Cyber Security

At Convey Law, we place a paramount focus on securing our IT systems through a collaborative effort with law enforcement agencies.

Working closely with the police, we have implemented proactive measures to safeguard our digital infrastructure. In an era where cyber threats are becoming increasingly sophisticated, our collaboration with the police positions us at the forefront of cybersecurity resilience.

Learn from the information below, so you can protect yourself better. It gives you the basics to keep your personal and digital stuff safe from problems and new threats online.

  1. Make a list of all the computing devices that you use, this includes traditional PCs & Macs, Tablets and Mobile Phones. To ensure these devices are secure, you should:
  • Make sure the Operating System (e.g. Windows, MacOS/iOS, Android) & any applications (Apps) that are installed are fully up to date with software patches from their respective manufacturers.
    1. This is particularly important with your Internet Browser as this is one of the principal ways in which you use online services. Unless you are very confident about a product and its security, stick to a reputable mainstream browser e.g. Chrome, Firefox, Safari, Edge
  • Install Anti-Virus Software or App.
  • Install Anti-Spyware Software or App.
  • Install or Enable a Firewall (this is often included as a built-in function of your device).
  • Consider using a Virtual Private Network (VPN) which can offer added privacy and protection when connecting to the internet, particularly if you are using Public Wi-Fi.

  1. Make a list all the internet enabled devices you use. This could include an Amazon Echo (Alexa), Google Home, Smart TV, Router, or even the central heating.
  • Ensure your Wi-Fi is set to WPA2 as this offers better security than older standards. times.
  • Change default passwords on all these devices. Default passwords are easily researched and are a weakness in your online security.
  • If your router is on a windowsill, ensure the details on the back are not visible to anyone outside. You don’t want a stranger accessing your connection or devices.
  1. Ensure you turn off unnecessary location settings on all your devices. Apps, social media and taking photos can leak this information about you. ‘Geotagging’ can often give away location information about you, your location and family.
  1. Do you need to transmit Bluetooth and Wi-Fi signals from your mobile devices?
    If you aren’t using these capabilities, you should consider turning them off, or at the least securing the connections.
  1. Choose vague names when naming your mobile devices.
    Although personalising your device names can seem harmless, this information could be used to help a criminal target your device or find out your name.
  1. Ensure your devices are set to
    1. Encrypt all the data saved on it;
    2. A password is needed when powered on;
    3. You have the ability to track and / or remote wipe your device if you lose it.
    1. Change your browsing habits
      1. Use stealth mode (Chrome incognito, Firefox private window);
      2. Consider tracker-blocking browser add-ons. These prevent website tracking activities;
      3. Consider using a private search engine such as duckduckgo.com;
      4. Complete a Google privacy check-up and turn off web & app activity in your Google account.
    1. The process for making these changes will vary depending on the manufacturer and you should look at their website support pages for further guidance. However, guidance in respect of some of the most commonly used devices can be found here:
      1. Apple Devices: tinyurl.com/y792hcj5
      2. Android Phones & Tablets (this includes most non-Apple phones and tablets): tinyurl.com/y38ouc7k
      3. Google Smart Home Device (Nest etc.): tinyurl.com/y2o4f2fa
      4. Amazon Devices, including Echo (Alexa), Kindle, Ring etc.: tinyurl.com/y6z5xaej
      5. Windows devices: tinyurl.com/y2tbaj6r
  1. List your social media accounts e.g. Facebook, Twitter, Instagram
  2. List your email accounts e.g. Gmail, Hotmail, Yahoo Mail, Broadband Provider
  3. List your bank accounts
  4. List your online payment methods / e-commerce accounts e.g. PayPal, Amazon
  5. List cloud storage e.g. Dropbox, iCloud, Google Drive, OneDrive
  6. List exercise accounts e.g. Strava
  7. List all other accounts you have joined
  8. Now turn on 2 factor authentication where possible for all those accounts.
  9. A good website to assist you with this process Google search “TURNON2FA” – turnon2fa.com
  10. If a criminal has details of your user account and password, with 2FA turned on, in most cases, they still will not be able to gain access to your account.
  11. You will be notified of any suspicious activity on your account.
  12. To setup social media accounts and devices safely with privacy in mind for yourself and family, Google search “INTERNET MATTERS” – internetmatters.org

