Breadcrumbs

Getting started with cyber security

Cyber security attacks are becoming more and more common over time, so it’s important to know what you can do to protect your information online. While there’s no bulletproof way to prevent an attack, there are a lot of things you can do that will help to lessen the risk.

Here’s our top tips for simple, practical things you can do to help keep your personal information safe and secure — they go all the way up to 11.

1. Back up your data

Backing up the data on your devices — by copying it to another, separate location — is one of the most important things you can do. If you’re targeted by a cyber attack you may not be able to access or use your computer, phone, or any of your other devices. But, if you’ve backed your data up you won’t lose any of it, regardless of what ends up happening to your device.

What to do

  • You can either:
    • get an external hard drive and do an 'offline' or 'cold' backup, or
    • sign up to a cloud based service like Dropbox and do a cloud backup.
  • Back up your data regularly — for example, every week.

2. Keep your operating system (OS) and your apps up-to-date

When you’re alerted to an update for your OS or one of your apps, don’t ignore it — install it as soon as possible. Updates aren’t just about adding new features. They’re also about fixing vulnerabilities in an OS or an app that attackers could find and use to gain access to your system. US-CERT have said that 85% of cyber attacks are preventable, and that updating (or patching) your software is one of best things to do to prevent an attack.

US-CERT Top 30 targeted high risk vulnerabilities External Link

What to do

  • Update your OS and your apps whenever new versions become available.
  • Better still, set your system preferences to update them automatically — then you don’t have to think about it.
  • Remove any apps you don’t use any more from your devices.

3. Choose unique passwords

We all have so many online accounts now that it’s become hard to keep track of all of the passwords we need for them. To combat this, many of us use the same password for all of our accounts, or stick to two or three different ones that we use over and over. The problem with this is that if an attacker gets access to one of your account passwords, it often gives them access to many of your other accounts as well.

What to do

  • Use a new password for every site or account you create online.

  • Try using a password manager, which will store and manage your passwords for you. The password manager will be the only account you need to remember login details for.

  • Aim for passwords of 8 characters or more. Use numbers, letters and symbols in them (and don’t use 'password' as your password).
  • Think about using a short phrase — a passphrase — rather than a password. Passphrases are usually stronger and easier to remember than passwords. Choose a simple phrase, for example 'Winter here is warmer than summer', and use a mix of letters, numbers and symbols to make it more complex — 'Wint3r here 1s warmer than Summ3r'.
  • Don’t share your passwords with anyone — including your partner, your parents and your children.

4. Turn on two-factor or multifactor authentication

Two-factor and multifactor authentication is another way that you can help to protect your online accounts from being hacked. You can choose to have a code sent to another device, like your phone, that you can use to authenticate who you are every time you log in. That way, even if someone gets access to your account passwords, if they don’t have your phone to receive the code they can’t get into your accounts.

What to do

  • Consider turning two-factor, or multifactor authentication on for your:
    • email accounts, like Gmail
    • social media accounts, and
    • other online logins like your Apple iCloud account.

5. Be creative with the answers to your account recovery questions

When you set up a new account online, you’re often asked to set an answer to an 'account recovery question'. These are generally used as a way to identify you if you forget your password and need a prompt. They’re often based on easy to remember things about you — like your mother’s maiden name, the name of your first pet or where you went to school. Unfortunately, these are also easy things for an attacker to find out, and could be used to gain access to your accounts without your knowledge.

What to do

  • Consider being a bit creative when you’re asked to set the answer to an account recovery question. Instead of being honest about what school you went to, for example, you could say 'Hogwarts' instead. As long as it’s something that you can remember, you can set any answer you like.

6. Be cautious when you’re using untrusted networks and free WiFi

It’s good to be careful about what you do online when you’re using a hotpsot or free WiFi — if you’re logging on at a cafe, for example. These networks are untrusted, meaning that it's possible that others could see what you're doing when you use them. You’re also at risk of people 'shoulder surfing' — looking over your shoulder to try and see the login details for your online accounts. So while it’s ok to check the news or the weather, try to keep any other use to a minimum.

What to do

  • Never do online shopping or internet banking on free WiFi or an unsecure network.
  • If you need to check your email, make sure you have two factor authentication set up first.
  • Use your own device where possible, not someone else’s.

7. Install an antivirus and scan for viruses regularly

Antivirus software can help you detect and remove malware (viruses) from your computer system. If you don’t have antivirus installed already, consider investing in it. If you’re using Microsoft Windows 7 or greater, it comes with a free antivirus called Windows Defender. Otherwise, get a legitimate antivirus from a well-known, trusted company — your local computer services company can give you advice on what would work best for you. Don’t just download any free antivirus software online, as many of the ones that you see advertised for free are fake. They could download malware or adware onto your computer instead of helping you detect and remove it.

What to do

  • Install an antivirus program on your computer. If you’re not confident doing this yourself, a computer services company can do it for you.
  • Run it regularly, for example every week, and clean up any viruses it identifies.
  • Tell your IT person about any viruses you’ve found the next time you see them. 

8. Be smart about social media

Did you know that the information you post to your Facebook profile, your Twitter feed or your Instagram account could be used to steal your identity or hack into your online accounts? We’re so used to sharing things online that we don’t really think about it anymore. Everyone knows your pet's name, where you went to school, where you work, and even when you’re away on holiday.

Unfortunately, this window into your life not only lets your friends and family know what you’re up to, it also gives cyber criminals information that they can use to access your data or steal your identity.

What to do

  • Check the privacy controls on your social media accounts. Set them so that only your friends and family can see your full details.
  • Don’t put too much personal information on your social media accounts.
  • Remember our tip about passwords. If you share pictures of your dog on Facebook, make sure you’re not also using your dog’s name as your password.

9. Don’t give out personal information online unless you know who’s asking for it and why

Scams, fraud and phishing emails all attempt to trick you into giving away your personal information or your financial details — often by pretending to be a legitimate business, like a bank. It’s good to be aware of this so that you can work out what’s a genuine request and what isn’t.

What to do

  • Stop and check before you give out any personal information. Make sure you know how the companies you deal with will contact you, and know what kind of information they’ll ask you for. For example, a bank will never email you with links to online banking and ask you to login.
  • If you’re not sure why you’re being asked for information, call the company directly to check what they want it for. Businesses are legally obliged to only ask for information they need. 
  • If you get any online requests for personal or financial details that you're unsure about, do some checks before giving your information away. For example, if your insurance company asks you for information online, phone them or, if you can, visit your local branch to query their request first. 

10. Always check your bank statements

If someone gets access to your bank accounts, you’ll see it pretty quickly if you keep an eye on your statements. Seeing someone else using the funds in your bank account or making payments on your credit card could be the first tip off you get that someone has access to your accounts.

What to do

  • Keep an eye on your bank accounts and credit cards — always check your statements.
  • Ring the bank and query any suspicious payments or withdrawals as soon as you see them.

11. Get a regular credit check

Keeping an eye on your bank accounts will let you see if anyone else gets access to them. Getting a credit check done will let you see if anyone’s using your personal details to get loans or credit for big purchases, like a car. Often, the first you’ll hear of this kind of activity is when you’re refused credit for something or when a debt collector turns up at your door. Keeping tabs on your credit record could alert you to unauthorised activity sooner.

What to do

  • Get a credit check done annually.
  • If you see anything suspicious, follow it up straight away. Ring the bank or the finance company to let them know what’s going on and ask what they can do to help. You can also ask the credit report company to suppress your credit information while you get it sorted out.