Tips - Security Online

You are entitled to a private life but because of the nature of online social media it doesn’t really support that right. You need to help yourself to stay safe and secure and to ‘manage’ your online activities. This section deals with some security tips.

The online environment.

Each site you land on will have some record of who you are – or at least the device you were using (using cookies). We only use a login 'cookie' on this site but, if you’re not sure about how ‘cookies’ work you can read about cookies and how they tailor your experience and more! Finally, don’t think that a criminal isn’t going to be interested in you. Most online crime and ‘marketing’ tools use a similar approach to you, as a legitimate user, to build a network and look for things of ‘interest’. Whatever you do online – be careful and take some basic precautions against the ‘bad guys’ and unwanted interest.

Here are Seven important tips on how to protect yourself online.

One - Basic computer security against Malware

Malware code is described as computer viruses, worms, Trojan horses, ransomware, spyware, adware, and scareware, among other terms. Malware has a malicious intent, acting against your interests and so does not include software that causes unintentional harm due to some deficiency, which is typically described as a software bug. Also, not all virus code is Malware as it doesn’t have malicious intent if it is just 'stealing' your data – unauthorised ‘cookies’ could be an example.


  1. Always make sure you update the programs on your computer regularly;
  2. Ensure you have some anti-virus and anti-malware defence.

Some updates require a computer reset even if they download automatically and it is good practice to switch off your computer at regular intervals. This allows updates to be installed and helps keep you safe.

We can’t make recommendations but here are some common providers of Malware defence software:

Two - Passwords

It’s a nightmare, every-one expects you to give a user name and a password – but, if you only have one and you use it all the time then it becomes the key to all your data, photos, bank accounts, everything. It is important to use a strong password

A strong password is one that the criminal’s computer or algorithms can’t easily find or decode – they will run millions of tests on your account. You have to balance strength with being able to remember the password! Here are some tips to build your own password as opposed to rely on a computers 'password generator'.

  • If you use ordinary words and phrases that make “sense” – that’s usually a weak password;
  • If you use birthdays, relative’s names, your football teams -that’s usually a weak password because it can be linked to you (see Identity theft below):

A strong password is one that uses keys from the whole pad. Instead of 26 letters you have over 40 keys – the odds of 'breaking' your password is so much smaller. Here is a suggestion of how to construct a strong password:

  1. Try three unconnected words (at least 6 letters) that you'll remember say - jam, silver and coat
  2. Include capitals in the string - “JamSilverCoat
  3. Add a year “19JamSiverCoat68”:
  4. Tack on one or two squiggles “!19JamSilverCoat68?

Finally consider using a two-factor verification login particularly for a critical password. These require you to enter a special security code each time (typically sent to your phone or generated by an application) Facebook particularly recommend this if you access your account from a new computer, phone or tablet.

Remember: No password is unbreakable– there are other tricks – eg. using poetry phrases. Read what your social media or website recommends but keep it memorable. While not recommended, you have less chance of being burgled than getting phished so it might be better to write down your passwords and keep them safe in your house rather than use simple weak passwords.

Three – Mobile Surfing and your home broadband and Wi-Fi.

Public Wi-Fi

Its great to get something for free and public Wi-Fi in coffee shops really make things better: but “there is no such thing as a free lunch”. The registration on the free Wi-Fi and acceptance of the Terms and conditions normally comes with you allowing them to capture your details – for marketing and sales purposes. Criminals too can use these public airwaves to latch on to your device and hack into you. Better to only use your usual provider’s secure site or use your phone as a personal hotspot. Your phone company will provide details on how to set up your phone as a hotspot and any data restrictions which may apply in your contract.

Home Broadband and IP Addresses.

You should always ensure your browser settings have security protection to help block out criminal sites. Then:

  1. Watch for the security clearance or the ‘lock code’ that your browser may apply:
  2. Use HTTPS:// before the web address. What is HTTPS: A site that returns HTTPS is a secure site as defined by SSL (secure socket layer).
    SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral.

For your home broadband you should think about your set up and static and dynamic IP addresses, virtual private networks (VPN) and private windows:

  • Static IPs: an IP that doesn't change can be used to track your online behaviour over time
  • Dynamic IPs: changing your IP every so often can make it harder to track you. This can often be achieved by restarting your internet router.
  • VPN – Using a VPN your traffic comes through from a third party's IP address making it much harder to track you online. Read more
  • Private browsing windows – What is private browsing and why should I use it?

Four - Safety Online - Social Networking.

Privacy settings

  1. Learn how to use and set up your social media channel profile properly;
  2. Use their privacy features to restrict strangers’ access to your profile;
  3. Here are some channel Specific Security Advice links.
  4. If in any doubt always choose the most restricted setting – you can then in the future loosen the strings as you become more comfortable with the site.

Clicking on links in emails or social media.

