Head back to the blog list
Wednesday, May 29, 2019 10:00 AM
Top 10 Online Security Tips
To help those of us who spend any time online - and if you're reading this then that includes you - WyldLynx Security Specialist Michael Leboydre has compiled a list of the top 10 tips to help keep you and your information safe.
- Awareness
Awareness is possibly the most vital step in protecting our own and our loved ones personal information.
We cannot rely on the nightly news to keep us informed. This information is always late, always sensationalised, and rarely provides the full picture. Subscribing to the following via twitter, facebook, etc. will often provide much more detailed and timely information on the subject:
Organisations Security Experts IDCARE Brian Krebs Stay Smart Online Graham Cluley Scam Watch Alistair MacGibbon E-Safety Commissioner Troy Hunt ACCC Eric Vanderburg Australian Cyber Security Centre Mikko Hypponen MyGov Bruce Schneier - Understand you are a target and your personal information has a value
Many people mistakenly believe that they are not targets because they don't have anything of value.
We are all targets. Criminals are using our information to apply for new mobile phones, credit cards, bank loans etc., and if they collect enough information, they will attack our superannuation, and even steal (re-direct) our salary and home deposit payments.
We must understand that all of our information has a value. Our birthdays, anniversary dates, first pets, what street we grew up on - all of this information is collected and can be re-used by criminals.
In 2017, a 'Royal Wedding' Facebook quiz was widely circluated, that encouraged thousands of people to enter seemingly innocent personal information, to find out their 'joke' Royal Wedding guest name. Thousands of people entered information, including your first pet and grandparents names. However, these are the default secret questions to your MyGov and many other accounts, so openly sharing this information is dangerous.
- Understand the risk
The risk you and your loved ones face often goes far beyond just the financial loss - the emotional cost can be crippling for many victims.
In one 18-month period, IDCARE responded to 20,000 AU and NZ individuals seeking support. 8% of these were referred to mental health treatment, and at least half of the remaining 92% suffered from symptoms including feeling physically sick and lack of sleep.
ITNews article on the untold impact of data breaches
- Manage your passwords
The sheer volume of accounts and passwords most users need to manage means that many people are re-using passwords, and/or over simplifying their passwords.
We need a way to manage our passwords, and many experts are recommending that we use secure password managers. These password manager services require users to remember just one complex password, while the password manager generates and stores all passwords for the websites and services you may need passwords for, filling them in whenever a login is needed.
Unfortunately, there are still some financial institutions that do not support the use of password managers. They would rather, it seems, expect us to be able to retain dozens of complex passwords in our heads. You will need to 'read the fine print' and determine what the password management rules are for your bank.
Google "How to use a password manager", and make sure to choose a reputable service.
- Secure your accounts
Not all accounts are equal, and whilst all information has a value to criminals, it makes sense that you will have better security on your MyGov account vs your Pinterest account.
Make a list of accounts that you own that you consider critical to you and your family, for example MyGov, bank accounts, superannuation, personal email accounts etc. Then put the effort in to lock these critical accounts down. Do not re-use passwords, and research two-factor identification.
- Links
Don't trust them.
Whether you receive them via SMS, on a website or in an email, we need to re-train ourselves to be naturally cautious of all links. Train yourself to hover over any links in emails and identify where the link is trying to take you.
When you receive your latest bank or credit card statement, use the email as a reminder, but never use the links within the email. It is safer to simply delete the email and then log in and access the statement via a secure web page.
- Lock your devices
Phone's, laptops and tablets are stolen daily.
If you speak to any police offer, they will tell you that one of the most common offences they investigate are 'sneak breaks', or break and enters. Criminals will break into your house even while you are in the back yard. They mostly want to steal small, high value items, which includes jewelry, mobile phones and laptops.
Do you like the idea of some bored drug user idly flicking through your phone or laptops contents? If not, then simply ensure these devices are locked when not attended to. Often a 'lock on timeout' setting is available and useful.
- Don't share over the phone
The IDCARE QLD Aftermath Report 2018 states that '31.2% of all compromised events occurred as a result of telephone scams'.
Put simply, we share too much information over the phone. Often the caller will use small bits of information about ourselves (refer to #2) that they use to make themselves seem genuine.
The simple rule is, we don't share our personal information over the phone. Ever.
- Obfuscate
We have been trained to fill every physical and online form truthfully, but do we really need to? And should we?
There some documents and forms in your life that you know need to have accurate information (medical, tax, etc). But, if you join your local gym, do they really need all the same information that would be needed to open a back account in your name?
Carefully consider exactly what information you are sharing. There is no need to have your true date of birth linked to your social media pages. Simply change your date of birth by a day, you will still get your online birthday wishes. Promise.
- Don't trust public Wi-Fi points
If you were to simply google 'Risks of using public Wi-Fi', you will find dozens of articles warning about the dangers in using it.
I have personally seen successful attacks against members of the publics superannuation accounts, resulting in tens and hundreds of thousands of dollars lost, that all started by using unsecure access to public wifi points.
Do your own research, invest in a reputable VPN app that will allow you to safely use public wifi locally and internationally, or avoid using them altogether.
Free Bonus Tip: Know what to do when things go wrong
If you reside in Australia or New Zealand, and you are:
- worried about your personal information (and you should be!);
- if you become suspicious that you are suffering from a breach of privacy;
- if you want to find out how to apply for credit checks or credit freezes;
- or even if you are simply looking for further advice or support
About the Author
Michael Leboydre has served with the Queensland Police Service, culminating in his time as a Detective with the QPS Cyber Crime Unit. During more than two years with the Cyber Crime Unit, Michael conducted investigations and liaised with other state, national and international Agencies on many cases involving fraud, identity theft and other cyber crimes, including many originating in Queensland and heading interstate or overseas, and coming back the other way.
As a result of witnessing first hand the impact these crimes have on unsuspecting members of the general public, through investigations and victim statements, Michael has since devoted his time to educate all who will listen on how they can reduce their risk and exposure to these serious crimes and their devastating consequences.
Like to know more about how WyldLynx can help your organisation? Contact us today!