12 Days of Christmas – Cybersecurity Tips for you and your Family

1. Password Management 
New advice from the National Institute of Standards and Technology (NIST) may surprise you. They recommend not changing passwords frequently, not using arbitrary special characters and checking against a publicly available list of compromised passwords. NIST believes that to regularly change your password increases the risk of forgetting it and writing it down somewhere. Likewise using arbitrary special characters. They recommend that enterprises stop mandating these when requesting passwords. Instead they believe that an 8 character password using a song lyric, or meaningful quote, or by the first letter of a sentence or phrase that means something to you, is stronger than a word. Eg. “There’s a star man waiting in the sky” becomes TaSMWitS

2. Use Two Factor Authentication
Two-factor authentication can be a pain, but it is a pain worth bearing. Two-factor authentication means you need to pass another layer of authentication, not just a username and password, to get into your accounts. If your account offers two-factor authentication, as with Gmail, Dropbox, Apple ID, Microsoft Account etc, you should enable it.

3. Use a VPN
VPNs are no longer just the domain of the corporate enterprise. Individuals can use VPN technology to protect and encrypt their data over the internet so that it cannot be captured or deciphered by others. Personal VPNs can secure your personal data when internet browsing or shopping, whilst at home or when travelling, using insecure WiFi networks, shield your IP address and protect you against identity theft.

4. Social Media
Recent research found that 97% of 13-18 year olds in the US used at least one of the major social media platforms, which include SnapChat, Facebook, Instagram and Twitter. Common safety tips across all of these platforms include only adding people you know, changing the privacy settings to private and turning off geolocation functions where possible.
Also look at a trusted site like smartsocial.com which lists blacklisted and unsafe apps which you should remove if you find them on your child’s device. https://smartsocial.com/app-guide-parents-teachers/#redzone

5. Safe Browsing 
Tips on staying safe while browsing the internet aren’t just for children. Never, ever enter details on a site which doesn’t have https: and the lock symbol. Even if they aren’t malicious, they are unsafe.
To keep your children safe while browsing there are child friendly search engines, and child friendly versions of YouTube. A good idea for unsupervised watching as YouTube can contain unsuitable and easily accessible material for children.
In addition, in your browser settings block popups and disable Java for additional safety.

6. Email Safety
Phishing scams are one of the easiest and most popular ways that hackers use to get personal information about users and they are not always as easy to spot as you might think. Tips for spotting a phishing email are to check the sender’s email address. Many senders use a realistic alias but the email address is illegitimate, but not immediately obvious especially on a mobile device. Don’t click on any links in an email unless it apparent that it is a safe link. Even emails from known contacts could contain malicious links.

7. Antivirus Software
Probably one of the best investments you can make for your home devices. A decent standalone AV solution can keep your personal devices protected from all sorts of malware and many use advanced AI capabilities to protect against threats that have never been seen before. Cylance offer annual single user licenses or household licenses for less than the price of dinner.

8. Secure your Smart Home
With the increasing adoption of Google Home, Apple HomePod and Amazon Echo, controlling everything from your music, to your lighting and heating, security cameras and baby monitors, it is more important than ever to make sure these are secure. One way of minimizing vulnerabilities is by keeping all your connected smart devices up to date. Check the manufacturers websites for updates and regularly refer back, updating according to their instructions as necessary. Ensure you change any factory set passwords on new smart devices. If you regularly have guests over who use your WiFi, consider using a mesh WiFi router to separate and monitor your network traffic. Do thorough research on the devices you are buying to ensure there are no known, public safety concerns.

9. Gaming
Many households with children present, and even those without, have one or more games consoles. Ensure you have taken all the steps to secure these and to educate your children on safe gaming.
It has been widely reported that the Nintendo Switch OS Tegra is insecure and contains unpatchable flaws. It is well worth some time and effort in setting up a passcode to your Nintendo Switch for a much needed layer of security. Tips can be found here: https://nintendosoup.com/guide-add-security-passcode-system-nintendo-switch/
Whilst the Playstation Network is reportedly more secure, it is still wise to take steps to secure this, and educate your children on safe Playstation practice. https://www.playstation.com/en-gb/get-help/help-library/my-account/login-details-and-verification/how-to-keep-your-sen-account-secure/

10. Do your Research
Thoroughly check out your digital gifts before buying – seemingly innocuous gadgets can pose a security risk. Eg. Sennheiser headphones include setup software which contains a flaw relating to the encryption certifications, which could leave them open to hackers. When running your usual online check of reviews of the product, also check for news items about security flaws.

11. Physical Security
Don’t ever connect a flash drive, USB or phone if you are unsure of its provenance and safety. Infected devices can be rife with viruses, trojans and other malware and have been planted to entice potential victims.

12. Check the WiFi Network
Turn off auto connect on your device, to make sure you don’t connect to random WiFi networks. Some WiFi carriers automatically scan for wireless networks and connect where possible.

Finally, if you are unsure or worried about your digital security, contact us via info@rfa.com and we can advise you.