Protecting your Digital Information

5 Steps to Stay Secure and Compliant

Regardless of whether you’re using your computer for work or personal matters, it’s increasingly incumbent upon you to keep sensitive information safe and secure. There are a wide range of threats and dangers that can have potentially disastrous consequences in the event of breached or exposed information, be it personal banking data or a business’s intellectual property.

It’s likely that, if you happen to have access to sensitive information in your workplace, many of these security practices will already be in place, such as access controls, data segmentation and encryption processes.

At home, you may also employee password protection, antivirus software and even a virtual privacy network (VPN), depending on your needs. Though, whatever your situation, it’s always a good idea to maintain a comprehensive understanding of how to keep information secure on a computer, at work or at home.

We’ve put together a helpful guide of 5 easy steps on how to keep information secure on a computer, all of which can be implemented without too much fuss and without the need for technical expertise.

Password Protection

Just like your online banking account, it’s more than just a good idea to keep your devices password protected, it’s a necessity. Just as you wouldn’t announce your PIN to strangers at a cash point, you shouldn’t encourage would-be attackers by leaving your accounts unsecured.

Chances are, if you own a smart phone, during setup you’ve been prompted to enable password protection. In most cases this will be either a pattern, character password or a biometric passcode, all of which will typically act as decryption keys allowing you access to the data stored on your phone.

Likewise, the accounts you use to access personal information, whether that be online shopping or subscription services, should all be adequately protected with strong, novel and sufficiently complex passwords that render it extremely difficult for any malicious actor to gain access.

Though there is an obvious limit on how complex you can make biometric login information, ensuring your passwords are not so simple that they can be ‘brute-forced’ could mean the difference between confidentiality and identity theft.

There’s a simple best practice method for creating passwords that we would recommend anyone follow. Simply take four unrelated, randomly selected words to easily generate a password that would theoretically take thousands of years to brute-force. (See CorrectHorseBatteryStaple)

Other than this, for sensitive accounts 2 factor authentication can also be implemented to add another layer to your security protocol. This means for example, when you log into your account from a new device, you will receive a text message to verify that it is indeed you, before you will be permitted access. In the eventuality of a hacker gaining your primary means of authentication, 2FA will halt their malicious plan.

Virtual Privacy Networks (VPNs)

There are several reasons why a person may wish to use a virtual privacy network, not least the myriad of threats that can present themselves when browsing online. Put in the simplest terms, a VPN creates an ‘encryption tunnel’ through which your data passes unbeknownst to your internet service provider.

With servers located across the world, VPN providers diffuse their service as to allow individual users, in part, to appear as though they are situated in locations other than their own. This may be for many reasons, some as admirable as dissident journalists avoiding persecution, or more innocuous examples such as streaming enthusiasts wishing to access titles only available in other regions.

Now becoming reasonably commonplace for remote workplace purposes, VPNs provide an added layer of security that also allows the use of public Wi-Fi with the knowledge that browsing data is not being scraped, monitored or exploited by third parties.

For those who are required to work remotely, or are frequently on the move, a VPN service should ideally be part of your security arsenal and effectively puts a stop to the methods of ‘eavesdropping’ that can have devastating effects on your information security.

Typically costing around £5 a month, VPN subscription services can be used across multiple devices, though range in reliability and applicability to your specific security needs. Some degree of research and review-reading is advised before any decision is made.

Anti-Virus Software

With any networked computer, there is always the possibility that rogue software may make its way onto your device. These nasty bytes can come in many forms; from spyware designed to exfiltrate data for the purposes of surveillance, to ransomware made for locking away your data and extorting money.

Even if you don’t realise, as with the password on your smart phone, chances are you have some form of antivirus software on your personal computer. These programs are designed to scan for, detect and protect against malicious software and viruses that try to gain access to your device.

When it comes to anti-virus software, there is no short supply of consumer options and many of the most popular makers and suppliers of anti-virus software offer free, or at very least very cheap, options for individual use.

Though much of your workplace anti-virus protection will likely be already implemented, with regular updates made to threat databases, many of these free options will perfectly suffice for the casual user.

Helping to protect against the most common forms of malicious software (malware) as well as including scanning and removal tool, for those looking for some of the best free options, Hut Six suggests in no particular order of preference: Avast, AVG and Sophos.

Software Updates

The need to keep systems and software up to date may seem like an irritating burden, but it’s importance in maintaining information security, cannot be emphasised enough. If you’re going to take away one lesson for this guide, let it be this: update your software.

When programs or operating systems are released, malicious actors, bug finders and developers race against the clock to find every vulnerability possible. Though much of the work of developers will happen before a piece of software is released, small (or sometimes large) imperfections in the code will invariably exist.

This fallibility of human coding is safeguarded against by the release of security updates and software patches that requires some energy on the behalf of the end user. Though the little request for you to update a specific piece of software, or even your entire operating system can appear innocuous, much of the time, the user will not be privy to the importance of any given update, and is as likely to be critical as it is benign.

Know How a Hacker Thinks

Though this is not a specific piece of advice per se, a healthy appreciation for the mindset of those who wish to exploit your information will serve any individual well. There are plenty of additional information security threats that could have been included on this list, but awareness of the persistent cyber security threat that we all face should help to inform your future behaviour.

Whether you're clicking on an unexpected email, or have received an SMS containing a HTML link, you should know that even the most seemingly innocent level of information may serve to aid an attacker in unforeseen or unexpected ways.

Think, for example, about the security questions used for sensitive account such as internet banking. Perhaps you’ve established yours as your father’s middle name, the street you grew up on, or even the name of your first pet. For those who unknowingly overshare on social media, these sorts of accounts can be a treasure trove for potential hackers who are hunting for a way into your account.

Likewise, simple psychological techniques can be employed to manipulate you into making split second decisions; for example, an implored sense of urgency is frequently used in phishing emails to fluster users in attempt to ‘force their hand’.

Social engineers will also exploit the common disposition of not questioning orders coming from positions of presumed authority, giving rise to the phenomena of CEO fraud, in which hackers will assume the identity of an organisational authority to trick a subordinate into making an unauthorised transfer of funds.

As previously mentioned, there are more threats than can be reasonably mentioned here, though one commonality across all suggestions of how to keep information secure on a computer is to apply a level of vigilance and reasonable suspicion to all kinds of internet communications and practices.

Despite the many technical precautions you can take, it is worth baring in mind, the vast majority of information security breaches and attacks rely on the mistakes and errors made by users, and any individual or organisation should consider the value of an effective and comprehensive information security awareness training program.