The Talk Talk cyber attack has left many wondering how at risk they are and what they should do to protect themselves.
BTA's inhouse technical guru, Scott Bartlett, explains what you can do now if you are a Talk Talk customer, and how to protect yourself moving forward. Cyber attacks like the recent Talk Talk one are likely to become increasingly common as hackers get braver and more technically advanced. It is well worth the nominal amount of time and money required to increase your cyber defenses.
Talk Talk Update
Talk Talk say that the recent cyber attack is smaller than originally thought and that customers wanting to leave Talk Talk can do so free of termination fees. The phone and broadband provider also said bank details and personal information could have been accessed, but that credit and debit card numbers had not been stolen.
If you are a Talk Talk customer, we recommend checking your bank account for fraudulent activities once a day or as regularly as you can for at least three months. If there are unaccounted for charges, call your bank immediately as you will most likely be able to recover the funds. Many banks also offer a free fraudulent watch service where they will contact you if they suspect there is suspicious activity on your account.
What else you can do
Talk Talk crisis aside, protecting against further cyber attacks is going to become more and more important for all of us. We all have an online presence, we all trust suppliers of services with our personal details, and most of us can do a lot more to protect ourselves. Here are some tangible things you can do to safeguard your accounts and information:
- Change personal email passwords and confirm they have a secure recovery email address setup.
- Use a good password manager - we recommend 1Password, LastPass or Dashlane.
- ALWAYS use different passwords for different services; and make sure they are good, i.e not your year of birth and favourite activity. If you have a password manager you don't have to remember them all.
- When using third-party WiFi hotspots, use a trusted VPN service to secure your traffic from Wifi sniffers. They don't cost much a year and are well worth out. Check out some options here.
- Don't click on dodgy links or visit questionable sites, and NEVER blindly trust what files or links appear in your email mailbox, even if it appears to come from a legitimate source.
- Keep your security software up to date - antivirus and anti-malware. Make sure it's scanning your email as well as the files on your computer.
- Make sure your operating system and applications are up-to-date and all security patches are installed promptly.
- Make sure all the devices on your network have unique passwords - and always change from the default.
- Only ever install or update software from trusted sources. This means usually direct from the vendor (or your trusted IT support provider). Avoid aggregate 'download' sites and other similar methods.
- Remove Java and Adobe Flash if you don't need them.
And for the technically inclined...
- Use two-factor authentication. Most services now support it (Google, Facebook, Apple, etc etc) and the most popular tools for this (Google Authenticator, Apple Push notices in iOS and OS X) are completely free to use.
- Some services support individual 'application' passwords (e.g. Apple / iCloud) so if one device is lost or compromised, your accounts aren't lost or compromised.
- In addition to antivirus and anti-malware software, also use a personal firewall. Set it to monitor unexpected *outgoing* connections as well.
- Regularly check that your computer is using the expected DNS servers, and that you haven't been re-directed to compromised ones. For businesses with in-house IT these would be IP addresses on your local network. For home users, these should be IP addresses given by your ISP, or a public DNS service such as OpenDNS (188.8.131.52) or Google DNS (184.108.40.206 or 220.127.116.11).
If your business needs some help
BTA has over 20 years of experience in managed IT services and can help ensure your business, and its employees, are protected from cyber attacks like the Talk Talk incident. We will not only provide expert advice, but implement a plan that meets your needs and budget. BTA is one of the few London IT providers that have long-term, best-of-breed supplier partnerships, and engineers with a high degree of training able to implement the IT solutions your business needs to stay safe. For a free consultation, or immediate help with IT issues, call us on 020 8875 7676.