Decoding your cyber security
Cyber security might feel like a hot topic lately, but all for good reason. Year on year, Australians are increasingly targeted by cyber criminals. In fact, according to the ACCC Targeting Scams report, Australians lost a total of $2.7 billion to scams in 2023 alone.
Most of us only consider our digital privacy when we feel it has been breached – like noticing an increase of spammy emails or phone calls, or at worst, falling victim to a scam and losing money. And with scams becoming harder to identify with the use of AI generated technologies, it’s hard to know where to begin.
So, we’ve created a cheat sheet for your digital privacy. This article looks at practical safety measures to protect yourself, and why they’re important.
What we’ll cover:
- Multi-factor authentication
- Protecting your passwords
- Using public Wi-Fi hotspots
- Proactive ways to protect your cyber security
Multi-factor authentication
What is multi-factor authentication?
You’ve probably seen multi-factor authentication (MFA) when logging into an account or an app that might hold sensitive information. It’s a security measure that requires two or more different forms of identity proof before granting access to an account. It’s like the digital version of a combination lock on your front gate, and regular lock on your front door.
The app or website will ask for your email and password login (factor one), and then send you a text message, email, or – in some cases – a phone call, with a one-time passcode to input (factor two) to prove that you are who you say you are. MFA generally combines components including:
- Something you know: a password or pin
- Something you have: a smartphone or authentication app that generates a one-time code
- Something you are: biometric data like a fingerprint or your facial recognition like your phone’s Face-ID.
MFA adds an extra layer of protection, making it much harder for unauthorised users to gain access, even if they have your password.
Why do I need MFA?
While it can sometimes feel like an annoying extra step, MFA is here to protect you and your information. Cyber threats are on the rise, with more than 600,000 scam reports made by Aussies last year alone. For many apps or services, a single password is no longer considered adequate protection for your privacy.
MFA does a lot of heavy lifting for your personal privacy, but it’s also important to make sure you flag any unknown sign-in attempts, and make sure you keep your authentication methods up to date.
Protecting your passwords
How can I make sure my password is secure?
Imagine having one universal key for your house, car, office, and personal safe. Life would be pretty simple, right? Now – imagine if you lost that key.
While it can be tempting to use the same password for everything so it’s easy to remember, this can put your digital privacy at great risk. Similarly, using obvious personal information like your birthday, or common words is like leaving your key in the front door and trusting no-one will use it (looking at you, ‘password123’ users).
Here are our top tips for creating a secure password:
- Use at least 12 characters.
- Apply a mix of upper and lowercase letters, numbers, and symbols.
- Avoid common phrases or information like your birthday, name, or street.
- Update your passwords regularly for added security.
- Take advantage of your smartphone’s password auto generator.
- Try using passphrases instead.
Most apps and services will have protections like these built into their account set up. And while the criteria might feel tedious – it is always to protect your privacy.
What is a passphrase?
As we rely more on passwords to access private information in our daily lives, cyber criminals continue finding more sophisticated ways to uncover them. A passphrase is a password that uses a combination of four or more random words, making it harder to guess. For example, ‘pink truck leaf house’.
You can incorporate a mix of upper and lowercase letters, numbers and symbols into a passphrase to meet requirements too, for example, ‘diaMONd bus# oni0n card’. The possibilities are endless, and you can have a bit of fun with it, while knowing your information will be safe.
What does it mean if one of my passwords has been compromised?
When a password is compromised, it means it has been exposed to an unauthorised individual or system, making it possible for them to access a specific account or personal information. This can happen in a few ways:
- Data breaches: large-scale hacks of websites or services where user data is stolen.
- Phishing attacks: fake emails, websites or messages tricking you into providing your password.
- Keylogging: malicious software (malware) installed on your device to capture your common keystrokes, including passwords.
- Weak passwords: cyber criminals have several ways to crack easily guessable passwords.
What is the best way to manage my different passwords?
We get it. It’s all well and good to create bespoke passphrases for every account you have – but there is only so much free space in your brain to remember them all! This is where a password manager can come in handy. And this does not – we repeat – NOT include a handwritten notebook, or the notes app on your phone.
A proper password manager will securely store and encrypt your passwords and can often generate them for you too. A lot of smartphones have this built in now, where you need biometric data like facial recognition to access them (Hello, multi-factor authentication!).
Check out the Australian Cyber Security Centre website for more information on reputable password managers.
Using public Wi-Fi hotspots
What are the risks to my privacy when using public Wi-Fi hotspots?
Public Wi-Fi hotspots at local shopping centres, libraries, cafes, hotels and some local parks can be handy while travelling or if you have poor reception, but they can also be a playground for cybercriminals.
There are risks like connecting to a fake hotspot that is mimicking a legitimate network, or cybercriminals intercepting your connection to steal information or install malicious files on your device.
How can I stay safe when accessing public Wi-Fi hotspots?
- Check you’re connecting to a legitimate hotspot by confirming with a staff member.
- Disable auto-connect or auto-join features so your device doesn’t automatically connect, and ‘forget’ the network in your Wi-Fi settings when you’re finished, as an extra precaution.
- Try to only use hotspots that require a password, this makes them secure.
- Switch off file sharing when connecting to a hotspot network, and if your device asks you to select whether a network is public or private, select public – this will automatically disable file sharing.
- Think twice about accessing sensitive information like online banking while using a public network, and wait until you are on a secure home, office or mobile connection.
- Install a virtual private network (VPN) to your device if you are a frequent user of public Wi-Fi. VPN is a service that encrypts and secures your data, adding an extra layer of protection.
- Make sure your device is up to date and any important information is backed up securely.
Proactive ways to protect your cyber security
What are the most common types of scams to look out for?
According to the ACCC Targeting Scams report, the most reported scams in 2023 were:
- Investment scams: unprompted phone calls, messages, or emails about a ‘once-in-a-lifetime opportunity’ to invest in a business or other activity.
- Romance scams: friendship or dating tactics used to manipulated you into accessing your money.
- False billing: unexpected invoices or phone calls about fake outstanding payments from seemingly legitimate businesses.
- Phishing: being ‘lured’ in to clicking on malicious links that attempt to look legitimate.
- Jobs scams: promises of a high-paying job opportunity in return for a fee or charging for access to fake work materials for a fake job.
See our scam help and support page for more information on the different kinds of scams circulating and how to avoid them.
I think I have been scammed, what should I do?
If you think you’ve fallen victim to a cybercrime and your personal information is impacted, contact us immediately. It’s also good to report to local authorities and online platforms, as well as protection agencies like Scamwatch or the Australian Cyber Security Centre.
You can also report a scam to us by visiting our report a scam page.
It’s good to remember that not all Australians will report a scam when they encounter one due to feeling embarrassed. But by reporting any suspicious activity you encounter; you are helping protect others.
Stay informed on the latest scams
Our scam alerts page is regularly updated with scams that are trending in the community, or that directly affect our customers. You can check this at any time to help protect yourself against malicious behaviour online.