Why it matters
We live an increasingly large part of our lives online. From meetings to interviews, and from banking to booking tickets – we do it all over the internet. While this makes our lives a lot easier, it also comes with its share of security threats.
The number of reports CERT NZ receives of New Zealanders experiencing online security incidents is increasing. Attackers are creating sophisticated scams to steal our credit card information, and get into our bank accounts, emails, and our social media accounts. If you get caught out by one of these attacks, it could leave you feeling both out of pocket and distressed.
The good news is that many online security incidents can be prevented by implementing a few small changes that will make a big difference.
How to protect yourself
1. Create strong passwords
Creating long, strong and unique passwords is one of the simplest but most effective security changes you can make. Many of us use the same password for all of our accounts, or stick to two or three different ones that we use over and over. The problem with this is if an attacker gets access to one of your account passwords, it often gives them access to many of your other accounts as well.
What to do
- Try making a passphrase – a random phrase of four or more words – instead of using a password. They’re often easier to remember but hard for attackers to crack. You can try making a passphrase that’s a sentence or fun phrase unique to you. For example, paeroahaslemonfarms or grapewineisfruitsalad.
- Avoid using family names, birth dates or addresses – this type of information is easy for people to find.
- If you’re worried about remembering your passwords, try using a password manager to store your passwords. The password manager is a tool that securely stores all your passwords in one place. This will be the only account you need to remember login details for.
2. Use two-factor authentication (2FA)
2FA is a unique code sent to your phone (or another device) to verify that it’s really you trying to access your account. For example, if you are logging into your bank account, the site sends you a code for you to enter. You can then get into your account by entering this code along with your password.
It’s a helpful second line of defence and keeps attackers out of your accounts should they obtain your login details.
What to do
- Turn on 2FA for your important accounts, such as your online banking, email, and social media accounts. You can normally find this in the “settings” section of your accounts.
- If you are given the option to choose how to receive your 2FA code, choose the option that isn’t a text message, as texts are less secure than other types of 2FA – though they're still safer than not having 2FA.
3. Turn on auto updates on your apps and devices
Updates protect you from any weaknesses or vulnerabilities that could let attackers in. When vulnerabilities are identified, the developers quickly change the code to resolve the issue and send it to your device as a software update. Timing is important here – the sooner your system is updated, the more secure you are.
What to do
- Set your device and apps to update automatically. The easiest way to do this is by going to settings and turning on automatic updates.
- Remove apps you don’t use any more from your devices.
4. Set your social media settings to private
Make sure your social media privacy settings are switched over to ‘Private’ or ‘Friends only’ – this way, you can control who sees what information you share and who you’re sharing it with. This not only protects yourself, but also your friends, family and followers from scams.
What to do
- Don’t put too much personal information on your social media accounts.
- Remember our tip about passwords. If you share pictures of your dog on Facebook, make sure you’re not also using your dog’s name as your password.
5. Think before you click
Be wary of opening links and attachments in text messages, emails or on social media. These can be used by attackers to get hold of your personal details, or to install harmful software on your device. Even if you think it might be legitimate, it's better to be cautious. If something sounds too good to be true, it probably is!
What to do
- Stop and check before you give out any personal information. Make sure you know how the companies you deal with will contact you, and know what kind of information they’ll ask for. For example, a bank will never email you links to online banking and ask you to login.
- If you’re not sure why you’re being asked for information, call the company directly to check what they want it for. Businesses are legally obliged to only ask for information they need.
- If you receive a message online from someone you know asking for money or help, contact them through another means of communication to verify it’s them.