In the age of the internet we use our data everyday to log into social media, send emails, browse websites or even buy that thing you really want but know you don’t need. And let’s not forget how important it is for businesses too – it’s not just business data you’re protecting, you need to think about customer data too.
According to the Cyber Security Breaches Survey 2022, 39% of UK businesses identified a cyber attack during 2021. In fact, it’s estimated that 31% of businesses and 26% of charities were attacked at least once a week (once a week?!). We’re constantly reminded to make sure we’re prioritising data protection, and if you’re not sure where to start, don’t panic! We’ve got some steps you can take to get started.
What is cybersecurity?
Putting it simply, cybersecurity is the practice of protecting personal and business information. The bottom line is it’s all about stopping unauthorised access to data. It applies to anything connected to and hosted on the internet, from laptops and smartphones to emails and websites, so there’s a lot to think about when it comes to a good cybersecurity plan, especially when there are several types of cyber attacks to protect against.
Types of cybersecurity threats
One of the easiest ways to understand how to protect your information is to know about the types of cyber attacks to look out for and how they work:
Malware
Short for “malicious software”, malware is any kind of computer software that is designed to infect systems and either steal information, harm a system or exploit other software. It’s used as a catch-all term for loads of other commonly-recognised cyber attacks, including:
- Ransomware
- Viruses
- Scareware
- Worms
- Spyware
- Trojans
- Adware
Ransomware
One of the most popular types of malware due to its profitability, we wanted to call out what ransomware is so you know exactly what to look out for. Ransomware isn’t just about getting access to your information, it aims to make money from it by installing itself onto your systems, restricting access to your files and then asking for a “ransom” to return your data to you.
Phishing
A very common type of cyber attack, you’ve probably heard of phishing without knowing exactly what it is. Essentially, it’s a type of cybercrime where scammers send communications that look like they’re from a legitimate company to get you to trust them (a type of social engineering). They usually request sensitive info like your password or bank details so they can use it to gain access to more personal data like your bank accounts. They can come in a few forms including emails, phone calls and text messages.
Denial of service (DoS)
Denial of service attacks (DoS) are most commonly aimed against high profile websites, with an end goal of rendering them inaccessible, or denying them of service. When a DoS attack is launched, it typically involves a single system flooding the targeted system with requests until it's unable to process normal traffic – to an average visitor it’ll just look like the the has stopped displaying content.
DDoS attacks are similar to DoS but they use multiple sources to target a single system, bombarding it with requests from multiple locations. SQL injection
One of the most popular website hacking techniques, SQL injection is used to modify or collect data from SQL databases. Attackers insert malicious code into the URL, comments section, or form on a site that sends a request from the website to the database server. This then returns the records of the database to the hacker allowing them access to unauthorised and private data. If you own or host a website, this is one to look out for.
Man-in-the-middle
Man-in-the-middle attacks are where the attacker puts themselves (or their device) in the middle of the ‘conversation’ so they can hijack non-encrypted information as it’s transferred between a device and the network. One of the ways they can do this is by posing as a legitimate Wi-Fi access point that devices automatically connect to so they can intercept communications passing through the network. Or they can watch someone log into a web page (banking, email etc.) and then steal cookie information to log into their account from their own browser.
Top 10 cybersecurity tips
Now you know more about what some of the most common cyber attacks are and how they work, let's get straight to how you can protect yourself from them.
1. Update devices and software
Software updates don’t just bring new features to the table, they bring security patches with them too. From your smart devices to your website hosting, you can protect them simply by keeping things up to date.
As with any software that’s developed, there’s the possibility of there being bugs. Some bugs give hackers easy ways to break into your devices and sites and cause mischief. The good news is that popular technology manufacturers and web hosting platforms are regularly updated, especially when a security vulnerability is reported. So, if you’re not using their latest versions, you could be using a version that has known security risks. And don’t forget to keep your apps and third-party website plugins updated too – these may need to be updated separately.
2. Keep an eye out for scams
Cyber criminals will normally try and contact you to fix a non-existent problem. Usually containing “immediacy” and “action”, it’ll be a text, call or email that says you need to do something urgently like “Act now or your service will be cut off!”. If you ever get a message like this, don’t click it. When you suspect something is a scam, you should report it so that authorities can take action. A few tips:
- Be wary of unexpected calls from a bank, messages from tech support or error messages requiring urgent action.
- Don’t follow links to log in somewhere or download anything if you can’t verify the sender.
- If in doubt, go directly to the company’s page in a separate browser to log in or contact support.
3. Look after your passwords
Your passwords are the keys to your devices and accounts so if they fall into the wrong hands, your data will too. To keep them safe, you should make them as strong as possible and if you need to make a note of them do so in a secure way.
What makes a strong password?
While it's a good idea to aim for longer passwords (not just one word), best practices have evolved and a few tips would be:
- Make every password unique – don’t use the same one for multiple accounts.
- Passphrases > passwords – passphrases are multi-word phrases that use a jumble of random words that would be hard for a hacker to guess, like 'Baseball.Passengers.Strawberry’.