  1. Look at your social media settings:
    1. Opt for “Friends only”;
    2. Be a good friend and change your settings to ‘hide’ your friends list to protect their security too. Also helps prevent account cloning issues;
    3. “Closed” groups are often open to the public, even though a closed group requires admin approval to join!;
    4. Whenever Apple, Android or FB app updates, check your privacy settings to ensure they haven’t reverted to the default “public” setting;
    5. Be mindful that “friends” settings can affect your own security. Your friend “Jack” may comment on your post, but depending on his settings, his friends may be able to see, comment on and potentially share your original post;
    6. Turn location settings off when you post to social media as it indicates your current location;
    7. Be mindful of regularly checking in to places as it highlights a pattern – also, remember ‘checking in’ is publicly viewable;
    8. Change Facebook settings make old Timeline posts visible only to you;
    9. Check that photos are not “publicly available”;
    10. Opt to approve photos and posts by others before they appear on your timeline;
    11. Spring clean and remove any posts that may not show you in a positive way;
    12. Delete any old social media accounts you no longer use.
    13. If you have a Google account:
      1. Log into the dashboard google.com/dashboard and see all your history;
      2. Log into the web activity page google.com/myactivity to see what’s tracked;
      3. Take a backup of this data before using the google.com/takeout option before if you choose to delete all activity;
      4. Visit google.com/account to delete any products / services you no longer need;
      5. Once you have decided to delete your google account, it may take a week to see full effect.
      6. Consider the use of spoof details or junk email accounts in the future to protect yourself from spam.
  1. Be aware of your surroundings, shoulder surfing is a known tactic people use to collect passwords when logging in on smart phones or any device.
  1. Do not use public Wi-Fi for any sensitive internet browsing unless using an operational VPN. 3G or 4G is safer than public Wi-Fi, as you cannot always tell who is managing or listening on the connected Wi-Fi.
  1. Passwords:
    1. Make your passwords slightly more complex using the latest guidance from the National Cyber Security Centre, google search NCSC PASSWORD GUIDANCE ncsc.gov.uk/blog-post/three-random-words-or-thinkrandom-0;
    2. Current best practice advises THREE RANDOM WORDS.  Add complexity, convert some letters to numbers and add special characters;
    3. For example ‘BEACHBUCKETSPADE’, to add complexity ‘8EACH8UCK3TSP4DE£’;
    4. Your single most important account and password is your email – effectively, anyone taking control of your email can then reset all of your other passwords, locking you out.  So always use a separate password here;
    5. Don’t use words / names / information that may be in the public domain or easily worked out from social media content, such as mum’s maiden name; date / place of birth; pets names; teams you support etc;
    6. Always change default passwords on all smart devices/routers for your own unique one
    7. Always log out of sites you have logged in to – especially on shared / public devices / machines;
    8. When changing passwords, always force out all other active sessions and request new sessions enter password;
    9. Password recycling – Never use old passwords, criminals are actively known to recycle old passwords;

