Don't be a victim of cyber attack

Dave Miller, Senior Developer at Alberon, Oxford's leading web and software development company, provides some advice on how to beat cyber attack and keep secure online.

Last month's hacking of TalkTalk is expected to cost the company up to £35million. Customer's financial details, including their account numbers and sort codes were hacked. The incident closed down the company's website for IT upgrades, has damaged its reputation and lost business.

Alberon offers key advice for online security both as online consumers and for business owners to prevent anything similar happening to you.

For website users

Using secure passwords is the single most important thing you can do to keep your data secure. Dave says: "You are far more vulnerable if you use the same password on multiple sites.

"Our advice is to use unique passwords on each site and to use a password manager to keep track of them."

Here are Alberon's tips for using passwords securely:

1. Use hard to guess passwords - even if the attacker is using a computer program to guess millions of combinations.

• Use a long password - at least 12 characters long. It will take a long time to try all the combinations.

• Avoid well-known phrases.

• A secure long password can be made by picking four completely unrelated words, e.g. "correctbatteryhorsestaple".

• Add capital letters/numbers/symbols to make it more random.

• Never have a password less than 8 characters.

• Avoid using just 1 or 2 words (including names of people/places/pets) because these are the first that will be guessed. Even adding additional numbers/symbols won't make it much harder to guess.

2. Do not reuse passwords

3. You can use a password manager to help generate and store your passwords securely.You only have to remember your Windows login and a "master password".

4. Try not to write passwords down

If you have to - don't leave it near your computer. If you lose it, change it immediately.

5. Install antivirus software.

6. Beware phishing emails. (These arewhena hacker sends you an email that looks like a legitimate company (e.g. your bank) but it actually directs you to a fake website under their control. If you were to go there and enter your login details as instructed, you would be sending your username and password straight to the hacker instead.

7. Be careful on shared internet connections.It is possible for other people using the same connection to spy on your internet usage. If you log into an insecure website while on a shared Wi-Fi connection, someone else may be able to find out your password.

8. Use an encrypted connection, which prevents anyone else from eavesdropping.

   • You can check if the connection to a website is secure by looking at the address bar in your web browser - typically you will see a padlock icon and the prefixhttps://. 

9. If you get any warning messages such as "There is a problem with this website's security certificate", do not continue as the connection is not secure.

For website owners

Dave Miller says: "Just imagine what a hacking incident could do for your business. If you have an e-commerce site or use sensitive information, it is your duty to protect your customer's confidential data. If you don'tyou could incur penalties under the Data Protection Act. Be assured, every day your website will be under attack. It is up to you to make sure that it is secure.

"Most attacks are automated using computer programs to systematically try sites until it finds the vulnerable ones. Typically, hackers try to get into the admin area of a website and from there they can wreak havoc.

"The worst cases are when stored customer logins and personal data are hacked but even sites with no personal data can be used to launch phishing attacks, send massive amounts of spam, or run blackhat SEO campaigns - which can get the site banned by Google and most email providers, causing big problems."

"Most website hackers are not sophisticated. They're mostly looking for easy prey - people with weak passwords or out-of-date software. They rarely target specific sites, but try every site they can find. This means no-one is safe - every website owner needs to be on guard."

To avoid the painful job of informing customers about a data breach, Dave offers this advice:

1. Make security a top priority, it should be a key requirement in your website development brief. "Sadly most people don't think about security until it's too late," says Dave.

2. Work with trusted and experienced web developers who know about security and follow best practices

3. Ensure each user has a strong, unique password.

4. Install security updates on a regular basis.

5. Conduct periodic security reviews of your website.

Alberon will help any companies with doubts about their website security by testing it for vulnerabilities. The company's developers undergo frequent security training to ensure they can build secure websites and software solutions.

To arrange a security review of your website or for more information seewww.alberon.co.uk,emailinfo@alberon.co.ukor telephone 01865 794009.

Dave Miller, senior developer at Alberon

ENDS

Dave Miller, Senior Developer and Tim Ault, Managing Director of Alberon, are available for interview.

For further information, to arrange an interview, or for photographs, please contact Sarah Airey, The Buzzworks, emailsarah.airey@thebuzzworks.co.ukor telephone 07855 086447

About Alberon

Alberon has been designing and building bespokesoftware solutionsandwebsitesfor organisations in Oxford for over 12 years. The friendly and highly experienced team of web designers and software developers are dedicated to helping clients with tailor-madeweb designand development, to complex and creativesoftware solutions.