The basics
Ngā ara poto e rima ki te haumarutanga tuihono

Five quick steps to online security

Here’s our top five steps to help keep you secure online.

Why it matters

We live an increasingly large part of our lives online. From meetings to interviews, and from banking to booking tickets – we do it all over the internet. While this makes our lives a lot easier, it also comes with its share of security threats.

The number of reports CERT NZ receives of New Zealanders experiencing online security incidents is increasing. Attackers are creating sophisticated scams to steal our credit card information, and get into our bank accounts, emails, and our social media accounts. If you get caught out by one of these attacks, it could leave you feeling both out of pocket and distressed.

The good news is that many online security incidents can be prevented by implementing a few small changes that will make a big difference.

  • Create strong passwords

    Creating long, strong and unique passwords is one of the simplest but most effective security changes you can make. Many of us use the same password for all of our accounts, or stick to two or three different ones that we use over and over. The problem with this is if an attacker gets access to one of your account passwords, it often gives them access to many of your other accounts as well.

    What to do

    Try making a passphrase – a random phrase of four or more words – instead of using a password. They’re often easier to remember but hard for attackers to crack. You can try making a passphrase that’s a sentence or fun phrase unique to you. For example, paeroahaslemonfarms or grapewineisfruitsalad.

    Avoid using family names, birth dates or addresses – this type of information is easy for people to find.
    If you’re worried about remembering your passwords, try using a password manager to store your passwords. The password manager is a tool that securely stores all your passwords in one place. This will be the only account you need to remember login details for.

    Keep your data safe with a password manager

  • Use two-factor authentication (2FA)

    2FA is a unique code sent to your phone (or another device) to verify that it’s really you trying to access your account. For example, if you are logging into your bank account, the site sends you a code for you to enter. You can then get into your account by entering this code along with your password.

    It’s a helpful second line of defense and keeps attackers out of your accounts should they obtain your login details.

    What to do

    Turn on 2FA for your important accounts, such as your online banking, email, and social media accounts. You can normally find this in the “settings” section of your accounts.

    If you are given the option to choose how to receive your 2FA code, choose the option that isn’t a text message, as texts are less secure than other types of 2FA – though they're still safer than not having 2FA.

    Use two-factor authentication to protect your accounts

    How to create good passwords

  • Turn on auto updates on your apps and devices

    Updates protect you from any weaknesses or vulnerabilities that could let attackers in. When vulnerabilities are identified, the developers quickly change the code to resolve the issue and send it to your device as a software update. Timing is important here – the sooner your system is updated, the more secure you are.

    What to do

    Set your and apps to update automatically. The easiest way to do this is by going to settings and turning on automatic updates.

    Remove you don’t use any more from your devices.

    Keep up with your updates

  • Set your social media settings to private

    Make sure your social media privacy settings are switched over to ‘Private’ or ‘Friends only’ – this way, you can control who sees what information you share and who you’re sharing it with. This not only protects yourself, but also your friends, family and followers from scams.

    What to do

    Don’t put too much personal information on your social media accounts.

    Remember our tip about passwords. If you share pictures of your dog on Facebook, make sure you’re not also using your dog’s name as your password.

    How to protect your privacy online

  • Think before you click

    Be wary of opening links and attachments in text messages, emails or on social media. These can be used by attackers to get hold of your personal details, or to install harmful software on your device. Even if you think it might be legitimate, it's better to be cautious. If something sounds too good to be true, it probably is!

    What to do

    Stop and check before you give out any personal information. Make sure you know how the companies you deal with will contact you, and know what kind of information they’ll ask for. For example, a bank will never email you links to online banking and ask you to login.

    If you’re not sure why you’re being asked for information, call the company directly to check what they want it for. Businesses are legally obliged to only ask for information they need.

    If you receive a message online from someone you know asking for money or help, contact them through another means of communication to verify it’s them. 

Photo of a man's hands holding a mobile phone with webpage showing the words Your action plan.

How secure are you online?

Use our assessment tool to answer a few questions about your online security behaviour and habits. You will then get a customised action plan to work through to help you become more secure online.