STA Blog

I’ve rearranged some of my living arrangements so that I have a decent space to work in – luckily unhindered by kids or extended family – upgraded my internet access to BT’s latest 5C offering (the mobile phone is not 5G), and am learning to put up with the extensive building works and scaffolding next door.

The big surprise was the landline. So many automated or human calls with barely recognisable accents, claiming to be from the UK tax man, Microsoft, Amazon prime, washing machine insurance…you name it. I need my landline for my very elderly parents so cutting it isn’t an option.

Now contact is encroaching onto my mobile phone, though mercifully lap-top PC with McAfee security and Mac Book Pro have weathered the storm. I’ve fallen for a Royal Mail scam and had to cancel my credit card, had someone try to set up as a payee on my current account – the night after I used my clearing bank’s automated telephone service – and worst of all, believed that Charing Cross police station were investigating the fraudulent use of another of my credit cards at the Apple store on Regent Street. When contacting for reassurance, neither of the banks suggested I use https://www.actionfraud.police.uk/ and phone their line or report@phishing.gov.uk.

The one thing I did discover was that when calling your bank’s automated phone line, dropping the ‘fraud’ word, got you linked up immediately to a polite and knowledgeable member of staff! I recommend.

My unsolicited e-mails have included an growing list of the value of money removed one way or another from UK accounts, and this was one from SecurityHQ which I copy and paste in full for you as it contains suggestions of how to protect yourself and your company.

How to Minimise the Risks of Geo-Location Tagging

Do you know what and who is tracking your location? Do you know why people/websites and businesses want this information? Geo-location is the identification of the geographic location of a user or computing device via an array of data collection processes (Device/Server based and Combined data collection). The most used Geo-location service is a GPS device to determine a precise location of a person. For example, if a company you visit online wants to know where their users are located around the world, they will use geo-location data to find this out.

Websites can also ask for a user’s location, usually presented as questions such as “This website uses cookies to store information about your visit (including your location).” Many people do not mind a website knowing their location. It can, however, be problematic and make individuals more vulnerable to security threats if used unnecessarily. Any data that does not need to be shared online, should not be entered.

So, if you want to make sure your geo-location tagging is not being tracked, here are some options.

• Use Virtual Private Network (VPNs). A VPN is the best solution to shield your location. A VPN essentially encrypts your data and sends it through secure remote servers. This transmission masks your real IP address.
• Clear and Turn off cookies.
• Stay away from Google tracking. Most people who surf the web, interact with Google in some way, either to search for data or websites.
• Use anti-tracking solutions. There are various types of software with anti-tracking features. Normally this would identify websites that are attempting to track you. Not only does it identify them, but it usually has the capability to remember them and block repeated efforts.
• Social networks. Avoid social networks if you can. Only include the minimum amount of information about you (including location – to prevent geolocation tracking, and secure your portable devices). Please avert from using any geo-tag feature.
• Turn off geo-tracking or the transfer of data about your location. Block the function from your device, including browsers, phones, operating systems and even applications. You should be able to ‘disable location services’ and enable ‘do not track’ feature.
• Monitor DNS-Leakage: Regularly check your DNS service for the leakage of personal data. Domain Name Server is a system in which local device addresses turn into IP addresses that other servers and routers can use to send and receive information. You can Google “DNS leak testing” and you will get a lot of services that will help you.
• Managing Plugins: Browser plugins are weak points in many security systems that can allow data to be lost even if other important security measures are taken. Hostile plugins track the scope of your interests. To maintain a high level of privacy, it is recommended avoiding plugins. If this is not possible, you can configure your system so that it always requests permissions to launch the plugin or run it in a sandbox for additional security.
• Turn off JavaScript: JavaScript can deliver detailed information about you/your device to any server in the world. The practical solution would be to use a software that will check the list of domains that can run JavaScript. These are sites that you often visit. You can also create a whitelist of domains in your browser.
• Disable the WebRTC: Real-time communication allows a web browser to request real-time information from other servers or browsers. To disable it, all you need to do is double-click anywhere on the row and change the value to “false.” If you need to enable WebRTC at any time, just repeat the process. But remember to set the value as “false” again once you are no longer using a direct, peer-to-peer connection.
• Know the basics when on social media. Geotags are often automatically embedded within a picture, when taken on a smart device. People forget this, and often give away their location by simply uploading an image online.
• Educate your staff on security protocols. Security Awareness is not just for those interested in cyber security. It is a crucial element that all employees must be aware of. But once employees are cyber security aware, have a checklist in place, are able to recognise cyber threats, the impact of a cyber-attack, and know the steps to prevent cyber threats from attacking and infiltrating their systems, businesses improve their security posture significantly.