October is Cyber Security Awareness Month, an annual campaign to raise awareness about staying safe online.

For most of us, the internet is a big part of our lives, so it’s important to understand how to protect ourselves. To help you, the Information Security team has put together these 10 tips for staying safe online:

  1. Phishing – don’t take the bait
    Beware of any email that asks you for information, even if it looks like it has been sent from a legitimate company. Spam emails, ‘free’ offers, clickbait (attention-grabbing headlines or website links) and online quizzes all use tempting tactics to make you click on dangerous links or give up your personal information
  2. Think before you open email attachments
    Unless you know the sender and are expecting the message, don’t open email attachments as these could contain malicious programmes designed to steal your personal information or harm your computer or phone. Be especially wary of emails with attachment names ending in ‘.exe’
  3. Log out and shut down before you go home
    Always make sure you log out of your accounts when you’ve finished, especially if using a shared computer. Shutting down your computer when you have finished also means that any automated software updates can download and install to protect the computer
  4. Keep your software and anti-virus up to date
    Keep your anti-virus software up to date to make sure you’re protected against new viruses, and download the latest software versions to make sure all known faults and problems have been fixed
  5. Only shop when you see the padlock
    When shopping or banking online, always make sure there is a padlock symbol in the web browser window (where you see the website address) when you have logged in or registered, and that the web address begins with https:// (‘s’ stands for ‘secure’)
  6. Read the small print
    When signing up for an account on a website, take some time to read the terms and conditions and be careful about what you are opting into or out of. Some companies will sell your personal data or seek permission to other information on your laptop, tablet or phone so check what you’re agreeing to
  7. Be wary of WiFi
    Make sure your home Wi-Fi is protected with a strong password that only you and your family know. Also when out and about, be suspicious of ‘free Wi-Fi’ and never use a hotspot that may be unsecured, especially when doing something personal or private. If you need to access the Co-op network remotely, make sure you’re doing it securely by using AnyConnect or your CAG token
  8. What happens on social media can stay on Google forever…
    Make sure you know your privacy settings on social media and be careful what you share, especially when it comes to identity information that could be used to impersonate you or guess your passwords and log-ins. Also, do you really want your friendly neighbourhood burglar to know you’re away on holiday for two weeks?
  9. Take extra care with mobile security
    Mobile devices (phones and tablets) can be just as vulnerable as laptops and PCs. Be careful what you click, and only download apps from official app stores (after reading other user reviews first)
  10. Passwords are like pants . . .
    Don’t share them, don’t let anyone else see them, and change them often!

For more information contact infosectraining@coop.co.uk

Stay safe.

Co-op Information Security Team

Join the conversation! 8 Comments

  1. “Keep your software and anti-virus up to date”

    Is that why we use software from 2013, then?…

    • Hi Angel Squarer, it’s fine to use an older version of software as long as it’s still in support (i.e. the software vendor still supplies patches and updates etc. that will fix any known security vulnerabilities).

  2. Point 10. Change your password often. NO. Don’t do this. It is scientifically proven that a strong permanent password is more secure than a weak password that is changed often by advancing a number etc. For example my password for store email contains my daughters year of birth. But my daughter at the moment would be born in 2023. I have to change it every month or so, which is infuriating. Please stop this craziness, I just want a strong password that I can use for everything I need to sign into. I don’t want to change it every few months.

    • This has long been a hot debate in the information security world, with lots of new research and conflicting advice emerging on a regular basis. While it’s true that maintaining a suite of strong, complex passwords can be difficult in reality, it’s worth weighing up the hassle against the bigger picture risk. One of the most serious threats to online security lies in the theft or loss of credentials of thousands and sometimes millions of users from the companies charged with looking after them. These breaches may not be made public immediately, it at all, and it takes time to raid several million bank accounts so changing your passwords on a regular basis offers you some protection against corporate breaches. In any event you should make a point of changing default passwords and those that have been issued to you, as there is no way of knowing if they have been intercepted or compromised. Regular change also invalidates passwords stored on devices that have been lost, forgotten, sold or discarded without being wiped.

      A password manager (for example, LastPass) may be a good solution for those who do want to use long, complex passwords but struggle with the practicalities of this.

  3. “Shutting down your computer when you have finished also means that any automated software updates can download and install to protect the computer”.

    So PC’s at the co-op don’t actually shutdown (power off) when asked to shutdown, as they would then be unable to respond to rdc requests for software install and update etc, isn’t that not very ecofriendly over the entire organisation?

    • I think what they’re getting at is that over the course of a day a computer may receive updates but can only install these when the PC enters the shut down process (like your home computer) “windows is installing important updates please don’t power off your pc” etc. If a computer is off, its off. Nothing can happen to it.

    • “Shutting down your computer” is a definite must in Coop Insurance, as we deliver patches and updates out of hours to machines to stop impact to our Contact Centre Colleagues during the day. Out of hours we use a tool to power up the PC remotely, download updates and then power down remotely.

      So, to try to answer your concern that PCs aren’t “actually” powered off – for Coop Insurance they are powered off and when we remotely deliver patches out of hours (not every night, more a monthly process) then they are powered on, then off.

    • Hi Peter – I see Lloyd has commented on Insurance; let me check to see what the position is for other parts of the business. My understanding is that the devices need to be shut down in order for patches to be deployed successfully, but I’ll do some digging . . .

Comments are closed.