Blog Cyber Security Tips for 2024

1. Enable Multi-Factor Authentication (MFA)

Passwords aren’t enough to keep your accounts secure, no matter how strong they are. Multi-factor authentication (MFA) adds an extra layer of security by requiring you to verify your identity in multiple ways. This could be a combination of:

• Password + One-time code sent via text or email.
• Password + Biometric scan (fingerprint or facial recognition).
• Password + App-based authenticator code (e.g., Google Authenticator).

We advise enabling MFA on all accounts, especially ones with sensitive data such as banking, email and cloud storage. We’ve written more about this in our blog: Multifactor Authentication – Why It’s the Silver Bullet of Cybersecurity.

2. Use Strong, Unique Passwords with a Password Manager

Reusing passwords across multiple sites is bad practice and can leave your accounts vulnerable. If a hacker cracks one of your accounts, they can easily access others. Using strong, unique passwords for every account is advised.

However, remembering dozens of complex passwords can be difficult. This is where a password manager comes in, these create, store, and autofill passwords for you.

When choosing a Password Manager, look for features such as:

• Cloud backup with encryption.
• Cross-platform sync (desktop, mobile).
• Breach alerts (if one of your accounts gets compromised).

Our blog on Password Best Practice for 2024 shares more tips on setting a strong password and what to look for in a Password Manager.

3. Regularly Update Software and Devices

Keeping your software and devices up to date is one of the easiest ways to prevent cyberattacks. Cybercriminals increasingly exploit vulnerabilities in outdated software and operating systems. Regular updates minimize these risks.

Our best practice tips are to:

• Enable automatic updates for operating systems (Windows, macOS, iOS, Android).
• Update all installed apps (especially web browsers, email clients, and any tools you use for work).
• Ensure your antivirus and security software is up-to-date.
• Update firmware on IoT devices (like smart TVs, routers, or security cameras).

When you get a notification to update your system, do it as soon as possible.

4. Be Wary of Phishing Attacks

Phishing attacks are becoming more sophisticated and it’s more important than ever to remain vigilant when receiving emails or texts. Falling for phishing attacks can lead to identity theft, financial loss, or even ransomware infections.

Think, before you click:

• Verify the sender: Always double-check the email address or phone number. Even if it looks familiar, hover over the email address or URL to confirm it’s legitimate.
• Don’t click on suspicious links: If you receive an unexpected email asking you to click a link, open an attachment, or enter sensitive information, don’t. Instead, visit the website directly through your browser.
• Use anti-phishing software: Many modern antivirus programs come with built-in phishing protection, helping to identify and block these attacks.
• Train staff with phishing simulations: Using an automated phishing simulator can identify risk, train staff and prevent breaches.

5. Put a Cyber Security Policy in Place

Outline cybersecurity measures for employees, suppliers and stakeholders. This could cover topics such as:

• VPN usage
• Encryption
• Secure password practices
• WIFI routers
• Public WIFI use
• Personal device usage
• Handling sensitive company information
• Remote workers policy

Our Cyber Essentials Toolkit is a great starting point for putting the necessary policies and procedures in place for cyber security. It is aligned to the UK government scheme, however it can be used by any organisation who want to update their cyber security procedures.

6. Beware of Public Wi-Fi Risks

Public Wi-Fi networks are notoriously insecure. Cybercriminals can use tools to intercept the data you send and receive over these networks. While free Wi-Fi is convenient, especially if employees travel for work, it’s essential to be sensible if you decide to use it.

• Use a VPN: A Virtual Private Network (VPN) encrypts your internet traffic, making it harder for hackers to intercept your data. Always use a VPN when connecting to public Wi-Fi.
• Avoid logging into sensitive accounts: Don’t access online banking or make purchases while on public Wi-Fi. If you must, ensure the website uses HTTPS (look for the padlock icon in the URL bar).
• Turn off file sharing: When on public Wi-Fi, disable file sharing on your device to reduce the risk of someone accessing your files.

7. Back Up Your Data Regularly

Ransomware attacks have been on the rise, and this trend is expected to continue. Ransomware encrypts your files, and attackers demand payment to restore access. Having regular backups of your data ensures you won’t lose everything if you fall victim to an attack.

• Use cloud storage services to back up critical files.
• Create offline backups on external hard drives or USBs that you store in a safe place.
• Schedule automatic backups so that your data is regularly saved without you having to remember.

Make sure that your backup is separate from your primary system to avoid ransomware affecting both.

8. Regular Cyber Security Training

Training staff is a key defence against cyber threats. As these threats evolve, it’s crucial that employees and stakeholders stay informed.

Regular training programmes are a useful tool to ensure all employees have the knowledge to keep the business safe. This can be done in-house, using an external consultant or via a software platform.

CertiKit’s Cyber Awareness Training Platform provides an automated solution for complete cyber training for your employees. The annual subscription includes the following modules: Cyber Security Awareness Training, Phishing Simulation, Breach Monitoring, Policy Management and Real-time Reporting.

Find Out More about our Cyber Awareness Training Platform.

9. Be Mindful of AI and Deepfake Scams

With the rise of AI technology, deepfake scams have become more common. Deepfakes are digitally altered videos or images designed to deceive people. Cybercriminals might use deepfakes for scams, blackmail, or spreading misinformation.

To avoid falling victim to deepfake scams:

• Verify unusual video or voice calls, especially if the request seems suspicious.
• Cross-check information from multiple sources before acting on a request.
• Keep an eye on emerging AI scams as they evolve, especially around social media and news platforms.

Conclusion

Whether you’re securing personal information, protecting your business, or simply browsing the web, the importance of cybersecurity cannot be overstated. Following these cyber security tips will help you stay safe in an ever-evolving digital world. Remember, cybercriminals adapt quickly—so make sure your cybersecurity practices do, too!