Good Practice

This section gives some suggestions about good practice for Security purposes


Be Aware

Many security breaches are caused by user naivety, carelessness, curiosity or ignorance.
Emails and messages that carry 'spyware' or 'malware' are often opened by users and can infect a range of devices in a home or business.

Be suspicious of messages, even if they look like they are from friends, if they seem odd, out of context, have poor spelling or grammar or are threatening or confusing.
If messages appear to be from a business or bank you use, check the contact details on their website. Banks and businesses will usually use your correct name NOT 'Dear Customer' or similar and will NOT ask for passwords or personal details.
Do not follow links in the messages.

Although computer viruses are still of concern, spyware, malware and ransomware are of far more concern. Good antivirus software will block the viruses but the other sources are more serious as their presence may not be obvious while they collect personal data or lock up personal files.

You can get more information from: Scamwatch

Software Updates

Software is the instructions used to control and operate your ICT device.
Software can be an Operating System (like Apple iOS or Google Android) that links the parts of an ICT device together.
Software can also be apps that use the Operating System to carry out the tasks that you need done.

An Analogy:
An operating system is like railway infrastructure: tracks, signals, stations; but no trains. It provides all the system connections for the trains.

Trains are like the apps. They can be passenger trains, express trains and freight trains, all with differing purpose, speed and destination.
All can be going places at the same time but within the confines of the railway infrastructure.

Both the Operating System and the apps need to be kept up to date to ensure the device is properly secured.
Apps are updated much more frequently than operating systems as they may add features, fix problems and improve security.


Many surveys have found that there are very poor practices associated with passwords.
Some of the most common passwords are: password, 123456, letmein, Ginger21 (name of partner, baby, child or pet with appended number) .
Many people use the same password for all their accounts as it is easier to remember.

The common passwords can be cracked in less than a second and if you use the same password for Facebook as your bank then when one account is open then all are at risk.

Best practice for passwords includes the following considerations:

  • Do not use normal words (ie Pass, Peter, favourite, computer, Dragons… are all normal words and can be cracked rapidly with a Dictionary look-up)
  • Always use a mix of upper and lower case letters, symbols and numbers (A, b, 1, 2,$, % and so on)
  • Prefer to make passwords at least 10-12 characters long (and increase the length say every 5 years, to account for increase in computing power)
  • Always use a different password for every account
  • Use two factor authentication for critical accounts. This means that you have to use say a password AND a PIN code to get into an account.

A password like ManchesterUnited will be cracked easily as, even though it is long, it is made up of normal words

Better would be M4n4862%%%$$$ This password is far harder to crack even though it is shorter than the above.

How to remember all the passwords?

If the passwords are complex, long and not memorable and they are all different how can you possibly remember them all?

The easiest answer is don't try to remember.

Use a password manager app that will remember all the passwords on your behalf, can often log in automatically for you and can be synchronised across your devices for convenience.
The only thing to remember then is the password to get into the password manager and this should be long and complex but it is all you need to remember.

Password Managers:
Password Manager Review 2018

Another alternative is to use some sort of passphrase that makes sense to you but would be hard for others to guess.
"I had a $4 coffee in Stockholm July 18"

This phrase could be used to give something like:
Iha$4ciSJ18 as the password. This is just using each first character of each word and every number/symbol in the phrase

An alternative easy way for some accounts that you might not use often is to forget the password.
To use the account again, use the Recover Password option on the account. If you only use the log in twice a year or less then remembering a complex password might be more trouble than just making a new one each time.

Two Factor Authentication
Prefer, if you can, to have two factor authentication on your password manager as an extra level of security.
This means that when you put your password in the Password Manager will request a unique code to be entered.
The code is provided separately, say by mobile phone if logging on to a computer.

More information can be seen at:
Two Factor Authentication


What happens when:

  • You lose your device with all those family photos?
  • The memory of your device fails?
  • You drop it while crossing a road and a heavy vehicle crushes it?
  • It drops in the kitchen sink and fries all its' circuits?

The only way to prevent a data disaster is to have backup.
This is a separate copy of your important information so that you can use to recover from a loss.
Click here for further discussion on backups.

Wireless Internet Connections

If using WiFi or Bluetooth on your device, make sure that it is switched off when not in use.
This will not only save the battery power, it prevents the device from connecting to unknown sources.

Home Wifi

With wireless connections anywhere, it is possible that the wireless transmissions can be detected by others.
In the home this means that your wireless internet connection should be set up properly and then the name of the connection (called SSID) should be changed.
More importantly the password used should be changed from the default supplied by the manufacturer.

This is because the SSID and password for many older connections were simple and could be looked up on the internet.
For anyone wanting to get onto your wireless service it would be easy if you do not change these settings.

Usually the settings can be easily reached via your internet browser so that you can change the SSID and password yourself.
Check the instructions that came with your wireless modem or wireless router at home.

Free Wifi connections

In cafes, shops, shopping malls and other locations, free wifi is available.
This is tempting but it is important to realise that most of these wireless connections are unsecured (you do not need a password) which means that anyone can monitor the wireless traffic on these connections.
Also it is simple to 'spoof' or fake a wireless connection. A mobile phone can be set up with a name that is the same as the free service and then your information can run through someone else's monitoring system.

When using free wifi anywhere you need to have a secure connection and this can be achieved by using VPN - a Virtual Personal Network.
This is an app that links your device to the internet through an 'encrypted' connection.
This means that any monitoring of what you send will only see what looks like gibberish.

There are many VPN suppliers but most will have a small fee associated with their use as they have to maintain their service all around the world.

NOTE: When using a VPN service your normal email software may not operate properly. You may be able to receive but not send or vice versa. There are some technical fixes but it may be easiest to use one of these options:
Send/receive emails with the VPN disconnected, avoiding the problem but leaving emails less secure.
Use the webmail access for your email so that the VPN remains connected but email can be sent or recieved.

Security Software

On many devices, security software is used to monitor intrusions.
Even though some devices, like iPhones, do not suffer from 'viruses', it is important that good security software is used on devices that the iPhone might connect to.
It may be too that certain types of security software will block actions by the user that could result in intrusion.
This may prevent Malware or Ransomware but it relies on blocking the user from choosing to engage with emails or websites with fake material. Better that the user is cautious and not take those types of risks.

Selection of security software needs research to determine the best fit for the type of device you are using.

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License