passwords are safe and if one site gets hacked my system means the others are safe even with my password notebook.
- Change your passwords every few months or at least once a year
- Close website accounts you don’t need (hence the list to see which you have)
- If a site is subject of a hack, change your password on that site EVEN if your account wasn’t compromised and change anything that had the same password
- Try not to store card details on shopping sites
- Use PayPal or similar where offered for online shopping to avoid sharing bank details with too many sites
Or in a sentence:
Unless you have good evidence to trust the email/link/site, walk away or (if you need to use it) approach with care and place minimal trust to start with.
Hope this helps you and yours enjoy your tech safely.