#StaySmartOnlineWeek – Steps to lock down your online security

In the spirit of #staysmartonline week which runs from Monday the 7th to the 13th of October 2019, I thought I’d share some handy cyber tips to help lock down your online security.

By sharing this information, I want to ensure everyone can proactively protect themselves from cyber-crime, and the most common threats online.

It’s not hard to do – just by following the instructions below, you can protect yourself from cyber-crime:

Always update to keep those hackers out!

I always recommend that you review your security “hygiene” at home – so make sure all of your personal computers and mobile devices are always up-to-date.

Check you are running the latest version of each devices operating system, and make sure ALL of your applications are up-to-date too. This helps to protect your devices from the various ways in which hackers take advantage of security holes (vulnerabilities) in-order to do something malicious with your device.

Also check that you are running up-to-date antivirus software, and you have run a full scan in order to minimise the potential for malware infection.

Turn on automatic software updates – set your operating system and applications to auto update to make sure you always get the latest security features.

Check for your credentials in breaches

Check all of your email addresses using haveibeenpwned.com to see if any of your accounts have been compromised, or if your user credentials are available to hackers.

If you do find any breaches, ensure you’ve changed the password for the account listed, and never use the compromised password ever again.

Share your personal information carefully online

Be cautious with the information you share online. This includes your birth date, location, job title, plus your mobile phone number. Fraudsters can easily find this information from Facebook & other social networking platforms and will use it against you for targeted phishing attacks, or to port your mobile phone number so that they can get around SMS based multi-factor (see below for more info on mobile phone porting).

Use strong passwords and never re-use them (use a password manager)

If you have a Yahoo, LinkedIn, Dropbox, or any of the other mega breach accounts… your credentials are already in the hands of hackers. I know several people who have become a victim to fraud purely because they re-used the same password that had already been publicly disclosed from a breach. Most people don’t realise that hackers will often try to re-use compromised username and password across other sites and services until they get lucky.

Consider using a password manager so that you always have unique and strong complex passwords for all of your online accounts.

Never ever re-use any of passwords across multiple accounts.

Always use strong multi-factor

Ensure you set up strong multi-factor to access your password manager (e.g. your bio-metric finger print or application based rather than SMS), so that even if it was compromised, unless they steal your thumb or finger, they won’t get access.

Make use of strong multi-factor authentication (i.e. not SMS) for the rest of your accounts where possible, so that even if your account or user credentials are compromised, the fraudster will not be able to circumvent this additional protection in place. This is often referred to as application based auth – where either the application itself provides this mechanism, or the service integrates with Google Authenticator.

Protect against mobile phone porting & SIM swapping

Understand “phone porting” and “SIM swapping” and why you need to use stronger multi-factor than SMS. These techniques are often used by fraudsters if they have managed to get your user name and password – as this final step enables them to get around SMS based multi-factor by stealing your mobile phone number so that they receive your SMS multi-factor codes instead of you. Contact your mobile phone service provider, and ask them to confirm that they have blocked the option to port your mobile phone to another provider.

Set up extra protection with your financial institutions

Ensure you have set up a 2nd validation / security password or PIN with your banks and financial institutions, so that if a fraudster gets hold of your personal & account details, you are still protected. Most banks will implement this additional security control if requested.

Don’t store valuable stuff in your mailboxes

Don’t store passwords, scans / photos of your driving license, credit cards, passport etc in your email account(s). Most people forget to check their email sent items too! If hackers gain access to your mail account, they’ll look through your mailbox for any useful documents, photos etc, so ensure you never store them in your account in the first place.

You also might want to consider what you do to securely back up your important documents and files, and store them offline (e.g. a handful of USB drive that aren’t plugged in to your machine). Useful if you ever get hit with ransomware, and need to recover rather than paying a ransom fee!

Understand how to spot phishing emails

Cyber-crime often starts with a phishing email to get your credential to access to your accounts. Remember that banks and financial institutions will never send you an email asking you to click on a link and confirm your bank details. Also, be cautious with unexpected links or attachments – as this is another way in which fraudsters can remotely gain access to your machine – or install keystroke loggers to get hold of your usernames and passwords. Learn how to spot and report a phishing email if you receive one.

Protect your physical mail

Online fraud & identity takeovers often start with physical mail being stolen from your home post / letter / mailbox, so it’s really important to either secure your mailbox, or consider using a PO box so that your physical mail cannot be easily stolen. Another option is to consider changing your accounts so that you don’t get sent any physical mail in the first place.

 

Together we can reverse the threat

The #staysmartonline site has loads more useful resources and information:

https://www.staysmartonline.gov.au/protect-yourself/protect-your-stuff

https://www.staysmartonline.gov.au/protect-your-business

I value your comments or feedback

So that’s my top tips for #staysmartonline week. If you have any additional tips or advice – feel free to comment below.

Feel free to contact me directly if you have any issues, or need more help.