Cyber Security Tips

  • Never use the same password twice.  This is a common way accounts are compromised.  Often databases of usernames and passwords are stolen from sites with poor security.  Once these have been cracked, hackers try these username/password combinations on more secure sites that they would never be able to compromise normally.
  • Try to use a passphrase rather than a complicated jumble of numbers and letters.  A passphrase can be the line of a song or a poem with a year number at the end to satisfy complexity requirements.  Passphrases are much easier for you to remember but much harder to crack (every extra character increases complexity for decryption algorithms on an exponential scale)
  • Use a password manager like lastpass, bitwarden or dashlane to handle the above for you to have just in your own personal computing.  A password manager is protected by a master password (preferably a long passphrase!).  It then can auto generate random and complex passwords and store them (along with your usernames) safely for you every time you sign up to a new service.  The only thing you ever have to remember is on occasion your master passphrase. Even though your passwords are stored in the cloud, they are encrypted by your master password, and your master password is NOT stored in the cloud and is never actually known to the program/service provider. The only downside of this is if you forget your master password you have pretty much no chance of retrieving all of your saved passwords so beware!
  • Two factor authentication (2FA) on every account you are allowed to have it on – especially anything that is an important/sensitive account.  Also it should be placed on accounts that you have nominated as recovery/secondary email accounts for other services that they will send password reset links to in case you forget your password! This is another common way hackers break into accounts/steal people’s identities.  They compromise one account (say your gmail or outlook.com account), which is probably what you sign up to social media/internet banking etc etc with.  They then lock you out of your email account, and proceed to go to all of your other accounts and say ‘forgotten password’ and get reset links to take over all of your other accounts.  Very scary stuff if it happens to you!
  • Avoid using SMS notifications as a two-factor authentication (2FA) option.  If you are being targeted intentionally, and just caught up in a ransom scheme (someone like Peter may fall into this category) – then a hacker will often call your mobile carrier, pose as you with the information they have and request your phone number be ported to another carrier.  Once they have your phone number, they can trigger the multi-factor code to be sent to SMS, and they then have everything they need to access your secured accounts. Using or a rolling code Application on your smartphone ( authenticator app) is the best option.
  • Clear out your Downloads Folder and Recycle Bin regularly. Over time, your downloads folder can accumulate a cache of sensitive information. We recommend clearing out your downloads folder and recycle bin on a regular basis.
  • Never save business passwords on your personal computer, or indeed in any browsers or keychains. One risk is that these passwords will be captured by keylogging software. Another is that these methods may make your passwords available on any connected device.
  • Beware of scams –
    • Exercise critical thinking and vigilance when you receive phone calls, messages and emails.
    • Exercise caution in opening messages, attachments, or clicking on links from unknown senders.
    • Be wary of any requests for personal details, passwords or bank details, particularly if the message conveys a sense of urgency.
    • If in any doubt of the communicator’s identity, delay any immediate action. Re-establish communication later using contact methods that you have sourced yourself.
  • Use trusted Wi-Fi.  Free Wi-Fi by its very nature is insecure and can expose your browsing activity to cybercriminals. Cybercriminals have also been known to set up rogue Wi-Fi hotspots with names that look legitimate and can intercept communications, steal your banking credentials, account passwords, and other valuable information.