SE Labs

Special Edition
Computer security testing comment and analysis from SE Labs

Bluffer’s guide to home cyber security

Keep your devices safe and help others too!

home cyber security

Everyone needs to protect themselves online. There is a lot of advice out there but much of it is confusing and contradictory. We’ll show you simple but effective steps you can take to put yourself in the top ranks. And you can help your friends and loved ones stay safe too.

Welcome to the Bluffer’s Guide to Home Cyber Security!

This article is going to tell you everything you need to know to stay safe online. It won’t baffle you with too much detail. But rest assured, although the steps are simple they are backed up by our thorough and unbiased understanding of how computer security works. We don’t have anything to sell you. This is all good, free advice.

Annual Report 2021

We’re going to outline 10 crucial areas of home cyber security. Use these to keep yourself safe online and help others. If you use all of them you’ll be far better off than most internet users.

And you’ll save money too. You don’t have to pay a lot to achieve top security online.

In each tip we give you some headline advice you can share with friends and family, and become their instant security expert.

Home cyber security tips

Passwords

Tell your friends:

Use a password manager

It’s impossible to avoid having lots of passwords. But it’s important that you don’t use the same one for every internet account you use. If someone steals or guesses your password they can get into every account and cause you lots of problems. Using different passwords is hard, though. How do you remember them all?

There are three main ways to handle this:

  1. Write them down.
  2. Use a password manager.
  3. Use a system to help you remember them.

Write passwords down

It sounds silly, but writing down your passwords is safer than reusing the same one all the time. Hackers can’t go through your physical belongings looking for your password book.

Password managers are practical

Most of us use multiple devices to access the internet, including mobile phones. It’s much more convenient to share your password list between them electronically, rather than having to fish your password book out on the bus and try to type passwords in each time. Web browsers including Chrome let you save your passwords once and log into websites quickly and easily on any device you own. If you allow them to choose strong, random passwords your security will probably improve even more.

Use a memory system

Use different variations of your favourite password, with each customised according to the websites you use. Create your own way of remembering them, but here are some examples to help explain how this works:

Your favourite password might be ‘_Donut’. For your Amazon account you might use the password ‘Amazon_Donut135’ In this example we’ve used the word ‘Amazon’ at the start and the number ‘135’ at the end. Using the same system, your password for your HSBC account would be HSBC_Donut135. To buy from IKEA you’d use IKEA_Donut135 and to log into Gmail you would use Gmail_Donut135.

All you really need to remember is _Donut and 135. You might need to add one or two extra letters or numbers, because some services require longer passwords. Consider adding punctuation like ‘!’ or ‘…’ to the end of the password in such cases.

Sign up to our monthly business and personal security newsletters.

Reinforce your passwords

Tell your friends:

Use an authenticator app

This tip will put you in the top 1% of secure internet users. Tell your friends to do this, and they’ll join you in this elite group.

Enable two-factor authentication on every important account you use.

What’s two-factor authentication? It’s a second level of security to go alongside your username and password. It’s usually a code that you type in after correctly entering your normal details. There are free apps that work with many popular services like Dropbox and Gmail.

The best apps we’ve found include:

  • Google Authenticator
  • Microsoft Authenticator

Install them on your mobile device and a hacker would have to learn your username, password and obtain your unlocked phone to gain access to your important accounts.

There are other ways to use two-factor authentication. One is to receive the codes in a text message (SMS) or automated phone call. These methods are not as secure as using an authentication app, but they are better than not using any method at all! You can also receive codes by email, which is arguably even less secure than SMS. But again, it’s better than nothing.

Possibly the most secure option is to use a hardware key like a USB or NFC dongle. Expect to pay less than £50 or $50 for a device like a Yubico YubiKey.

This is the most important home cyber security tip in this article. If you do nothing else, do this. And then tell others to copy you!

Online banking

Tell your friends:

Don’t click on links

Your bank protects your money, but only as long as you keep up your side of the bargain and take reasonable security measures. This ranges from the obvious, like keeping your bank cards and code numbers (PINs) safe to being reasonably savvy when faced with fraudsters.

One of the most common ways criminals try to trick you into handing over access to your bank account is through email and SMS messages containing links. These links might take you to fake banking sites, or they might lead to the attacker taking remote control of your computer.

Rather than going through all of the possible attacks and coming up with different ways to avoid them the simplest option is simply never to click on links sent to you via any messaging service. If you want to visit your bank’s website, do so directly or using a Bookmark or Favorites link in your web browser.

One exception to this rule is when you need to reset the password to an account. If you start that process and the bank says it’s emailed you with a link to click, then it’s safe to do so.

Mobile security

Tell your friends:

Don’t use anti-virus on a phone

Mobile devices are more secure than PCs and Macs. That sounds like a generalisation, but it’s true. This is because the way Android and iOS phones are designed means that you have less control, which also means hackers have less ways to take over the system. Your main threat will be fraudsters trying to trick you into clicking links or sending personal information such as bank details.

We take a controversial position on security software for home users’ phones. We don’t think you need it. The days when a VPN was needed to use public WIFI safely are gone. Viruses on mobile phones are rare and anti-virus software can’t remove it anyway. We’re not the only ones who think this. The UK’s National Cyber Security Centre agrees. So, when you argue with friends about this down the pub (or on Zoom), tell them that even our country’s own expert hackers think anti-virus for mobile devices is a waste of time. You can achieve good home cyber security without it!

