Cyber Monday Security Checklist – 10 Things Not to Do – James Lyne

James Lyne, Global Head of Security Research, Sophos
James Lyne, Global Head of Security Research, Sophos

Guest editorial by James Lyne, Global Head of Security Research, Sophos

  1. Use a password that’s easy to remember, like ‘Password’ or ‘123456’.
    • Though they are easy to remember, for a cyber-criminal this is like giving candy to a baby.
    • A password like this can be cracked in less than a second.
  1. Have the same password for everything so it’s easy to remember
    • It’s a lot of hassle having to have a separate password for our online banking, online shopping and email accounts.
    • However, remember if a cyber criminal has access to one password they have access to all your accounts and the plethora of data they contain.
  1. Create a ‘log-in and password’ folder on your phone or in your email
    • So you have different passwords and usernames – that’s great.
    • But keeping a folder with all of the information in is a hacker’s dream and one that is easier to access than you might think.
    • You’re better off using a password manager that you know is secure.
  1. Ignore notifications to update your phone or your laptop
    • We all get frustrated by notifications asking us to update the software on our laptops or iPhones, and it’s so easy to ignore or click remind me later.
    • But some updates will have important security patches that really need to be carried out. 
  1. Open links or attachments in an email from an unknown sender
    • Has curiosity ever got the better of you, and you’ve been desperate to know what’s in the attachment or tempted to click a malicious looking link?
    • Phishing emails are going from strength to strength and some are even fooling the pros, but as a rule of thumb never open it if you’re not expecting it.

(Hear from the Author, James Lyne. Courtesy of TED Talks and YouTube)

  1. Replying to emails that notify you of unusual activity on your account
    • The majority of ‘fraud alert’ or ‘account compromise’ emails these days tend to be scams.
    • Don’t reply to them or click on the links, but instead go directly to the website of the provider (or phone them) to check for issues.
    • Clicking a link in one of these emails and ‘signing in’ is a classic way to lose your login information.
  1. Click ‘remember me’ when you log into sites
    • It’s convenient to be able to go on a site and already be logged in, but do you want to allow a cyber criminal access to your Facebook account for example?
    • Always log out and never tick the ‘remember me’ box
  1. Believe deals that are too good to be true – there’s no such thing as a free iPhone
    • We’re all after a good bargain this Black Friday, but this also presents cyber criminals with an opportunity to steal your information by offering you the most competitive deals.
    • Use your initiative to know what is real and what isn’t, and if you aren’t sure, don’t take the risk.
  1. Connect to an unknown wi-fi network
    • It’s important to be confident that the wi-fi you’re connecting to is secure. Otherwise all the data on your phone from your Facebook account to your banking apps could be infiltrated by a cyber criminal.
    • If you’re not sure it’s secure but you really need to connect, you could use VPN.
  1. Don’t check your transactions and miss any fraudulent activity on your cards

These days it’s much harder to check every transaction on our bank statements, however the Christmas shopping period is the most important time of year to be doing this in order to avoid falling victim to fraud.

If you discover payments that you can’t identify, notify your bank immediately.

(The nucleus of what Sophos does, SophosLabs is a unique mix of automated systems and specialized analysts working 24/7 around the globe to combat internet threats. Courtesy of SophosLabs and YouTube)

About the Author:

James Lyne is global head of security research at the security firm Sophos. He is a self-professed ‘massive geek’ and has technical expertise spanning a variety of the security domains from forensics to offensive security.

James has worked with many organizations on security strategy, handled a number of severe incidents and is a frequent industry advisor. He is a certified instructor at the SANS institute and often a headline presenter at industry conferences.

James is a big believer that one of the biggest problems of security is making it accessible and interesting to those outside the security industry. As a result, he takes every opportunity to educate on security threats and best practice always featuring live demonstrations and showing how the cyber criminals operate in the real world.

James has given multiple TED talks, including at the main TED event. He’s also appeared on a long list of national TV programs to educate the public including CNN, NBC, BBC News and Bill Maher.

As a spokesperson for the industry, he is passionate about talent development, regularly participating in initiatives to identify and develop new talent for the industry.