Good Practice

This section gives some suggestions about good practice for Security purposes

Be Aware

Many security breaches are caused by user naivety, carelessness, curiosity or ignorance.
Emails and messages that carry 'spyware' or 'malware' are often opened by users and can infect a range of devices in a home or business.
Be suspicious of messages, even from friends, if they seem odd, out of context, threatening or confusing.
If messages appear to be from a business you use, check the contact details on their website. Do not follow links in the messages.

Software Updates

Software is the instructions used to control and operate your ICT device.
Software can be an Operating System (like Apple iOS or Google Android) that links the parts of an ICT device together.
Software can also be apps that use the Operating System to carry out the tasks that you need done.

An Analogy:
An operating system is like railway infrastructure: tracks, signals, stations; but no trains. It provides all the system connections for the trains.

Trains are like the apps. They can be passenger trains, express trains and freight trains, all with differing purpose, speed and destination.
All can be going places at the same time but within the confines of the railway infrastructure.

Both the Operating System and the apps need to be kept up to date to ensure the device is properly secured.
Apps are updated much more frequently than operating systems as they may add features, fix problems and improve security.

Passwords

Many surveys have found that there are very poor practices associated with passwords.
Some of the most common passwords are: password, 123456, letmein and so on.
Many people use the same password for all their accounts as it is easier to remember.

The common passwords can be cracked in less than a second and if you use the same password for Facebook as your bank then when one account is open then all are at risk.

Best practice for passwords includes the following considerations:

  • No use of normal words (ie Pass, Peter, favourable, computer… are all normal words and can be cracked rapidly)
  • Always use a mix of upper and lower case letters, symbols and numbers (A, b, 1, 2,$, % and so on)
  • Prefer to make passwords at least 10-12 characters long (and increase the length say every 5 years to account for increase in computing power)
  • Always use a different password for every account
  • Use two factor authentication for critical accounts. This means that you have to use say a password AND a PIN code to get into an account.

Example:
So a password like ManchesterUnited will be cracked easily as even though it is long it is made up of normal words
Better would be M4n4862%%%%% This password is far harder to crack even though it is shorter than the above.

How to remember all the passwords?

If the passwords are complex, long and not memorable and they are all different how can you possibly remember them all?

In short, don't.
Use a password manager app that will remember all the passwords on your behalf, can often log in automatically for you and can be synchronised across your devices for convenience.
The only thing to remember is the password to get into the password manager and this should be long and complex but it is all you need to remember.
Prefer, if you can, to have two factor authentication on your password manager as an extra level of security.

Backup

What happens when you lose your device with all those family photos?
If the memory of your device fails?
What if you drop it while crossing a road and a heavy vehicle crushes it?
It drops in the toilet bowl and fries all its' circuits?

The only way to prevent a data disaster is to have backup.
This is a separate copy of your important information so that you can recover from a loss.
It is important to understand that a backup is not the same as a 'synchronised cloud copy'. Cloud services provide a copy of your data so that you can access it from different devices in different locations. If you delete a file on one device it will disappear from all.

A backup can be done in the cloud but it must be set up to do exactly that.
Apps are available that can do backups without you having to remember to do it which is generally safer!

Wireless Internet Connections

Home Wifi

With wireless connections anywhere, it is possible that the wireless transmissions can be detected by others.
In the home this means that your wireless internet connection should be set up properly and then the name of the connection (called SSID) should be changed.
More importantly the password used should be changed from the default supplied by the manufacturer.
This is because the SSID and password for many older connections were simple and could be looked up on the internet.
For anyone wanting to get onto your wireless service it would be easy if you do not change these settings.

Usually the settings can be easily reached via your internet browser so that you can change the SSID and password yourself.

Free Wifi connections

In cafes, shops, shopping malls and other locations, free wifi is available.
This is tempting but it is important to realise that most of these wireless connections are unsecured (you do not need a password) which means that anyone can monitor the wireless traffic on these connections.
Also it is simple to 'spoof' or fake a wireless connection. A mobile phone can be set up with a name that is the same as the free service and then your information can run through someone else's monitoring system.

When using free wifi anywhere you need to have a secure connection and this can be achieved by using VPN - a Virtual Personal Network.
This is an app that links your device to the internet through an 'encrypted' connection. This means that any monitoring of what you send will only see what looks like gibberish.

There are many VPN suppliers but most will have a small fee associated with their use as they have to maintain their service all around the world.

Security Software

On many devices, security software is used to monitor intrusions.
Even though some devices, like iPhones, do not suffer from 'viruses', it is important that good security software is used on devices that the iPhone might connect to.
It may be too that certain types of security software will block actions by the user that could result in intrusion by criminals on any device.

Selection of security software needs research to determine the best fit for the type of device you are using.

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License