Following on from the project that we carried out in 2016 with our membership clients, it is important to continually be aware of the risks of your online self.
The following checklist is from CERT NZ - the Government agency who provide you with up-to-date actionable advice on current threats and vulnerabilities. We subscribe to their newsletter of alerts - which you can do here.
Protect your online self this Cyber Smart Week
We live in an increasingly digital world, where everything is connected. Our relationships, our jobs, our finances — everything is online. And, while there are some real benefits to digital life, any weaknesses in our online connections can make us vulnerable to a cyber security attack.
Cyber attacks are becoming more and more frequent over time, and they can affect anyone. It’s not just large organisations or businesses who are being attacked — smaller businesses and everyday New Zealanders are at risk too.
Cyber attacks are generally opportunistic
Many cyber attacks aren’t specifically targeting any one person or business. Instead, attackers look for easy ways to gather as much personal information online as they can, and then use it to exploit people’s weaknesses and vulnerabilities. They’re not picky about who they target. That’s why you need to do everything you can to protect yourself.
Think of securing your online self like you’d secure your home. You wouldn’t lock the front and back door of your house, then go out and leave the bathroom window wide open — anyone could get inside. It’s the same online. You need to make sure you plug any gaps in your security to make sure you’re not leaving your bathroom window open online either.
Luckily, there are a few simple changes you can make that will help you protect your personal information online. Follow the 4 steps below and secure your online self this Cyber Smart Week.
1. Use unique passwords
Creating unique passwords for your online accounts is one of the most effective ways you can secure your online self.
Many of us use the same password for all our accounts, or stick to two or three different ones that we use over and over. This means that if an attacker gets hold of one of your account passwords, it'll give them access to any other accounts that share the same password. And, passwords are easy to get hold of. Lists of passwords are often sold online, and attackers can use software to 'guess' passwords through brute force. If you think about how many online accounts you have, you can see why this could cause you problems.
Make each of your passwords long, strong, and most of all, unique. If you’re worried about remembering them all, try using a password manager. This will store and manage your passwords for you — it’s like putting them in a safe that only you have the key to. You’ll only have to remember the login details for your password manager, and it’ll do the rest.
So, this Cyber Smart Week, check your online accounts and make sure each one has a unique password. If you find that you’ve reused a password on an account, change it to something new. And if you think you need some help remembering them all, set up a password manager.
2. Turn on 2FA
Adding two-factor authentication (2FA) to your login process is a simple way to add an extra layer of security to your accounts.
When you log into an online account with a username and password, you’re using what’s called single factor authentication. You only need one thing — your password — to verify that you are who you say you are. With 2FA, you need to provide two things — your password and something else — before you can access an account. You can choose to get a code sent to an app on your phone, for example, that you can use to complete your login.
- You can enable 2FA on most of your online accounts, and your devices. You’ll usually find the option to turn it on in the privacy settings.
- Check your bank’s website to see what their 2FA options are, and how to set it up. Every bank is different.
Take some time this week to set 2FA up on the things you use to access the web. Then, relax in the knowledge that your personal information is much safer thanks to one small, simple change.
3. Update your apps
When you’re alerted to an update for one of your apps, don’t ignore it — install it as soon as possible.
Updates aren’t just about adding new features. They’re also about fixing vulnerabilities that attackers can use to gain access to your information.
If you can, set your apps to update automatically whenever a new version is available. That way, you don’t have to think about it. While you’re at it, check the permissions and settings on your apps too. Make sure they don’t have access to any other features that you’re not comfortable with. You might want Facebook to access your photo library, for example, but your weather app probably doesn’t need to.
Make a point of deleting any apps you don’t use. Then you won’t need to worry about updating them to make sure you're always using the most recent version. You'll free up some space on your device too.
Make an appointment to check up on your apps this week. Install any updates that are waiting, and get rid of anything you don't need. Your online self will thank you for it.
4. Check your privacy
It’s important to be aware of how much of your online self you’re sharing, and with who.
That means both the info you choose to share yourself, and the info you’re asked to share by the companies you have online accounts with. We’re so used to sharing things online that we don’t really think about how it affects our privacy anymore. Everyone knows your pet's name, where you went to school, where you work, and even when you’re away on holiday.
This window into your life lets your friends and family know what you’re up to. But, it can also give an attacker information they could use to access your data, steal your identity, or even attack your friends and family.
This Cyber Smart Week, take some time to look at your online connections and what you choose to share with them.
- Check the privacy controls on your social media accounts. Set them so that only your friends and family can see your full details.
- Check that any requests for personal information are legitimate before you share your details. If a company or business asks you for information, think about why they might need it. If you’re not sure, call them to ask first.
- Most importantly, always check that a web page is secure before you send any information through it. Secure pages have a URL that starts with HTTPS, and will often display a padlock icon next to the URL.
Report any cyber security issue you experience to CERT NZ. We’ll help you identify it and let you know what the next steps are to resolve it. We’ll also use the information to create advice and guidance for others who might be experiencing the same issue.