,
Using the internet online should be an enjoyable experience. Use this checklist to help you improve your security when browsing or buying online.

CHECKLIST FOR PERSONAL ONLINE SECURITY

In the wake of all of the high-profile cyber attacks on Talk Talk and other companies it is often the consumer who is left to pick up the pieces.

In our article Cyber Security: Reputation Damage, Can You Afford It? we take a look at how companies are affected but it is our own responsibility to look after our own security and safety when browsing and buying online.

With so many of us shopping online or giving our details to companies online, it is inevitable that the number of online scams, fraud and occurrences of identity theft is on the increase. Here we cover some of the important basics to look out for that can help to protect your personal information.

Ensure that the website is who it says it is

This may seem obvious but there are many instances of websites pretending to be something they are not.

Security of your online devices shown with a padlock

They do this to try and con you into paying for goods or services online and then once they have your bank details and security codes they can harvest your bank account, and possibly other online accounts you have, of everything they can get.

Websites like this are very convincing and look genuine, often being difficult to distinguish them from the real thing but there are some things that you can do.

If you are unsure about the website you are on then always err on the side of caution and do not enter any personal or financial information into the website.

You can also double check the websites credentials, this can be done in a number of ways:

•    Google the name of the website, verify the website URL is the same as the one you are using.  Look for reviews, comments and history of the company to ensure they are legitimate.

•    Does the website have spelling mistakes, grammatical errors, works in a way that you feel does not represent the product you are trying to buy, If so be wary.

•    Does the website have a contact us with office location phone numbers and general information you would expect? Legitimate companies will generally display this information. If you are still uncertain check the information in an online directory like BT Phonebook.

Trust is important and just like buying goods from someone in a shop you must trust the website you are buying from.

Look out for the padlock

Another great sign of confidence is the Green padlock.  This is a sign that the connection is a secure one that links directly to the website you are connecting with.

https security tags

Websites that have a secure padlock within the website address bar have been through the process called SSL certification.  When you see this you can be sure that no one else other than the company or another organisation is viewing your details.

It also means that the data is transferred between you and the website in an encrypted format making it impossible to understand while in transit.

Accompanying the green padlock, you will also see the characters HTTPS: at the start of the web address (it may be in lower case but that is ok.).  The HTTPS: is linked with the SSL process and also verifies the level of security that you are using while on the webpage.

Good websites will have this security feature showing on all of its webpages but as an absolute minimum you must ensure that you are on a secure connection for any webpages where you are entering personal or financial information.

Caveat Emptor – Buyer Beware

The shield and HTTPS are only signals confirmation that this is a secure site.  As fraudsters can creat websites with secure credentials as well, it does not confirm that the site is genuine though so our original first point above about making sure the site is genuine still holds.

Never give your PIN or password out

If you ever receive an email, call or text asking for your credit card details, bank pin number or any other piece of financial or personal information you should always refuse.

It is not the practice of any company to request such information in this way; unfortunately we often see in the press where this type of fraud has occurred and the problems it brings.  

Should you receive such a request you should inform your bank immediately as it would suggest that you are already being targeted and you bank can take positive action to help protect you against the scan or fraud.

Email scams

These used to make me laugh because they were so badly written and were obviously a scam.  Arriving daily, there used to be emails about you receiving an inheritance, but times have changed and there are some very convincing emails arriving in inboxes across the country that, just like the hoax websites, look absolutely genuine.

Scam email

Again if you are unsure the advice is to not to do anything. 

If you want to you can report the fraud online with the National Fraud & Cyber Crime Reporting Centre.  

This is a common trick by fraudsters to send an email advising, amongst other things, that you have some inheritance due or have won a competition. 

You cannot make this up, as I am writing this article I received the email displayed in my inbox.  I consider this a very poor fraud attempt, but someone obviously thinks different.

Keep your anti-virus software up to date.

One of the safest ways to protect your-self online is by using anti-virus software. The sophistication of computer virii is that they can hide quietly in your computing device but spy on you as you enter financial and personal data.

Anti-virus software provides protection against many different types of malicious software including virii, Trojans, Adware, Spyware, worms and many more, that can infect your devices.   

There are different levels of protection offered:

Proactive: This type of defence looks to detect any malicious software prior to it getting into your computing device.  This type of protection is dynamic and extremely effective.  Vendors see this as a premium service so it normally attracts a monthly charge.

Reactive: This type of protection looks for and removes any malicious software that has managed to get itself into your computing device.  Many vendors provide this level of service as a free offering with the view that you will upgrade to premium features once you have detected and removed any virii or other malevolent software.

The reactive approach is always recommended to be run regularly, even if you have a proactive defence in place.

And as our headline states, always ensure you have the auto-update feature of your anti-virus software activated to ensure that your defences have the latest versions of anti-virus software to work with. 

Beware of browser hijacking

Browser hijacking is an extremely common threat to your personal data as you may not be aware of it being active in your device.  As a highly successful criminal method for redirecting website traffic, it is also used to redirect you to hoax websites when you have selected to go to a genuine one.

Browser hijacking can enter your system in many ways and anti-virus software is one method of removing it but it is not the only solution so if you suspect your browser is being redirected then look at your browser extensions as they may hold some pointers as to where the hijack is being initiated from.  If you suspect a browser extension then uninstall it to verify your suspicions

Also, consider what websites you have visited and what interaction you have had with them as they may also be a source of the problem.

Change passwords regularly.

Almost every website you engage with now has a login requiring several pieces of information as a security challenge to verify you are authorised to access the website.

This generates a plethora of user id and password information which in many cases, to make life easier, tends to be standardised across all of the accounts. Unfortunately, this approach increases your online risks if your account information is compromised; something which has happened in many high profile cases such as Talk Talk, M&S and British Gas.

Many password reset processes on websites request that you provide your favourite sports team, mother's maiden name or another piece of personal unique information so be aware of what you share or reveal about yourself on social media and in the public domain.

Compan and social websites are now using an improved method of changing passwords called two-phase authentication.  This method requires a secondary confirmation step to enable password and possibly other personal information change.  The confirmation takes the form of a text or email to your personal account or smartphone, which you then enter a unique code into an online form to confirm the change.     

Remain vigilant.

With new threats and methods being developed to drive criminal ambition, it is important that you remain vigilant and take responsibility for your own personal online safety.

Always check before you enter personal details and always, if you are unsure, just don't do it!