Version Control (Remove before publication)
Document Name: Cyber-Aware-Alternative-Formats-Master:
Version: 0.3
AF version type: Master:
AF based on document: n/a
Change log:
[FRONTCOVER]
Cyber aware
National Cyber Security Centre alternative formats edition.
This document has been produced by Lead Scotland in conjunction with partners and with funding from the Scottish Government Cyber Resilience Unit in conjunction with Lead Scotland.
Note: Full web address links are written in full in the appendix and organised by subheadings of this document. This may be beneficial for readers accessing the information when published in printed, braille or audio format.
Detailed content and additional information are provided in the appendix to help with flow and understanding.
Styles have been used to indicate structure and to allow adaption to individual reading preferences.
Version:0.2
Date released:19/03/2021
Due to coronavirus, people are spending more time online this year.
This means more opportunities for hackers to carry out cyber-attacks. They often do this by targeting people and businesses using:
· Malware - software that can damage your device or let a hacker in.
If hackers get into your device or accounts, they could access your money, your personal information, or information about your business.
You can improve your cyber security by taking six actions:
Action 1 - Use a strong and separate password for your email.
Action 2 - Create strong passwords using 3 random words.
Action 3 - Save your passwords in your browser.
Action 4 - Turn on two-factor authentication (2FA).
Action 5 - Update your devices.
Action 6 - Back up your data.
If a hacker gets into your email, they could:
· Access information you have saved about yourself or your business.
Your email password should be strong and different to all your other passwords. This will make it harder to crack or guess.
Using three random words is a good way to create a strong, unique password that you will remember.
You should also protect your other important accounts, such as banking or social media.
A transcript of the ‘Why email is so important’ video is available in the appendix.
Access the video covering "Why email is so important" online.
If a hacker gets into your email, they could reset the passwords for your other accounts using the ‘forgot password’ feature.
How to change your password in:
If your email is not listed here, you should search online for advice from your provider on how to change your email password.
If you are a business owner, your accounts may include sensitive information about your customers, your business, or your finances.
If your accounts are not secure, your business could be more at risk of a cyber incident. This may put your business at legal or financial risk, and at risk of breaking the General Data Protection Regulation (GDPR).
If your business has staff, you should make sure they do not store their passwords next to their devices, and that devices are locked or turned off when not in use.
For more information, see our
Small Business Guide
.
When you use different passwords for your important accounts, it can be hard to remember them all.
A good way to create strong, memorable passwords is by using three random words.
Do not use words that can be guessed (like your pet’s name). You can include numbers and symbols if you need to. For example: “RedPantsTree4!”
Saving your passwords in your browser will help you manage them.
Question: Which one of these passwords does not appear in the top 100,000 most compromised passwords?
The answer is RedPantsTree.
Hackers share online lists containing millions of compromised passwords.
3 random words is an easier way to create new passwords that are more likely to be unique to you and less likely to be guessed.
Saving your password in your browser means letting your web browser (such as Chrome, Safari or Edge) remember your password for you.
This can help:
· Make sure you do not lose or forget your passwords.
· Protect you against some cyber-crime, such as fake websites.
It is safer than using weak passwords or using the same password in more than one place.
Make sure you protect your saved passwords in case your device is lost or stolen.
Someone who gets access to your device may be able to use your saved passwords to access your accounts.
This kind of cyber-crime is much less common than remote attacks over the internet, where passwords are cracked using software.
To make sure you are protected, you should:
· Turn off or lock your device when you are not using it.
· Turn on two-factor authentication for all your devices and accounts.
· Turn on biometrics (Face ID or Fingerprint recognition) if your device supports this.
You should also back up your data regularly. This will help you recover your important information if your device is lost or stolen.
You can access your saved passwords from any device where you are signed into the same browser.
Once you have set up strong, separate passwords (Actions 1 to 3) for all your devices and services, there are other things you can do to reduce your risk of being hacked (Actions 4 to 6).
Two-factor authentication (2FA) helps to stop hackers from getting into your accounts, even if they have your password.
Some online banking uses 2FA automatically. It does this by asking for more information to prove your identity, such as a code that gets sent to your phone.
You will need to manually turn on 2FA for most of your accounts. Not all accounts will offer 2FA. Online banking uses 2FA automatically.
2FA is also known as two-step verification or multi-factor authentication.
A transcript of the “How 2FA works” video is available in the Appendix.
Access to the video on How 2FA works is available on YouTube.
Out-of-date software, apps, and operating systems have weaknesses. This makes them easier to hack.
Companies fix the weaknesses by releasing updates. When you update your devices and software, this helps to keep hackers out.
Turn on automatic updates for your devices and software that offer it. This will mean you do not have to remember each time.
Some devices and software need to be updated manually. You may get reminders on your phone or computer. Do not ignore these reminders. Updating will help to keep you safe online.
Find out how to turn on automatic updates for:
Question: How do companies fix weaknesses in their software?
Answer: When a company finds a weakness in their software, they release a 'patch' to fix it. This helps to keep your information secure.
Backing up means creating a copy of your information and saving it to another device or to cloud storage (online).
Backing up regularly means you will always have a recent version of your information saved. This will help you recover quicker if your data is lost or stolen.
You can also turn on automatic backup. This will regularly save your information into cloud storage, without you having to remember.
If you back up your information to a USB stick or an external hard drive, disconnect it from your computer when a backup isn’t being done.
You should always back up your data before updating your device.
This is because updates can sometimes remove or change files.
How to turn on automatic backup for:
Backing up your data will mean your business can continue to operate if a cyber incident does happen.
Start by identifying the data that is most important to your business. This could be financial, contract, customer, or supplier information. Make sure it is backed up regularly.
You should also know how to restore a backup in the event of data loss.
For more information, see our
Small Business Guide
.
Phishing: How to report to NCSC.
Discover how to report a potential phishing message to the NCSC using the Suspicious Email Reporting Service (SERS).
Our guidance will help you to avoid scam websites and purchase items safely.
[END OF MAIN DOCUMENT – APPENDIX FOLLOWS]
Why email is so important video available at https://youtu.be/lYq5-p6Ovd0.
Email is one of your most important accounts. But why do hackers care about your emails?
Imagine a hacker gets into your email
They can now access information you have saved about yourself
or contact people pretending to be you
But worst of all, they can lock you out of any of your online accounts
They can do this by going to any of your accounts and using the ‘forgot password’ feature
This sends an email with a link to reset your password
Which the hacker can use to lock you out of your account
Once they’ve reset one password, they can continue to reset passwords for your other accounts too
So, how can you protect your email and help to keep hackers out of all your online accounts?
Use a separate and strong password for your email
"Do not use words that can be guessed like your pet’s name or favourite football team. Using 3 random words will help you create passwords that are long and difficult to guess.
Make sure the password for your email is different to all your other passwords that you use"
This means that if someone cracks your password for another account, they won’t be able to use this to get into your email
Remember, your email is one of your most important accounts. Make sure it’s secure
How 2FA works video available at https://youtu.be/zD-CNuMxn5Q.
When you log into a website or app with 2fa
It will ask you to prove you are really you
It may send you a code
Then, if you're able to provide this
You can log in and use the service
[END OF DOCUMENT]