Password don’ts
There are also a few things you shouldn’t do:
- Don't use only one simple dictionary word
- Don’t use sequences (e.g. 123 or abc)
- Don’t use personal info
- Don’t write passwords down
- Don’t use repeated words or sequences
The more complicated a password is, the harder it can be to remember it. If you think you’ll struggle, you can use secure password managers to store the information for you while keeping it all locked up safe.
4. Two-factor authentication (2FA)
A strong password is the key to securing your accounts but there’s a way you can take your security up a notch. Typically referred to as 2FA, the concept is that it adds a second layer of authentication when you try logging into something.
So instead of just typing in your username and password and bob’s your uncle, once you hit that ‘login’ button you get taken to a second step where you’ll be asked to prove your identity e.g. by answering a security question, inputting a code sent to your email or using a fingerprint scanner on your smartphone (if an attacker gets hold of your password, they won’t also have your smartphone, meaning they won’t be able to access your account).
It’s a crucial security feature that everyone should use which is why we make it super simple for our customers to activate 2FA on their own accounts.
5. Recognise phishing attacks
Knowledge is a powerful tool and if you know how to spot a spam email, you can stop yourself falling into their traps. We have a whole blog on how to identify spam emails to help you, but when it comes to phishing emails, we have a few tips:
- Lookout for bad grammar and spelling – does it sound like a bad translation or is there inconsistent capitalisation?
- Take note of the greeting – does it feel overly formal or unfamiliar?
- Check the email address of the sender – is it from support@apple.com or support@apple.sdfwzxfnk.com?
- Copy and paste the link of any hyperlinked text into a text editor to see the web address it will actually send you to – anyone can hyperlink the text www.apple.com to a totally different URL.
6. Backup your data
Backups are one of the easiest ways to keep your data safe. At the end of the day, even with all the steps you’re taking to protect your data, if something were to happen, you’re going to want to have secure copies of your files and information that you can access and restore – it could be a life saver.
They can be a breeze to set up and can normally be scheduled to automatically run without you having to think about it. Or, you could do manual backups but you need to make sure it’s a part of your routine so you don’t forget to do it regularly.
7. Encrypt your site with TLS (SSL)
Still commonly referred to as SSL certificates, TLS certificates are the newer, more secure version of the protocol. They encrypt the connection between a web server and a web browser, preventing criminals from getting their hands on information transferred between the two systems. More often than not they’re used to keep confidential information like bank details, names, addresses and financial records safe, so are essential if you own or host a website.
Find out more about what an SSL certificate is and the benefits of having one.
8. Use a VPN
When browsing online we don’t often think about who has access to the data that we’re sending across our network connection. A Virtual Private Network (VPN) really does what it says on the tin – it creates a private connection for you to use. A VPN essentially means that your internet connection appears to originate from another source (your VPN provider’s), providing an extra layer of anonymity on the web.
It also means that all network traffic between you and your VPN end-point is encrypted, so your internet provider won’t be able to see what you’re browsing or the emails you read. But, it’s worth noting that you should choose a reputable and trusted VPN provider as they are now privy to that same information.
Did you know that our CloudNX platform gives you the ability to add a VPN? That way you can manage your Cloud Servers using a secure connection as if you were using the same private network as the one in your office!
9. Limiting user access
One of the easiest ways to protect sensitive information is minimising how many people have access to it – the more accounts with access, the more entry points a hacker has.
By limiting user access (depending on their requirements), you’re immediately reducing the risk of cyber attacks. Using a hierarchical structure means that only users who require access to specific data have the permissions to do so. The framework can be as intricate as necessary, but it can also be as simple as creating two different formats that separate administrators and standard users.
It’s also best practice to have good account management policies in place. For example, if a staff member leaves, their accounts should be disabled quickly. Or if they’re just moving teams, their permissions should be changed to reflect what they should and shouldn’t be able to do.
10. Be careful on public networks
Free public Wi-Fi networks are convenient for when you’re out and about but they’re also prime targets for scammers trying to intercept data that’s transferred across the network. You can still use them when you need to but should keep a few things in mind:
- Don’t access sensitive information like your online bank account
- Only visits sites with HTTPS encryption (start with https://)
- Remember to sign out of accounts when you’re done on the page
- Try to use your mobile data when you can
Using a cybersecurity product
It might seem like there’s a lot to keep on top of, but you don’t have to manage your cybersecurity to-do list on your own. There are many cybersecurity products and services out there that can scan for threats and back up your data while being easy to manage. Our own one, Cyber Protect, includes antimalware and antivirus protection, data encryption, easy recovery, automatic backups, customisable scheduling and more! When you let an all-in-one cybersecurity tool do a lot of the work for you, you can focus on the bits you can control like your passwords and user access.
And that’s it, our comprehensive guide on cybersecurity with 10 tips to help you stay safe online. Ready for more security reads? We have even more tips on how to keep your server secure, plus our very own Senior Product Owner Dan Smale talks about the benefits of keeping your WordPress hosting up to date.