Stay Safe Online
The effects of lockdown are still being felt, including the amount of time we spend online. Many of us have adopted a hybrid way of life and, as a result, we’re spending an average of 22 minutes more every day using the internet to work, shop and play than we were in 2021, according to the Ofcom Online Nations report.
But with more and more time spent online, there's a greater chance that you may fall victim to cybercrime. Whether it's accidentally handing your details over to hackers through a phishing email to having your identity stolen, it's something more than four in five (81%) of Brits worry about according to research by the UK’s National Cyber Security Centre (NCSC). That’s no surprise, given there were 32,248 incidents of cybercrime between April 2021 and May 2022 according to Action Fraud, which totalled a combined loss of £12.7 million for victims.
Scammers can be extremely clever and use sophisticated techniques to get their hands on your cash. "Cybercriminals and fraudsters operate widely, use clever tactics, and show up in a variety of disguises – often posing as medical organisations, charities, or financial institutions, contacting you directly over phone, text, and email," says Jeni Mundy, Managing Director for UK & Ireland at Visa.
Being vigilant can be tricky and time-consuming. However, following these golden rules can help you stay safe online and avoid becoming the victim of cybercrime.
1. Use strong secure passwords.
Whether you're creating a password for an online shopping service, a social network or even your home wi-fi connection, always follow these golden rules.
- Use a mix of upper and lower case letters, numbers and symbols in your password. For example ‘telephone’ could be ‘T£leph6ne’.
- Don’t use your maiden name, a favourite football team, pet’s name or other personal info that could be available to fraudsters on social networks.
- Also avoid consecutive strings of numbers or letters, such as 123456 or ‘qwerty’ as this are extremely easy for hackers to crack
- Online password generators can be a simple solution if you’re stuck for ideas.
- If in doubt, check how long it takes to crack your password at howsecureismypassword.net – sometimes it’s only minutes!
- Always use a different password for every account, so that if the worst does happen, hackers can only access one rather than several of your account.
We’ve got some more in-depth advice on how to create a strong, secure password in our article.
2. Consider using a password manager.
It can be a struggle to remember an array of different passwords, especially if they are random words or phrases containing letters and symbols. So rather than resorting to using the same password for all your online account, consider a password manager instead.
Essentially a database of all your usernames and passwords, which is stored in a secure area online, a password manager will automatically input the correct log-in credentials for a website or app when the master password is entered.
They work in a similar way to the auto-fill option offered by web browsers, which stores your password so you don’t have to keep entering it every time you want to access an account.
However, the auto-fill option won’t sync across different devices and it will hand over the password whenever a website requests it, whereas password managers require you to confirm the password can be entered. Hackers could potentially exploit the auto fill function, so always keep your browser up-to-date and be mindful of which passwords you store, both through auto-fill and a password manager.
“If someone discovered this password, would it result in your life being ruined or your bank refusing to refund any losses?” the NCSC said in a blog. If the answer is yes to either question, then the NCSC recommends avoiding storing these passwords either in a password manager or the auto-fill function. Instead memorise them and enter them yourself each time you want to access the account.
That said, the NCSC believes both auto-fill and password managers are worth using as they reduce what it calls 'security friction'.
“If security is difficult, tedious, appears to add no value or gets in the way of the main task we're trying to do, then we tend to find (insecure) ways around it. And then we end up less protected,” the NCSC said.
Both Apple and Google offer password managers built into their devices; Apple’s is known as iCloud Keychain while Google’s is known as Password Manager. They are free to use and will sync across compatible devices providing you are signed in with your Apple ID or Google account.
However, these won’t let you share passwords – so if you have a bank account with your partner for example, you may want to use a third-party password manager, such as LastPass and 1Password, as these allow you to share passwords – although they come with a monthly cost.
Both auto-fill and your phone’s built-in password manager can be switched off, if you’d prefer not to use them. Auto-fill is switched off in your browser’s settings menu. On Chrome, tap the three vertical dots in the top right-hand corner and choose the Settings Menu. From the left-hand side select Auto-Fill and then choose Passwords from the main screen. Use the slider to turn off the option ‘offer to save passwords’.
You can also remove existing saved passwords by pressing the three vertical dots to the right-hand side of a username and password and selecting Remove.
For Firefox, select the three vertical lines on the right-hand side of the screen, and choose Settings. Select Privacy & Security from the left hand side, and then uncheck the box next to ‘Remember logins and passwords for websites’. Finally, for those using Microsoft Edge, open the Settings menu using the three horizontal dots to the right-hand side. Choose Passwords and then use the slider next to 'offer to save passwords’ to switch the function off.
If you’ve changed your mind about using your phone’s built-in password manager, those with an Apple device should open the Settings menu. Tap the name at the top of the screen, then select iCloud, and tap KeyChain, using the slider to switch the function off.
3. Don't post personal details on social media.
Never post personal information, such as your address, date of birth or maiden name, online – it’s easy for hackers to see this and use it to attempt to access your online accounts, or worse steal your identity.
Regularly check your privacy settings on social networks too, to ensure you're not sharing your posts, photos and other information with every one that uses the network, rather than just your friends and contacts.
