1. Ensure that your PC is protected behind an effective firewall and up-to-date anti-virus. Follow UK Government guidance at cyberaware.gov.uk/ to protect your home and business from cyber-attack and fraud.
2. Try not to use public Wi-Fi as you may be vulnerable to data interception. If you do need to use it then do not log in to email, online banking or make payments over public Wi-Fi. If essential only do so via an encrypted VPN connection.
3. If you use webmail for communicating with your professional advisors (Solicitors, Accountants, Financial Advisers etc.), then create a separate account for sharing information.
Do not respond to any messages other than those which are from the professional you are dealing with, including those purporting to be from their colleagues, without separately confirming by phone that such messages are legitimate.
4. Create strong, unique passwords, especially for your email account e.g. by using 3 random words (ideally including capital letters). E.g. mountainFestivalpidgeon or creating a memorable passphrase enhanced with a mix of letters, numbers, and special characters, e.g. 5hopp!ng@Harr0ds. The longer the words or phrase/sentence, the more secure it is likely to be
5. Use a password manager where possible, for most of your accounts (but not your online banking accounts). If possible, use 2-factor authentication, and ensure that your password for your password manager is as strong as possible (e.g. enhancing the 3 random word approach with numbers and special characters, e.g. m0unta!nFestivalP!g3on.
If you do not use a password manager, ensure you use a different strong password for each online service.
6. Never give out your usernames, passwords, or your one-time codes (from your Banking Security Token or mobile device) to anyone, no matter who they claim to be.
7. Pay little heed to emails. If your Bank or Solicitor (or anyone else legitimate) has something truly important to tell you (like they have detected fraud or need to verify your details) then they will contact you in a more reliable way – they will not use email. If you have concerns, call them using a telephone number from a reliable source (e.g. a printed bank statement or bank card will have phone numbers for your bank).
8. Exchange sensitive information with your professional advisor only once at the outset of your instruction and ideally in-person. If you need to make a change then do so securely.
9. Validate calls from your professional advisor using a shared secret which you can establish with them at the outset of your instruction. Agree not to exchange the secret via email.
10. If you use online banking, then your Bank will have included a message centre enabling you to send & receive messages securely. Only accept notifications and advisories from them using this method of communication; Do not act on telephone or email requests.
11. Do not invite anyone to remotely connect to your computer for any purpose, including IT support or security help, unless you personally know and trust them. Unsolicited callers are always fraudsters.
12. Use Block features available on your mobile phone and landline to blacklist any unsolicited callers or those who withhold their number. For example, in the UK the following service can be used: tpsonline.org.uk/