The goals of cybersecurity:
Protect your confidential information and other data
Preserving the integrity of your confidential information and other data from compromise
Restrict access of your confidential information and data to only those who are authorised.
-
Don't Trust - Always Verify
-
Password Management
-
Enable Multifactor Authentication
-
Backups and Updates
-
Knowledge and Training
-
Trust Circle
Be cautious if during a call or email you are supplied any of your own confidential information or asked to give remote access your computer.
Do not supply your own confidential information via an email, message or phone call.
Do not give any remote access to your computer or mobile phone, iPad, etc.
Don’t reply to suspicious emails, messages or calls - simply delete or hang up.
Do not reply to emails and messages without double checking details like the sender’s email address or phone number. This includes from people of organisations you may know.
Do not click on any links in emails or messages.
Contact the person or organisation using an online search for their official website and those contact details.
Official Websites generally have a closed padlock next to their website address / URL.
Report any suspicions to your family', trusted IT adviser, Scamwatch
Do not Trust - Always Verify
With so many online and other services/apps/technologies in the world today, the tendency is for each of these services to require a username/email address and a password. There are now some recommended guidelines for passwords:
Do not use the same password for multiple services / websites. The reason for this is that you may not be aware but there have been many hacks and data spills over time that your username and password details may already be known to Cybercriminals. This means they will use those stolen details to try and access your other banking, email and social media services.
Use strong passwords or passphrase. The reason for this is that it makes it harder to Cybercriminals to work out what your password is. They use sophisticated computing power and artificial intelligent systems to break into services and passwords so the harder the password is to crack, they less attractive it will be.
Make your password / passphrase (for example, a movie quote such as “May the Force be with you”) at least 14 characters and you could use a foreign language other than English. You can also make it unpredictable such as a string of words you use in your daily life.
Password Managers can help you generate strong passwords
Use a Password Manager. These are great services that make it easier to safely and securely document your login details, passwords and other secure notes.
Password managers services come in both free and/or paid versions and can work on all your devices such computer internet browsers, iPads/Tablets and mobile phones.
Password Managers will have security features such as a Master Password and Multifactor Authentication to protect these services.
Password Managers are much safer than keeping password files/spreadsheets because they are much harder to be hacked/accessed.
Examples of some well known Password Managers with their own differing features are: Bitwarden, Keeper, 1Password, Dashlane, Roboform
Check to see if your email address / password is still safe. Use the Have I Been Pwned Website to check and see if your email or phone based accounts have been compromised in a known data breach.
Review all your passwords for uniqueness and strength
Consider Passwordless - This is a new form of technology like Multifactor Authentication where you don’t need to remember your password, rather you use a mobile phone app or a special USB key (Yubikey) instead to confirm your logging into websites / services.
Password management
You may have heard this phrase especially in recent times after the Optus or Uber data/security breach events.
Simply put, it is technology that asks you to confirm, verify or authorise an action that has been undertaken involving an online service you are signed up for. Such actions that you may need Multifactor Authentication for include:
Logging into your email account, online banking, social media accounts.
Authorising a payment from your bank to a third party.
Access online services from a new location that you have never signed into before
Access online services from a phone / computer that you have never signed into before.
Typically, you will need a mobile phone that you own/operate or a special USB key (Yubikey) to make Multifactor Authentication work.
The reason why Multifactor Authentication works is that is much harder for a Cybercriminal to possess your Multifactor Authentication device (phone / USB key) in order to confirm logins and transactions that have been initiated.
Essentially Multifactor Authentication confirms that you are the person authorising a payment or a login, and nobody else.
The recommended Multifactor method is to use an Authentication Mobile App on your mobile phone / Tablet/ iPad rather than SMS. The reason for this is that SMS is old technology and unfortunately Cybercriminals have worked out ways to intercept / impersonate the Multifactor Authentication requests sent via SMS.
What is the priority of services I should turn on Multifactor Authentication?
You should enable Multifactor Authentication on the following accounts, as a priority.
Email Accounts
Online Bank accounts and other Financial Services such as Superannuation
Social Media accounts
Any online service that has recorded your credit card / bank account information e.g. Amazon, Ebay, Uber etc.
How can I turn on Multifactor Authentication for my accounts?
Here are some links to guides to enable Multifactor Authentication for some of the most popular online services:
Financial Services
Email and social media services
WhatsApp and WhatsApp Business
Other popular online services
For other services go to the website of the online service provider and look for links such as:
Security
Account Security
2 step
2 factor
Multifactor
MFA
Multifactor Authentication (also known as MFA / 2FA / 2 Factor Authentication)!
Backups
A backup is a digital copy of the information stored on your device, such as photos, documents, videos, and data from applications. It can be saved to an external storage device or to the cloud. Backing up means you can restore your files in case your device is ever lost, stolen, or damaged.
You should regularly backup the following devices:
Mobile Phone
Laptop / Desktop Computer
Tablet / iPad
How to backup your device:
Some recommendations for Backups
You should aim to have multiple backups, one set in the cloud, another in one/two external storage devices. Sometimes external storage devices can become lost/damaged so having a second or more device will act as insurance.
You should aim to not keep your at least one of your external storage device backups attached to your computer all the time. If your computer suffers from disaster, i.e. theft, fire, flood, virus/malware then your attached backup may also become unusable. Try and keep at least one backup device stored in another location such as another relative’s house or geographically separated location.
Updates
You should always keep the following devices up to date with regards to software / apps / firmware / operating system:
Mobile Phone
Laptop / Desktop Computer
Tablet / iPad
The reason for this is that unfortunately there are security loopholes that can be discovered on the software / apps / operating systems. The developers of these software / apps / operating systems will then create a “patch” the security loophole. The only way that customers and end users can get the latest in patches to these loopholes is to keep running updates.
How to keep your device updated:
Backups and Updates
There are many different knowledge and training resources available online to continue learning about the latest cybersecurity threats.
Both in-person and online courses are available.
There are Australian government sanctioned websites that have the latest in Cybersecurity updates, news and current threats that we recommend are:
Australian Cyber Security Centre
We also have a Cybersecurity Resources page where we will add more resources over time.
Many of these recommended services have a notifications service, so you can subscribe to emails for any updates in security and scams to be aware of.
Citisystems can also provide Cybersecurity training at both a personal and at a business level
Cybersecurity Knowledge and Training
Each family or organisation should have a few people or advisers that others can turn to check or verify if there is a cybersecurity issue.
This is especially true for those who are not tech savvy or who are easy to trust unknown people easily.
The adviser can also be a Cybersecurity or an IT professional that is known to the family or organisation. They can be someone who is seen as a technology enthusiast who can assist in spotting or verifying phishing and/or scam attempts. They may also have undertaken some cybersecurity training as well.
The concept here is that when there is a possible suspicious activity, call, email or message, or any other security question or issue, especially with older members of the family or group, then the trusted advisers can be contacted to assess and act appropriately .
Nobody, not even cybersecurity professionals, are immune from the challenges that Cybercriminals present, so having some advisers and peers for sanity checking any issues is a good idea.
As a trusted and experienced IT Professional services organisation, Citisystems is always available as well should you have any questions of a Cybersecurity nature.