  1. Google search “NCSC PASSWORD MANAGER” – ncsc.gov.uk/blog-post/what-does-ncsc-think-password-managers
    1. Should I use a password manager? Yes. Password managers are a good thing;
    2. They give you huge advantages in a world where there’s far too many passwords for anyone to remember. For example: they make it easy for you to use long, complex, unique passwords across different sites and services, with no memory burden they are better than humans at spotting fake websites, so they can help prevent you falling for phishing attacks they can generate new passwords when you need them and automatically paste them into the right places they can sync your passwords across all your devices, so you’ll have them with you whether you’re on your laptop, phone or tablet;
  1. Password reset questions:
    1. consider changing as the amount of genuine information out there i.e. date of birth, place of birth, mother’s maiden name, some of this is easily accessible from social media, data breaches and websites like ‘ancestry.com’.
  1. Online safety for under 18s, parents and schools :
    1. Net aware                              net-aware.org.uk
    2. Think you Know                   thinkuknow.co.uk
    3. UK Safer Internet Centre    saferinternet.org.uk
    4. NSPCC                                  nspcc.org.uk
    5. CEOP                                     ceop.police.uk
  1. Check to see what the internet knows about you?
    1. Google search your names, email addresses, social media usernames.
  1. Consider data that is contained in and whether edits need to be made:
    1. Companies house;
    2. 192.com;
    3. Telephone preferential service;
    4. Open Electoral register;
    5. Council planning websites;
    6. Property sites;
  1. Weekly podcast on privacy and security Google search “INTELTECHNIQUES” – inteltechniques.com/podcast.html
    1. Explains how to become digitally invisible. You can make all of your communications private, data encrypted, internet connections anonymous, computers hardened, identity guarded, purchases secret, accounts secured, devices locked, and home address hidden;
    2. You can remove all personal information from public view and will reclaim your right to privacy. You will no longer give away your intimate details and you will take yourself out of ‘the system’.
  1. Keep home and work life separate. Consensual data is shared between companies. Data breaches are being merged. Try not to use your work emails for anything at home and vice versa. For example:
    1. Having personal items delivered to work will link your personal account with a new delivery address;
    2. Linking work emails to accounts where personal data is stored i.e. social media will link home addresses to work.

  1. Google search “HAVE I BEEN PWNED” – haveibeenpwned.com
    1. Data breaches are now being reported daily since GDPR went live in 2018;
  2. Using this website you can search what is currently online involving your data;
  3. You can also register email addresses to receive future notifications if any further breaches occur;
  4. Immediately change your password for the account which has been compromised, and any other account(s) that you have used the same password for (using the ‘reset my password’ option to access the account if necessary);
    1. Close the account if no longer needed;
    2. Do not use this password ever again.
  5. Consider signing up to a free credit score agency to ensure there has been no unauthorised use of your details. Providers such as clearscore.com may be suitable and also provide free checks on the Dark Web for your data.
  6. Deleting old data – accountkiller.com provides you details of how to delete old accounts you don’t need or use anymore.
  7. Article 17 of GDPR – Right to Erasure (‘right to be forgotten’) allows you to delete information about yourself.
    1. Visit here to remove data from Google –

google.com/webmasters/tools/legal-removal-request?complaint_type=rtbf&pli=1

  1. Microsoft, BBC, Yahoo, Facebook, etc. all have Rights to Erasure guidance within the help sections on their websites.
  1. To learn more about some of the known scams, you can view this short video that can be found on the Get Safe Online YouTube channel: https://www.youtube.com/watch?v=A1Mf_0Rak_w
  2. Everyday countless ‘Smishing’ (SMS phishing) messages are sent to unsuspecting victims all over the world.  Most of them look suspicious, but some of them can be a little more convincing, so how well do you know the difference between legitimate and smishing messages?

Google search “TAKE5 STOP FRAUD” – takefive-stopfraud.org.uk/takethetest/

  1. From the Metropolitan Police Service: met.police.uk/advice/advice-and-information/fa/fraud/met/resources-for-fighting-fraud-and-cybercrime/

cifas.org.uk

Cifas is a not-for-profit fraud prevention membership organisation. We are the UK’s leading fraud prevention service, managing the largest database of instances of fraudulent conduct in the country. Our members are organisations from all sectors, sharing their data across those sectors to reduce instances of fraud and financial crime.

wcrcentre.co.uk/

The Cyber Resilience Centre for Wales (WCRC) is part of the national roll out of Cyber Resilience Centres in the UK.

It offers organisations an affordable way to access cyber security services and membership options depending on what level of support they need. These have been designed to help them identify their vulnerabilities, assess current plans and policies and work with their teams to build overall cyber awareness so ultimately protecting themselves from an attack. Basic membership is FREE.

Finally, we would also like to encourage you to visit the social media channels of Gwent Police Cyber Crime, Tarian (The Southern Wales Regional Cyber Crime Unit), Get Safe Online and the National Cyber Security Centre which have helpful videos about how to stay safe online.

Contact Us

01633 261781
info@conveylaw.com
Maxwell Chambers, 34-38 Stow Hill, Newport, South Wales, NP20 1JE
  • This field is for validation purposes and should be left unchanged.