Some sites are simply fraudster fronts and can be very good copies of the legitimate site or email – this often applies to HMRC, banks and other financial businesses. With any link, even in a social media posting you trust never just click - rest your cursor over the link for a few seconds so you can see that the name of the site link is what you are expecting and ‘what it says on the tin’. Here are some tips to help:

  • It's best to go to the website directly by typing it into your browser. You'll also want to make sure you're only entering this type of information during secure browsing sessions;
  • Emails with unsubscribe links – if you get an unsolicited email form a site with an unsubscribe link then do not just click on the link – delete the email;
  • If the email comes again, then type the site address, from the email, into your browser and check that the site exists;
  • If it does, it is probably legitimate and you may have agreed with a similar site/provider to share your details. If you are confident, then check the unsubscribe link and click or continue to delete the emails until they stop (in most email programs, you can put unwanted emails automatically into junk and then they’ll get deleted after 30 days).

Routine management.

Here are some tips to help:

  • Be guarded about who you let join your network – make sure you know them or they have a legitimate reason for joining your network;
  • When responding to “friends” requests do be careful; even on professional networking sites like LinkedIn;
  • Scan the “mutual friends” you have with the person requesting to link up: consider if you really know them;
  • People who are accepted by you will see more of your personal information, your movements and access with credibility your real friends.

Posts and Tweets.

Here are some thoughts about your personal posts and Tweets and the wider security implications:

  • It is easy to forget what might be said in a joking friendly way under your breath, or blurted out because you are furious will be permanently recorded in cold letters;
  • “I didn’t mean it to sound like that” doesn’t cut it; Think carefully even when you are in the middle of funny banter with a group of friends in chat rooms;
  • What you write may be forwarded on to others and then into to the widest media community- you’ve seen it in the papers and don’t think it can’t happen to you;
  • Offensive and obscene remarks even if intended to just be funny can end up in public maliciously or by accident;
  • Pictures of you having wild fun or jokes about your work place – if not strictly controlled by your privacy settings could easily haunt you…

Five - Identity Theft.

Where are the risks:

  • Disclosure of private information by either yourself or friends/contacts:
  • Phishing emails allegedly from social networking sites can actually encourage you to visit fraudulent or inappropriate websites:
  • Friends’, other people’s and companies' posts encouraging you to link to fraudulent or inappropriate websites:
  • People hacking into or hijacking your account or page;
  • Viruses or spyware contained within a message attachment or even an image;

NEVER share your personal information, such as government issued ID numbers, birthdate, credit card or bank account numbers on social media and think twice about it on private emails.

Bear in mind criminals will be prepared to wait and spend time building up a profile about you. They will try to collect:

  • Pictures, stories, comments about birthdays, trips, favourite things family members everything can be pieced together by computers;
  • Pictures can be analysed to pick up details in the back ground that giveaway much more than you think;
  • If they can see you are on holiday – great easy pickings if they have already found out where you live.

Six - How can I Safeguard myself?

Here are just some bullet points for you to consider and to help protect yourself:

  • Use a different credit card when shopping online;
  • Use a different email address for social media accounts, keep your main address for routine and personal matters;
  • Don't allow location services unless you need them in an app;
  • Try not to link accounts using 'Login with Facebook'or similar as this could cause a 'chain of compromise' if one account is hacked;
  • Do not share personal information on social media;
  • Be aware if you are coming under peer pressure to post or retweet something you are not comfortable with. Think about how even a funny line might look in the cold light of day;
  • Try your best never say or do anything on social media when you are under the influence:
  • Keep your profile closed and allow only your friends to view you – don’t let the world into your life;
  • What goes online stays online and can be dug up again years later;
  • Sounds prudish – but don’t use obscene language or offensive terms – you may think it is just with your mates…;
  • Be aware of what friends post about you, or reply to your posts, particularly about your personal details and activities;
  • Think before you retweet a friend’s post or comment - first, it may get him or her into trouble and, by re posting or tweeting, you are easily presented as adopting any remarks that could come back to bite you.

Remember that many companies routinely view current or prospective employees’ social networking pages, so be careful about what you say, what pictures you post and your profile. The key is to regularly look at your social media presence and accounts with an “outsider’s critical eye” it might help you see something hiding “in plain sight”.

Seven - How to see if you’ve been hacked.

Twitter gives a good sense of indicators and these can apply across the board of all social media platforms. They say good indicators include:

  • Have you noticed unexpected activity from and on your account?
  • Remember to monitor if you find you are following, unfollowing, or blocking without your knowledge:
  • Have you received a notification stating that your account information has changed, and you didn't change it?
  • Noticed your password is no longer working and you are being prompted to reset it?

You should also take extra care if your friends say they have received emails from you which you didn't send. If that happens, you should look on the inernet for solutions as there are many different approaches to resolve an address book hack.

  • Pictures, stories, comments about birthdays, trips, favourite things family members everything can be pieced together by computers;
  • Pictures can be analysed to pick up details in the back ground that giveaway much more than you think;
  • If they can see you are on holiday – great easy pickings if they have already found out where you live.

If you are a victim of fraud or theft – or a threat of blackmail – contact the police every authority has a cyber-crime division – you are not alone!

Action Fraud is the UK’s national reporting centre for fraud and cybercrime where you should report fraud if you have been scammed, defrauded or experienced cyber crime in England, Wales and Northern Ireland. You can report fraud or cybercrime to Action Fraud any time of the day or night using their online reporting tool. Reporting online is quick and easy. You can also report to us by calling 0300 123 2040 Monday to Friday 8am - 8pm.

If your report relates to any of the below, please follow the links to report it to the correct organisation:

Remember, any data breach or loss should be reported to the Information Commissioners Office.