Head back to the blog list

Wednesday, May 29, 2019 10:00 AM

Top 10 Online Security Tips


To help those of us who spend any time online - and if you're reading this then that includes you - WyldLynx Security Specialist Michael Leboydre has compiled a list of the top 10 tips to help keep you and your information safe.

  1. Awareness

    Awareness is possibly the most vital step in protecting our own and our loved ones personal information.

    We cannot rely on the nightly news to keep us informed.  This information is always late, always sensationalised, and rarely provides the full picture.  Subscribing to the following via twitter, facebook, etc. will often provide much more detailed and timely information on the subject:

    OrganisationsSecurity Experts
    IDCAREBrian Krebs
    Stay Smart OnlineGraham Cluley
    Scam WatchAlistair MacGibbon
    E-Safety CommissionerTroy Hunt
    ACCCEric Vanderburg
    Australian Cyber Security CentreMikko Hypponen
    MyGovBruce Schneier

  2. Understand you are a target and your personal information has a value

    Many people mistakenly believe that they are not targets because they don't have anything of value.

    We are all targets. Criminals are using our information to apply for new mobile phones, credit cards, bank loans etc., and if they collect enough information, they will attack our superannuation, and even steal (re-direct) our salary and home deposit payments.

    We must understand that all of our information has a value.  Our birthdays, anniversary dates, first pets, what street we grew up on - all of this information is collected and can be re-used by criminals.

    In 2017, a 'Royal Wedding' Facebook quiz was widely circluated, that encouraged thousands of people to enter seemingly innocent personal information, to find out their 'joke' Royal Wedding guest name.  Thousands of people entered information, including your first pet and grandparents names.  However, these are the default secret questions to your MyGov and many other accounts, so openly sharing this information is dangerous.

  3. Understand the risk

    The risk you and your loved ones face often goes far beyond just the financial loss - the emotional cost can be crippling for many victims.

    In one 18-month period, IDCARE responded to 20,000 AU and NZ individuals seeking support. 8% of these were referred to mental health treatment, and at least half of the remaining 92% suffered from symptoms including feeling physically sick and lack of sleep.

    ITNews article on the untold impact of data breaches

  4. Manage your passwords

    The sheer volume of accounts and passwords most users need to manage means that many people are re-using passwords, and/or over simplifying their passwords.

    We need a way to manage our passwords, and many experts are recommending that we use secure password managers.  These password manager services require users to remember just one complex password, while the password manager generates and stores all passwords for the websites and services you may need passwords for, filling them in whenever a login is needed.

    Unfortunately, there are still some financial institutions that do not support the use of password managers.  They would rather, it seems, expect us to be able to retain dozens of complex passwords in our heads.  You will need to 'read the fine print' and determine what the password management rules are for your bank.

    Google "How to use a password manager", and make sure to choose a reputable service.

  5. Secure your accounts

    Not all accounts are equal, and whilst all information has a value to criminals, it makes sense that you will have better security on your MyGov account vs your Pinterest account.

    Make a list of accounts that you own that you consider critical to you and your family, for example MyGov, bank accounts, superannuation, personal email accounts etc. Then put the effort in to lock these critical accounts down. Do not re-use passwords, and research two-factor identification.

  6. Links

    Don't trust them.

    Whether you receive them via SMS, on a website or in an email, we need to re-train ourselves to be naturally cautious of all links. Train yourself to hover over any links in emails and identify where the link is trying to take you.

    When you receive your latest bank or credit card statement, use the email as a reminder, but never use the links within the email. It is safer to simply delete the email and then log in and access the statement via a secure web page.

  7. Lock your devices

    Phone's, laptops and tablets are stolen daily.

    If you speak to any police offer, they will tell you that one of the most common offences they investigate are 'sneak breaks', or break and enters. Criminals will break into your house even while you are in the back yard.  They mostly want to steal small, high value items, which includes jewelry, mobile phones and laptops.

    Do you like the idea of some bored drug user idly flicking through your phone or laptops contents? If not, then simply ensure these devices are locked when not attended to.  Often a 'lock on timeout' setting is available and useful.

  8. Don't share over the phone

    The IDCARE QLD Aftermath Report 2018 states that '31.2% of all compromised events occurred as a result of telephone scams'.

    Put simply, we share too much information over the phone. Often the caller will use small bits of information about ourselves (refer to #2) that they use to make themselves seem genuine.

    The simple rule is, we don't share our personal information over the phone. Ever.

  9. Obfuscate

    We have been trained to fill every physical and online form truthfully, but do we really need to? And should we?

    There some documents and forms in your life that you know need to have accurate information (medical, tax, etc). But, if you join your local gym, do they really need all the same information that would be needed to open a back account in your name?

    Carefully consider exactly what information you are sharing.  There is no need to have your true date of birth linked to your social media pages.  Simply change your date of birth by a day, you will still get your online birthday wishes. Promise.

  10. Don't trust public Wi-Fi points

    If you were to simply google 'Risks of using public Wi-Fi', you will find dozens of articles warning about the dangers in using it.

    I have personally seen successful attacks against members of the publics superannuation accounts, resulting in tens and hundreds of thousands of dollars lost, that all started by using unsecure access to public wifi points.

    Do your own research, invest in a reputable VPN app that will allow you to safely use public wifi locally and internationally, or avoid using them altogether.

Free Bonus Tip: Know what to do when things go wrong

If you reside in Australia or New Zealand, and you are:

  • worried about your personal information (and you should be!);
  • if you become suspicious that you are suffering from a breach of privacy;
  • if you want to find out how to apply for credit checks or credit freezes;
  • or even if you are simply looking for further advice or support
then your first port of call should be to go to IDCare.org

About the Author

Michael Leboydre has served with the Queensland Police Service, culminating in his time as a Detective with the QPS Cyber Crime Unit. During more than two years with the Cyber Crime Unit, Michael conducted investigations and liaised with other state, national and international Agencies on many cases involving fraud, identity theft and other cyber crimes, including many originating in Queensland and heading interstate or overseas, and coming back the other way.

As a result of witnessing first hand the impact these crimes have on unsuspecting members of the general public, through investigations and victim statements, Michael has since devoted his time to educate all who will listen on how they can reduce their risk and exposure to these serious crimes and their devastating consequences.

Like to know more about how WyldLynx can help your organisation? Contact us today!