Realise that you are an attractive target to hackers. Don’t ever say “It won’t happen to me."
Practice good password management. Use a strong mix of characters, and don’t use the same password for multiple sites. Don’t share your password with others, don’t write it down, and definitely don’t write it on a post-it note attached to your PC or laptop.
Never leave your devices unattended. If you need to leave your computer, phone, or tablet for any length of time-no matter how short-lock it up so no one can use it while you’re gone. If you keep sensitive information on a flash drive or external hard drive, make sure to lock it up as well.
Make sure you are running all the latest versions of software on all your devices. The updates will often contain new security patches and new security features. These new features make it harder for attackers to successfully compromise your devices.
Always be careful when clicking on attachments or links in email. If it’s unexpected or suspicious for any reason, don’t click on it. Double check the web address of the website the link is pointing to: bad actors will often take advantage of spelling mistakes to direct you to a harmful domain.
If you are still unsure, don't take any chances forward the email as an attachment, to spamreports@nhs.net.
Be aware of what you plug in to your computer. Malware can be spread through infected flash drives, external hard drives, and even smartphones.
Sensitive browsing, such as banking or shopping, should only be done on a device that belongs to you, on a network that you trust. Avoid using a friend’s phone, a public computer, or a cafe’s free WiFi-your data could be copied or stolen.
Watch what you’re sharing on social media. Criminals can befriend you and easily gain access to a huge amount of information - where you go to school, where you work, when you’re on holiday - that could help them gain access to more valuable data.
Offline, be wary of social engineering, where someone attempts to gain information from you through manipulation. If someone calls or emails you asking for sensitive information, it’s okay to say no. You can always call the company directly to verify credentials before giving out any information.
Be sure to monitor your accounts for any suspicious activity. If you see something unfamiliar, it could be a sign that you’ve been hacked.
As we adapt to modified ways of working we need to ensure we continue to take the security of our data and systems seriously. We know cyber criminals are preying on fears of the Coronavirus (COVID- 19) and sending 'phishing' emails that try and trick users into clicking on a link to a bad website (which could download malware onto your computer or steal passwords). The level of security we rely on at work are naturally reduced when working remotely; and there are some simple security tips both online and offline put together by NHS Digital that will help ensure your work and data remains effective and secure.
Be alert to COVID-19 phishing and vishing (telephone equivalent of phishing) scams. Threat actors are well aware that people are being asked to work remotely and it presents an opportunity for them to exploit. If something does not feel right, be it an email or a phone call, please contact your IT Helpdesk.
Don't use public WiFi, either work offline and connect later once at home on a more secure network or connect by tethering to your mobile device. You can also connect via VPN if you have it available in your organisation.
Always keep all your work devices with you when travelling (never leave work laptops or devices in cars)
Never allow anyone else such as family members to access your devices for personal use such as internet browsing.