The need for cyber security has never been more important. Cyber attacks are becoming more frequent, more sophisticated and more damaging. There are simple steps everyone should be taking to safeguard their money and information.
The below article is solely about cyber security. Identity theft is also a growing concern, and you can read more about that in a previous blog article.
It is not possible to safeguard yourself totally. Just as it is not possible to fully safeguard your home from theft. But there are steps you can take which are akin to locking the front door, having a guard dog and having a monitored home security system.
Today we learned there has been a mass attack across a range of superannuation funds. This includes the two largest, Australian Super and Australian Retirement Trust, as well as numerous others like HostPlus, Rest and Insignia. Whilst the specific details of how this happened are still being worked out, it is timely to review your own cybersecurity.
Unfortunately your email address is probably widely known already. This has likely been from a data hack in the past e.g. Medibank, Optus, any number of mobile phone apps etc. Have I been pwned? is a website where you can enter your email address and see if it has been involved in a data breach. Odds are, it has been. If so, there is hopefully nothing to worry about, but it makes the password more crucial, because they already have one component of your log-in details (the email address).
Below are basic, yet effective steps to protect yourself from hackers:
Ensure your passwords are unique
“Two-thirds of people use no more than two passwords for all their online accounts” (Keeper).
The first is to ensure your passwords, especially for important websites, are unique. The reason for this is that if there is a data breach, this breach is quarantined to the company which was breached. If you use the same, or similar, passwords for different websites, then someone who gets your email and password for company XYZ also will know your login for company ABC.
Ensure your passwords are complex
“More than 80% of confirmed breaches are related to stolen, weak, or reused passwords.” (Norton).
There is little protection if your passwords are simple or, even worse, connected to you in some way – date of birth, street name, favourite football team, car etc. There is a reason you are recommended to use lower and upper caps, numbers and special characters. ‘Optus123’ offers no protection.
Suggestion – Password management
It is best to not use Google chrome to store passwords. The main vulnerability is that someone may steel your PC/laptop and guess your windows password. Once they have this, there is unfettered access to the Chrome passwords. That said, Google chrome generates complicated passwords and Chrome offers good security, so better this than a simple or repeated password for multiple sites.
A more secure option is to utilise a dedicated password manager. This will store your passwords, but requires you to enter a master code to access. Once you have done this, it will pre-populate your various passwords depending on what website you visit. Lastpass, Bitwarden and 1password are all dedicated password managers.
Opt for a secondary authentication option if available.
More and more companies, including super funds, are introducing two-factor authentication (2FA). This could be a specific app on your mobile which requires your thumbprint, or a code to be entered showing on the device you are using to log into a site, a text message to your mobile or a code sent to your email. It is an additional layer of security.
If you are given the option, always opt for this secondary authentication process.
Multi-factor authentication security
Never share the code. Someone “from” the company will never call up, claim they are from the company and seek the authentication code.
Take action if you receive a code you did not request. Someone is likely trying to log into your account. Notify the product provider and ensure your password is complex.
Be wary of links
Emails and text messages may look like they are from your bank, super fund or the ATO, but may be hackers. The email may say there have been suspicious transaction in your account and request you to click a link and sign-in. Unfortunately the link they provide may again look official, but is a fake website designed to capture your login details. It is safer to directly type in yourbank.com.au rather than get there by clicking a link. You always should check the web address bar and satisfy you are at the official website.
Don’t be conned by someone calling you up saying they are from Microsoft (or elsewhere)
No one from Microsoft, or your bank, will call you asking for you to grant them access to your computer so they can fix an issue they tell you is occurring. Protect access to your PC as closely as you do your PIN or passport.
