Top 10 tips to stay cyber safe

A passphrase is a combination of two or more words – the more the better. Ensure the phrase is a minimum of 10 characters. You can use capital letters, numbers, and special characters or symbols as needed to increase the complexity of your passphrase.

With so many unique passwords/passphrases to remember, you may choose to use a password manager. It is an encrypted digital vault protected by a single master password/passphrase, that can be used to secure credentials, identity, and sensitive data.

Multi-factor authentication (MFA) (also known as two-factor authentication or 2FA) provides an extra layer of protection requiring you to verify your identity with:

• something you know (e.g. password, PIN, secret question)
• something you have (e.g. phone, token), and/or
• something you are (e.g. fingerprint or other biometric), to gain access to accounts, applications, etc.

Enable MFA on your personal accounts where it is supported.

Always secure your device with a password, biometric feature (e.g. fingerprint or face recognition) or a PIN/passcode (not your date of birth or bank PINs). Ensure you lock your device when you are not using it or set it to automatically lock after a period of inactivity.

Only install software from trusted sources. Allow automatic updates on your devices and systems – often software updates are released to fix bugs and address security issues. Ensure you install them as soon as you are notified and remember to reboot your device as needed to ensure the update is applied.

To ensure your personal information remains safe, use secure wifi when accessing the internet. 

Avoid using public or untrusted wifi networks, especially when accessing or providing sensitive information, such as bank accounts, online shopping, etc. If you have one, use a VPN service to protect against potential eavesdropping.

Sometimes hackers may encrypt your data so they can extort money from you (known as ransomware). If you do become a victim of this, it is often impossible to decrypt the data, so you will have to rely on backups.

Ensure valuable data is stored on approved secure storage services (not shared widely and encrypted) and backed up in the event of loss or damage.

Antivirus software helps protect your devices from malicious software which could steal, or encrypt your data, or be used to access your passwords or credit card details. Use antivirus software from a reputable vendor and ensure it is kept up-to-date.

Ensure any websites you provide sensitive information to (e.g. banking, personal information) are secure:

• Make sure the domain name is correct – often phishing websites will create fake websites with a URL similar to the website it is trying to scam.
• Check the URL starts with HTTPS – the ‘s’ stands for secure and indicates that it is an encrypted channel.
• Look for the lock icon – you can click on this icon to obtain further information about the security of the website, such as the security certificate.
• Don’t click through warning messages – pay attention to certificate warnings issued by your web browser and only proceed carefully if you understand the risks.

Portable storage devices, such as USBs, can easily be misplaced and they can be used to transfer malware on to your device and into UQ systems. Trusted portable storage devices should be password protected to prevent the loss of any valuable data.

Social engineering is when scammers pretend to be from a legitimate business and try and manipulate you into giving them confidential information, such as passwords, bank information, etc.

Phishing is a form of social engineering, which is typically via email and often conveys a sense of urgency.

Spear phishing is a more dangerous form of phishing where the email message is customised according to information the criminal has already obtained about you to make it more credible. 

Some warning signs to help identify an email scam:

• Email is unexpected or not personalised.
• Conveys a sense of urgency.
• Poor spelling and grammar.
• Unusual URLs when you hover over them.
• Unusual address or ‘Reply-To’ address.
• You’re asked to enter personal information, open an attachment, click on a link, or download a file.

Scammers often use social media to gather information about people, such as:

• names of family members, friends, pets
• dates of birth
• habits, likes and dislikes, and other details you share.

They may use this information to guess your passwords, use it in a social engineering scam, or impersonate you when applying for credit cards, bank loans, or even commit crimes.

If you would not share the information with strangers in real life, do not share it on social media. Also regularly review your social media access settings to understand who can see information you share and ensure it is restricted appropriately.

• Report the incident with the Australian Cyber Security Centre.
• Run a scan using your antivirus software and follow any instructions if issues are detected.
• For financial accounts, contact your financial institution immediately and follow their advice.
• Change your passwords. If you have used the same password across multiple accounts, ensure you change your password for each account - once scammers obtain one of your passwords, they may use it to try and gain access to your other accounts.
• Notify your networks on social media to be wary of any messages from you with strange links and/or attachments.

And remember to spread the word – inform family and friends about good cyber security practises!