Developing a cyberculture for home and business

Date published: 
07 April 2020

Through a series of monthly articles, we want to increase your knowledge of cyber-threats and the actions you can take to protect yourself, your family, home and business when online.

Recently 70% of people surveyed expect to be the victim of cyber-crime over the next two years and most feel there would be a big personal impact.– NCSC ( UK Cyber Survey 2019)

This month we are looking for you to develop a 'cyberculture' for your home or business. Day and daily we take actions to secure our homes and cars by locking doors and windows now let’s secure our digital world.

A healthy 'cyberculture' is when we understand the cyber-threats we are exposed to, then take actions to protect ourselves, significantly reducing the potential of becoming a victim of cybercrime. These actions don't become one-offs rather like the actions we take to secure our homes become second nature.

A good way to start getting the right cyberculture established at home/business is to allocate people specific roles and responsibilities This might be one person covering many roles to ensure that your systems, networks, data and devices are protected. As part of their responsibilities, they can ensure up to date security actions/policies are implemented regularly. This should give everyone confidence when they are online, that their digital/physical assets are secure and they are safe in the digital world.

Here are a few things for them to consider - 

  • How are you connecting to the internet?
    Your internet connection may be through an internet service provider (ISP), a mobile network or public WiFi service. You need to secure these connections. Ensure you change the default settings and passwords on any router or modem – this is known as secure configuration. If or when connecting to a public wi-fi you may want to use a VPN to protect your data and device.
     
  • What internet services are you using?
    Online services might include, Netflix, Social media e.g Facebook, home banking, shopping, remote baby monitors, doorbells or security cameras. In addition to these, a business might use – remote IT support, payment services, point of sale services, CCTV etc. Start noting down these services, who and what devices are accessing them and why. Ensure they are all protected by secure passwords, never keep a physical record of login details – look at our password guidance video.
     
  • What devices in your home need access to the internet?
    These may be more numerous than you might think e.g Smart TVs, smartphones, tablets, laptops, PCs, game consoles, smart devices controlled by apps, voice-activated assistants e.g. Alexa are just a few. Some home and business routers will keep track of the devices that are connected to them. It is worthwhile to check with your provider how to do this. Again ensure any default username and passwords are changed.
  • Back-Up Your Data
    Consider what data would you struggle to replace if it was stolen or compromised? Examples might be important emails, home finance details,  photos and videos of holidays and important occasions, copies of letters, Insurance. Ensure that these are regularly backed up – look at our backup guidance video.
  • People - Who is accessing your networks?
    Keep track of who is accessing your internet connection and with what devices.  A business can have multiple users (employees, suppliers & customers) accessing their networks they should have proper access controls in place especially for accounts that have administrative privileges. In the security world, this is referred to as identity and access management.
     
  • Have I been Pwned?
    Use haveibeenpwned.com to check if any email accounts or passwords have been compromised by a data breach. Check all accounts and domains even ones no longer in use as these can be used to impersonate you. Change passwords if these appear to be compromised and delete dormant accounts.

Implementing the points above will go a long way towards establishing a healthy 'cyberculture', increasing cyber awareness and embedding a security-first approach when you or anyone in your household/business go on-line. Ultimately everyone has a responsibility to keep themselves secure.

Next month we can build on this.