Cybersecurity is everyone's business.
Obtaining access to private information is a common goal of technology-based attacks. A person's identifying data is worth as much or more on the black market as their credit card details. Many ransomware attacks are a result of an unsuspecting person opening a link in an email.
There are several key things you can do to protect yourself.
Ensure the highest possible access controls.
With your most sensitive data, make sure you are using an appropriate level of secured passwords.
The following are best practice guidelines for managing your password:
- Use a "difficult to guess but easy to remember" password
- Longer passwords are harder to crack. Use a password length of at least ten (10) characters
- Mix it up. Use variations on capitalization, spelling, numbers, and punctuation. Include at least one upper case alpha and 1 numeric character in your password.
- Avoid using 'guessable' words such as names, places, dictionary words
- If you need to write your password/s down make sure it is kept in a safe place, consider storing it as a photograph on your phone (assuming your phone is pin protected)
- Don't share or disclose your password to anyone. SCU staff will never request your password
- Try not to use the same password on different sites. If one site is hacked, a hacker can then try the same password for different sites you might use
Consider the use of a Password Vault, these applications are quite secure and will assist you with remembering your various passwords across many different sites (NOTE: this is not the same as storing your password in your web browser).
Protecting your identity
Phishing is a term used to describe the attempt to collect your personal data via Email.
- This often occurs with emails that ask for you to respond with personal data in some way, Be suspicious - if it looks too good to be true, it probably is
- If you have doubts that your account isn't secure change your password immediately and contact the relevant institution eg Bank, SCU
- If you are not expecting an email attachment and don't trust the source - don't open it!
- Become familiar with How to recognise a phishing email
Spoofing is a term used when a person or program masquerades as another by falsifying data, thereby gaining an illegitimate advantage.
- You should never provide personal information on the Internet unless you know and trust the web site requesting the information, and the connection is encrypted (secure)
- Never respond to requests for personal information via e-mail or in a pop-up window. If in doubt, call the institution that claims to be the sender of the e-mail or pop-up window
- Australian Banks never send emails containing web-links to login sites for bank accounts. Entering your password into a "fake" site provides your details for use and abuse to criminals
- Avoid clicking on web-links included in suspicious emails as you may download a virus or malicious code by visiting the site. Instead, visit websites by typing the URL into your address bar or by having the URL already bookmarked
- Check to make sure the Web site is using encryption by looking for the yellow padlock on the website (although this is increasingly being faked as well)
- For more info on identity theft, please visit: Identity Theft
Have a personal disaster recovery plan ready in advance
An important component of your cybersecurity plan should include a plan of action in the event of your data being compromised
Personal recovery plan considerations:
- Ensure your important documents are stored online with services such as OneDrive
- Routinely review your credit card and bank statements.
- Keep a list of your credit cards and important account details handy. It is a good idea to have a paper copy of this in the event your data is compromised, however never store passwords or pin numbers with this.
- Ensure continuity by actioning a disaster recovery plan as soon as possible. Have a list of important numbers to call in the event of identity theft - credit cards etc.
- Report suspected abuses of your personal information to the proper authorities.
- Please visit: Recover when things go wrong
Keeping track of your digital footprint
Know where your important data is:
With a plethora of social media and blog post, there is not always the understanding that data is retained somewhere online, regardless if it has been deleted. With your data scattered over the internet, it is vitally important to know where your important data is located. Many online shopping sites provide an option to register an account and provide a means to store your Credit Card numbers for ease of shopping.
- Keep a record of these sites and confirm purchases with your credit card statements
- Use secure payment services such as PayPal where possible. These have insurance and data theft policies inbuilt, along with highly developed cybersecurity plans
- Remove any old data such as expired credit cards - this is an opportunity for data miners to steal your identity
Other cybersecurity identity safety considerations
Be aware that any loss incurred whilst undertaking illegal activity (including breach of copyright) is not covered by most warranties and rights normally applicable.
There are a large range of helpful resources for learning about online risks on the Internet and what you can do to protect yourself, your computer, business, family members or friends.
Remember: Cybersecurity is everyone's business.
For further information please visit the Australian Government hosted page: Stay Smart Online