This year has been very different from the rest with Covid wreaking havoc in the professional and academic worlds.  As the national lockdown eases, many institutes will be looking to get employees, students and  tutors back in the office and back to normality.  What can we be doing to ensure these further changes don’t create yet more vulnerabilities?

Here are some tips from the We Fight Fraud team to help your organisation or institute stay secure online:

1. Firewall 
   Ensure your chosen firewall is up to date.  If you do not have a firewall then installing one is a priority when mitigating online security risks. Once your firewall is installed make sure it is appropriately configured for your services.
2. Keep Devices up to Date
   Ensure all devices connecting to the organisations’ network are up to date with the most recent patches and bug fixes installed.  Installing a ‘Device Management Policy’ can help to keep equipment maintenance simple).
3. Antivirus 
   Be sure the chosen antivirus software is working correctly and running on the most recent update. (check configuration is suitable for your needs)
4. Access Controls 
   Keep access to information or services limited to those that need it.  Running regular permission reviews (Which person has access to what information or services) is also essential.
5. Password Security 
   Even the best security systems can be rendered useless if password security is weak.  Make sure password structure is strong and at least 12 characters long.  It should not include personal names or phrases. The more non sequential and random the better. It is also ideal to change those passwords regularly.
6. Two Factor Authentication 
   Two factor authentication allows the device holder an extra layer of security.  By providing an additional form of identification the primary user can receive login and access prompts that mitigate against password attacks and let you know immediately if there is unusual activity on your account. 2FA is now a common feature and most major online services encourage their use.
7. Use HTTPS Webpages 
   When accessing the internet keep an eye out for HTTPS or (Hypertext Transfer Protocol Secure) This is a secure URL protocol that ensures the pages you are accessing are legitimate, dependable and private.  The communications from device to server are professionally encrypted keeping your valued data safe.
8. Encrypted Services 
   Encrypted emails add an additional layer of security to your environment. Should your email be compromised, having that additional protection in place could prove to be incredibly useful. While using encrypted (PGP) email may seem daunting at first, it’s security benefits far outweigh the initial difficulty. PGP is not only excellent for maintaining privacy but it is also a great way to prove that an email came from a legitimate source. This in turn helps the user to avoid malicious emails.
9. VPN or Virtual Private Network
   A VPN is a great tool for any device linked to the internet.  The Virtual Private Network improves the privacy of the host device. It does this by cycling the device's IP address (Internet Protocol) to various locations.  This in effect makes the user invisible to others on the web and protects against rogue network attacks.
10. Employ IT Professionals to Oversee your Security Policy
    By employing a trained IT security professional you will receive a safer and more secure experience online. This may be expensive initially but it could well save you thousands; ransomware and malware are not just inconvenient they can be very costly.

Criminals will look for easy targets, so by following clear, basic principles, you can significantly reduce the risks associated with the online world and the academic platforms associated with it.