With the recent hacking of Sowerby School鈥檚 website, we鈥檝e had a few customers contacting us concerned that the same could happen to them. We want to reassure all of our customers, whether they use 糖心Vlog传媒 or any other of our products, that your security is our primary concern. The vulnerability through which Sowerby鈥檚 website was hacked is not present in any of our software, so you can rest assured that your content is as safe as it can be.
That said, there are certain precautions that we recommend all users should take. While a lot of these are common sense, users are often vulnerable to 鈥渟ocial engineering鈥 attacks, and we want to make sure you鈥檙e as safe as possible. We sat down with Webanywhere security and development expert Arthur Howie who had a few tips for us.
1. Never tell your password to ANYONE
Your login password should be a private string of characters that only you know. Any person with whom a password is shared is a potential vulnerability in the system. Our technical support will never ask for your password.
2. Don鈥檛 use the same password for multiple things
For convenience’s sake, it might be tempting to use the same password on your email accounts as on your school website鈥檚 login. This is very bad practice and means that if someone unscrupulous gets access to one of your passwords, all of your accounts are potentially compromised.
3. Make sure your password is complex but memorable
For example, don鈥檛 use 鈥減assword1鈥 – this is not good practice at all and is very vulnerable to 鈥渄ictionary鈥 attacks, where a hacker might try lots of common passwords. Your password should be a mixture of upper and lower case characters as well as non-alphanumeric ones if possible (ie #!拢$%& etc). This will make you much less vulnerable to these attacks. It鈥檚 good practice to change it every few weeks as well. A great way to make a password secure while still being easy to remember is to simply make them long phrases.
4. Don鈥檛 use an easily guessable password
It can be tempting to use the name of a pet or loved one as a password as these are usually uncommon words, but you really shouldn鈥檛. This is information that is easily searchable on the web and will be one of the first things an attacker tries.
5. Make sure your 鈥渟ecret question鈥 is something only you know
In order to reset your password you鈥檒l often need to answer a 鈥渟ecret question鈥, the answer to which you鈥檝e previously set. This might be something such as 鈥淲hat school did you attend鈥 or 鈥淲ho is your favourite singer鈥. This information can often be gleaned from social media accounts or other sources, leaving you vulnerable, so make sure it鈥檚 not publicly available information – in 2008 Sarah Palin鈥檚 email was hacked in this way.
6. Ensure your antivirus is up to date
On any computer where you鈥檙e going to be entering personal information, make sure you鈥檝e installed antivirus software – this is often available for free through your institution or even your personal bank. Without one, software could be installed without your consent and potentially capture sensitive login information.
7. Be careful what you click on
NEVER click on a link you鈥檙e unsure of. An email that purports to come from your bank or the government might simply be trying to 鈥減hish鈥 your data. Antivirus software can sometimes prevent against this by scanning links ahead of time, but it鈥檚 no substitute for proper practice.
All that鈥檚 needed to keep yourself and your school safe online is to take the necessary precautions. We鈥檙e confident in our security at Webanywhere, and we want you to feel safe as well. If you have any concerns or questions regarding security or anything else, please don鈥檛 hesitate to contact us on 0113 3200 750, or email helpdesk@webanywhere.co.uk.
