1. Secure Passwords

A secure password is a critical component in protecting personal and organizational data. It should be long—ideally at least 12 to 16 characters—and include a mix of uppercase and lowercase letters, numbers, and special symbols to ensure complexity. Strong passwords are unpredictable and avoid common words, personal information, or keyboard patterns that are easy to guess. Each password should be unique and never reused across different accounts to prevent credential stuffing attacks. To manage multiple strong passwords, people are encouraged to use password managers and enable multi-factor authentication wherever possible. Additionally, creating memorable passphrases—such as a string of unrelated words or a sentence with added symbols and numbers—can help users maintain security without sacrificing usability.

See the IT FAQ for recommendations of password managers.

2. Phishing

Phishing is a type of online scam where attackers try to trick you into giving away sensitive information—like passwords, credit card numbers, or personal details—by pretending to be someone you trust. This is usually done through fake emails, text messages, or websites that look legitimate. For example, you might receive an email that looks like it’s from your bank, asking you to “verify your account” by clicking a link. That link leads to a fake website designed to steal your login details. Phishing can also happen through phone calls or social media messages. Here are a few signs of phishing:

The message creates a sense of urgency (e.g., “Your account will be locked!”).

It contains spelling or grammar mistakes.

The sender’s email address looks suspicious or slightly off.

It asks for personal or financial information.

3. Email Spam

When dealing with spam emails, it's important to follow best practices to protect your personal information and devices. First, avoid opening or interacting with suspicious emails—never click on links, download attachments, or reply, even to unsubscribe, as this can confirm your email is active. Instead, use your email provider’s “Mark as Spam” or “Report” feature to help improve spam filters, and then delete the message. Make sure your spam filters are enabled and consider using third-party tools for extra protection. Be cautious of phishing attempts, which often use urgent language, poor grammar, or suspicious sender addresses—always verify the sender through official channels if you're unsure. To reduce your exposure, avoid posting your email address publicly and consider using different addresses for different purposes. Keep your software and antivirus programs up to date, and enable two-factor authentication (2FA) where possible to add an extra layer of security. Finally, regularly monitor your accounts for any unusual activity to catch potential issues early.

4. Social Engineering

Social engineering is a type of cyber attack where attackers use manipulation and deception to gain access to sensitive information, such as login credentials or personal data. This can happen through phone calls, emails, or in-person interactions. Common social engineering tactics include:

• Pretexting: Creating a fake scenario to trick you into divulging information.
• Quid Pro Quo: Offering something in exchange for personal information.
• Impersonation: Pretending to be a trusted individual or authority figure.
• Shoulder surfing: Observing your actions to steal sensitive data.

5. Ransomware

Ransomware is a type of malicious software that encrypts your files and demands payment in exchange for the decryption key. This can cause significant damage to your business operations and data. To prevent ransomeware it's important you don't install applications from unknown sources and click on links that you are unfamiliar with. Employees can help prevent ransomware attacks by staying alert and following good cybersecurity practices.

6. Data Breaches

Data breaches occur when sensitive information, such as personal data or financial information, is exposed to unauthorized parties. This can happen through hacking, phishing, or other cyber attacks. To prevent data breaches, it's important to:

Be cautious with emails—avoiding suspicious links or attachments—and using strong, unique passwords along with multi-factor authentication (MFA) for added security. Regularly backing up important data, keeping software and antivirus tools up to date, and report any unusual activity to IT immediately. These actions reduce the risk of infections and help protect both personal and company data.

7. Multi-Factor Authentication

Multi-factor authentication (MFA) is a critical aspect of protecting your personal information and devices. Here are some best practices to follow:

Enable MFA on all accounts where possible. This will add an extra layer of security to your accounts and make it more difficult for attackers to gain access to your information.

MFA stands for Multi-Factor Authentication. It’s a security method that requires you to provide two or more types of verification to access an account, making it much harder for someone else to break in—even if they know your password.

MFA typically combines two or more of the following:

• Something you know – like a password or PIN.
• Something you have – like a phone, security token, or authentication app.
• Something you are – like a fingerprint, face scan, or voice recognition.

For example, when you log into your email, you might enter your password (something you know), and then get a code sent to your phone (something you have). Even if someone steals your password, they can’t get in without that second factor.

8. Company Domains

Company domains are a critical aspect of protecting company information and devices. They are used in secure exhchange of information in E-mail, Files and Microsoft Teams Messages.

• fearnleygroup.com
• nsinformationhub.com
• fp-g.com