

A Cyber Security Awareness Month checklist
October is Cyber Security Awareness Month, so we thought we’d put together a list of basic cyber security guidance and information that every small business should know about to better protect themselves against cyber threats.
Think of this as an ‘online security checklist’. This is nothing revolutionary, but for a small business, the topics it covers are areas which every SME, charity and sole trader should be aware of as part of a business’s basic cyber security framework.
Adopting the following cyber security practices and understanding each topic will greatly mitigate the risk and threat factor of online crime against a business, and will help business owners understand why being cyber resilient is so important.
Password Security
Create strong passwords by using 3 random words. You can include numbers and symbols. For example, “Read421-Plants-!Treasure”. Do not use words that can be guessed (like pet names, family names or birth dates).
Keeping passwords separate across different accounts can be hard to remember, but it is an essential step in protecting all your online accounts.
Password managers will help you create and store strong, unique passwords, for all your different accounts. Password managers are easy to use, hard to crack and will save you from having to memorise your passwords (remember to back-up if using this option). Remember to store a copy of the password manager’s master password, by writing it down securely at home in a safe and preferably hidden location. Alternatively, you can write down all your passwords at home or save them to your browser if safe to do so.
For more information: www.ncsc.gov.uk/cyberaware/home
2-Factor Authentication (2FA)
-
2FA sends an OTP (One-Time Passcode) or PIN request to a device that only you have access to, such as your phone, or authentication app to prove it’s you that is logging in. Visit each online account you have and review the security settings to enable this feature as soon as you are able. 2FA on many accounts and apps turned off by default but setting it up usually takes seconds but improves your overall account security immensely! Prioritise this step.
-
If your email does not support 2-Factor Authentication, then it is advisable to set-up a new email address with a new email provider as your email is not secure without it. For more information, visit: www.ncsc.gov.uk/collection/top-tips-for-staying-secure-online/activate-2-step-verification-on-your-email
-
Never share an OTP (One-Time Passcode) as this is used to approve a login to your account. Keep them private. You wouldn’t share your bank pin so do not share any OTP codes!
Data breach
-
Visit: www.haveibeenpwned.com to check if your information has been compromised by a data breach. There is also a “Notify me” service available, which when activated, notifies you on future breaches involving your email address.
-
Change the password linked to the account involved in a breach using a secure password and enable 2-factor authentication on all online accounts (email, social media, online shopping).
Social Media
-
Use a different secure, random password for each social media account and enable 2FA.
-
Ensure your linked email is up to date, having an old email account available will leave your account at risk, and will make it extremely difficult if you ever need to recover the account.
-
Disable/hide your private email address and mobile number, to prevent search engine queries from locating your social media accounts.
-
Review what personal information is stored. For example. Your full date of birth.
-
Control who sees your location data, disable any default location tracking options.
-
Approve who follows you and what you get tagged in.
-
Change your settings to ‘hide’ your friends/followers or make your account private to protect yourself from falling victim to account impersonation from your friends/followers. This is also often used to expose your friends/followers with targeted scams with you as the origin if your accounts are ever compromised, which can damage your reputation.
-
Remove old or unused connected devices.
-
For further information, visit: www.ncsc.gov.uk/guidance/social-media-how-to-use-it-safely
Devices and other software
-
iOS (Apple) devices have a ‘Privacy’ setting which allows you to review what applications are accessing by selecting each option displayed (Location, contacts, calendar, photos etc).
-
Android users can review each application and what that application is accessing within the ‘Apps’ setting.
-
For desktop PC or laptop specific advice, visit: https://www.ncsc.gov.uk/collection/top-tips-for-staying-secure-online/install-the-latest-software-and-app-updates
Software
-
Turn on automatic updates for your devices and software that offer it. This will mean when a new update is available it will download when your phone is resting and has full charge.
-
Turn off ‘location services’ within privacy settings where appropriate or change your device privacy settings to ‘only whilst using the app’. Turn off the option to display screen notifications and services such as virtual assistants like Siri/Alexa when your phone is locked.
Backing up data
-
You can also turn on automatic backups, this will regularly save your data to cloud storage.
-
Manage what is backed up in device settings, this will allow you to back up important data.
-
For more information, visit: www.ncsc.gov.uk/collection/top-tips-for-staying-secure-online/always-back-up-your-most-important-data
Dealing with suspicious emails and text messages
-
Always question why someone is calling, texting, or emailing you. You are in control of who you speak to or respond to. Never feel pressured. Assume all contact is a scam until verified: www.ncsc.gov.uk/collection/phishing-scams
-
Enable the spam filter within your email account to minimise the risks.
-
Email compromise: www.eastmidlandscybersecure.co.uk/personal-email-compromise
-
Sextortion scams: www.ncsc.gov.uk/guidance/sextortion-scams-how-to-protect-yourself
-
Spot the most obvious signs of a scam: www.ncsc.gov.uk/guidance/suspicious-email-actions
-
When using a browser, you will find an address bar or URL bar. This is the bar at the top of your screen where the website address is displayed. Check this bar for the padlock symbol and https:// which shows that it is secure, before entering personal or payment information.
-
Always check the spelling is correct, with no additional letters or words included and look out for numbers used instead of letters as this is a method used by fake websites.
-
When you have finished using an account, remember to log-out, especially in public settings.
-
For online shopping advice, visit: www.ncsc.gov.uk/guidance/shopping-online-securely
If your personal details have been compromised, please consider
A search could be for a new credit application, credit increase, loan application or for other financial services. If you do identify an unrecognised search, you can report this directly with the organisation linked to the search. Most Credit Reference Agencies also offer a credit lock to secure your credit report, this is another advisable action to consider, which will help stop fraudsters applying for credit in your name.
CIFAS
Adding a fraud marker can apply additional security for credit applications in your name. For more information, visit: www.cifas.org.uk or to add a Fraud marker, visit: www.cifas.org.uk/services/identity-protection/protective-registration/application-form
Areas on the internet that may store your personal data
192.com, yell.com and ukphonebook.com: You can review these sites as they can hold personal data about you. This can include who you live with, how long you have lived at your address and how old you are. These websites, along with others, harvests data taken from the open register, and nefarious elements e.g. fraudsters, may use this information against you:
-
To remove details from 192.com, please visit: www.192.com/c01/new-request
-
To remove details from yell.com, call their customer service number: 0800 555 444 Mon-Thu 9am-5pm, Fri 9am-4:30pm.
-
To remove details from the UK phonebook, visit: www.ukphonebook.com/remove_me?uen
-
Please note that there may be other websites not listed here that share personal information. You can research what personal data might be on the internet about yourself further, by using a reputable search engine such as Google etc; to search for your name and town. It is also a good idea that when doing this review, you also spend some time to search for your social media accounts, to review what information is available about you publicly.
-
Google removal form to request removal of results that include your name (Google only): www.google.com/webmasters/tools/legal-removal-request?complaint_type=rtbf&pli=1
-
If you are or have been a company director: www.gov.uk/stop-companies-house-from-publishing-your-address