PC or Mac?

Tell your friends:

Buy what you can afford and can use most easily

There is no clear answer about which is more secure – a PC or a Mac. Apple has claimed that Macs are more secure, but hackers pay more attention to Windows PCs because more people use them. Ultimately, both platforms are powerful personal computers running complex software. That means they contain known and unknown security problems.

Microsoft regularly updates Windows to fix security holes, as does Apple with its MacOS operating system. This proves that problems exist in both platforms but that Microsoft and Apple take fixing them seriously.

We recommend that you buy the computer you’ll enjoy using the most. The security differences are unclear.

Updates

Tell your friends:

Update your devices as soon as possible
(But not as you start your working day!)

Security problems exist in all computer systems. Your phone, laptop and possibly even your TV receive updates over time to address these. The companies that issue these updates are only doing so because they are important. They wouldn’t waste their valuable time updating Windows or MacOS for fun. So when you see an alert telling you than an update is available, let it do its thing as soon as possible.

That said, don’t run updates as you start your working day, or you risk staring at “Updating…” on your screen for a long time. Try to save updates for down-time like lunch or after work.

Which anti-virus?

Tell your friends:

Read unbiased anti-virus reviews

Anti-virus is software than can detect and stop certain threats such as malicious code and hackers from damaging or stealing from your computer. Every security expert in world, nearly without exception, recommends installing anti-virus on your computer. Rarely, though, do they tell you which one to use.

Anti-virus products are not all the same. Some are totally rubbish, while some are great. Others can vary, fluctuating over time. So how do you choose? Luckily there are reviews that look at anti-virus effectiveness, price and other features. Some of these reviews use our test data to help judge the effectiveness. You can use this information too, by reading our home anti-virus test reports.

Parental controls

Tell your friends:

Build trust with your family

Wouldn’t it be nice to install software that kept children away from the dangerous parts of the internet? While there are products that claim to do this, it’s virtually impossible to set up a computer that is both usable and blocks unwanted content.

The problem is that bad people can easily get around these systems. And so can good children. The sad truth is that nothing other than good parenting works. Having a trusting relationship with your children, in which you trust they won’t seek out horrible things and communicate with bad people; while they know they can come to you with questions when (and it is ‘when’) they see something that upsets them, trumps technical solutions.

That said, there are some basic steps you can take to reduce the risks. Blocking adult content through your internet service provider (ISP) is a good start. Most ISPs have options to block pornography and gambling sites. Never perfect, these options are still better than nothing. At least you’re not enabling access.

You can control access to content for very young children if they use Apple devices and you set up a ‘Family’. When they want to install apps you receive a request that you can allow or deny. This does not prevent them from visiting bad websites or chatting to bad people, so consider denying access to social media apps, despite the cries and howling.

Email security

Tell your friends:

Use a strong password and two-factor authentication

Your email account is your most important internet account. If someone gains access to it, they can probably gain access to many of your other accounts. They can do this by visiting websites, asking to reset your passwords and then clicking on the links these sites send to your email inbox.

Use the best password you can remember for your email service. Then use the two-factor authentication options it provides. If it doesn’t have such options move to another email service! (All good ones do these days…)

Don’t log into your email account on other people’s devices, including computers at hotels and offices.

Alongside using two-factor authentication, this is a crucial step to achieving good home cyber security.

Other scams and how to avoid them

Tell your friends:

Ignore blackmail threats

We all receive fake emails, text messages (SMS) and phone calls. In every case the best course of action is to never click on any links that they offer.

Don’t transfer money to anyone, even if they claim to be friends or family, without talking to them first. And possibly to your bank.

Sometimes you will receive blackmail threats. Again, the simple answer is to do nothing. You may have done some of the things the threat claims, such as looking at adult content. But there is almost no chance that the blackmail attempt is real. The criminals send these messages out at random in the hope that someone falls for their scam.

And if the threat is real? Do you think they will live up to their promise to delete the compromising material after you’ve paid? Or are they more likely to keep asking for more money until you stop paying? And then they post it all online…

Good home cyber security

If you follow these steps, and help your friends understand them too, you’ll have managed to make yourself more secure than the vast majority of other internet users. You can avoid being one of the fraud statistics and your life will, in the long run, be much simpler. Recovering accounts, restoring lost data and dealing with identity theft is a massive waste of your time, and stressful too.

So lock down your email account, keep your devices up to date and don’t click on links. It’s nearly as simple as that!

Find out more

Our latest reports, for enterprise, small business and home users are now available for free. Please download them and follow us on Twitter and/or LinkedIn to receive news, comment, updates and future reports.

Sign up to our monthly business and personal security newsletters.

See all blog posts relating to test results.

About

SE Labs Ltd is a private, independently-owned and run testing company that assesses security products and services. The main laboratory is located in Wimbledon, South London. It has excellent local and international travel connections. The lab is open for prearranged client visits.

Contact

SE Labs Ltd
Hill Place House
55A High Street
Wimbledon
SW19 5BA

020 3875 5000

info@selabs.uk

Press