4. Be email savvy.
Emails are one of the most common ways cybercrime is conducted. In 2019, 3.4 billion fake emails, or those that are designed to look like they’ve come from a legitimate person or firm, were sent, according to email authorization firm, Valimail. While some of these emails may clog up your inbox, which can be frustrating, with no links or attachments, they are pretty harmless.
However, there are plenty that are designed to install viruses on your device, if you open an attachment, or fool you into handing over your username and password to various online accounts, or even your credit card details. These are known as phishing scams.
To ensure you don’t fall victim to one, make sure you never click links in any emails you receive. Instead, always type the URL (website address) into your browser yourself, and then enter your login credentials. Find out how to protect yourself from phishing emails with our in-depth advice.
Also exercise caution if you receive generic messages with titles such as ‘This is funny!’ or ‘Look what I saw about you!’ in emails. They are highly likely to be malicious, so don’t open them, even if you know the sender.
5. Never search for URLs.
Just as hackers use hoax emails to scam you, they also create fake websites with slightly misspelt URLs to lure you into inputting your username and password. So never rely on a search engine to find a website address.
Instead, as we’ve already mentioned type the URL out yourself. This is especially important if you’re looking for sites that deal with financial matters, like investment platforms or opening a new account. “Ensure that the website is genuine, as it could be a cloned page,” says Jim Winters, Head of Fraud at Barclays. “The Financial Conduct Authority also has a register that customers can use to check whether the company is authorized to provide regulated financial services”
6. Keep your software up-to-date.
Hackers are always trying to exploit loop holes and security flaws in software, both the operating system your device runs, and apps and programs themselves, so it’s important you keep your software up-to-date. Install any updates as soon as they’re available – whether it’s a laptop, smartphone, tablet or a program your use – as they are likely to be patching these bugs and stopping hackers before they can access your personal information.
7. Download software from legitimate sources.
Always head to the your smartphone’s app store or the manufacturer’s website rather than searching for an app or program to download. This will ensure that what you download is genuine software and not a virus or other malicious program.
8. Install anti-virus software on laptops.
If you have a computer then make sure it has anti-virus software installed as this will protect against malware and viruses being installed on your machine. A free option will be sufficient, and it’ll also offer the ability to remove any viruses if they do accidentally infect your machine.
Just as with other software installed on your computer, make sure you apply any updates as soon as they’re available. Anti-virus isn’t really necessary on smartphone right now, thanks to features built-it by the manufacturer.
9. Be cautious with credit cards.
Keep one credit card just for online shopping (avoid using debit cards as these trace directly to your bank). Set the credit card limit to a level that if your card was stolen you’d still be able to cope without that amount of money. If your bank offers it, sign up to the Visa Secure or MasterCard Identity Check schemes for your credit or debit cards too. This adds a second layer of protection, as you’ll be required to set a password and asked to input specific characters from it before any online purchase can go through. Finally, make sure a site is secure before entering credit card details. Look for https:// in the URL bar, or a padlock symbol.
10. Personal data.
Don’t tick the Remember Me box when entering your password on a site or save your card details. While not having to ﬁll in your details every time you make a purchase is certainly convenient, you may have unwittingly agreed to T&Cs that see your data to be sold on to third parties and used to target you with adverts and offers. Added to that, if the data isn’t stored correctly, it could end up being leaked online if the ﬁrm suffers a security breach.
The 2017 Equifax hack saw the details of an estimated 209,000 credit cards being leaked. Find out how you can review and ask for personal data to be deleted under GDPR.
11. Use two-step verification.
Turn on two-step verification for any online account or device that offers it. This means that, as well as entering your password, you’ll be required to enter a code each time you log-in. Some accounts will even send an email flagging that your account was signed-in to from an unusual device, and ask to confirm it was you. Outlook and Gmail offer this service, along with Facebook, Twitter and PayPal.
Using a smartphone? "If you have the option, we recommend setting up fingerprint or facial recognition on your smartphones for banking apps," says Jeni Mundy. "In addition to traditional passwords and card details - these provide an added layer of protection."
12. Keep your devices secure.
Secure all your internet-connected devices, from laptops to smartphones and tablets, with a PIN, password or fingerprint or facial unlock. If they’re lost or stolen, the finder can’t access the personal information stored on them. Find out what to do if your phone is stolen in our article.
13. Log out when you're finished.
Always log out of any online accounts you’ve used on your phone or laptop, whether it’s banking, email or Facebook. This applies whether you’re accessing them through your browser or an app, and means if the device does accidentally fall into someone else’s hands, they won’t be able to access these accounts.
14. Make your home wi-fi harder to hack.
If you're using the router supplied by your broadband provider, the network, name and password could be the same for everyone else that has that router, so change it to something new that you don't use of any other account. Always following the advice above to create a strong secure password.
You can change the name and password by visiting your router's settings page - this an internal web address made up of a series of numbers and dots. It may be printed on the bottom of the router or in the instructions that came with it). If you’re unsure visit your broadband provider’s help pages online to double check or contact their customer services team who should be able to help you.