A series of recent high profile cyberattacks may have you wondering what you can do to protect your personal data from cyber criminals.
The effects of cyber crime can be devastating, and as we’ve seen lately, even the largest corporations are not immune to cyber criminals.
Statistics by Scamwatch* show that in 2021, there were almost 125,000 reports of attempts to gain personal information, and almost $34 million lost this way. As of November 2022, the amount lost has already surpassed $43 million.
According to Fraser Jack at The Cyber Collective, protecting yourself against cyber criminals has a lot to do with having a safety-first mindset online and treating our online security as seriously as we would our own home, and the contents in it. We sat down with Fraser to break down this idea further.
Q. Fraser, you talk a lot about adopting a safety-first mindset online. What does that actually mean?
One of the questions I often ask people is ‘What information would you be comfortable making public?’ Most people are happy for photos to be public on social media, but what about your driver licence, tax return or bank statement? Would you be comfortable for this to be public information? Probably not. A safety-first mindset is about treating your online information as if it were an important physical document, and taking steps to protect its security.
It’s important to remember that your personal information is valuable to sell online, and once your information is out there, you will never get it back. Physical documents can be shredded and recycled, or thrown away. On the other hand, your online information is there to stay if you don’t put sufficient security measures in place to protect it.
Q. What are key areas to think about when tackling online security with a safety-first mindset?
There are three key areas to cover here, and each of them, in some ways, resemble the home security we often put in place in the physical world:
- Your letter box (email inbox). Think of the internet highway as the street you live in, and your email inbox as a letterbox outside your house. While we may physically take the letters and junk mail out of our letter box, and either shred, throw or file them away, this is generally not the way we operate online. When it comes to our email, we may open our mail, and leave it in our inbox for anyone to come past and have a look at.
- Your front gate (public access). Think of your front gate as the gateway that protects your home from the internet highway and public accessing your information. In the physical world, we tend to take steps to protect our home from intruders. Online, we often leave the ‘front gates’ to our home wide open by not being mindful of how we, for example, use internet routers and Wi-Fi connections.
- Your doors and windows (device security). Think of the security you have on your mobile phone, laptop, tablet or any other device as the doors and windows to your home. Most people would not intentionally leave the house without checking if windows and doors are locked. When it comes to protecting our devices (and the information we have on those devices) from intruders, often we leave those wide open without even realising.
Q. As you’ve pointed out, for many of us, there may be a world of difference in the way we behave online and approach physical security. What are some of the steps we can take to help protect our information online?
There are a few important things that everyone should be doing to maintain good online hygiene:
1. Lock your letterbox
- Create strong, secure passwords for each account (and device) you have, and update these passwords regularly. This process can become overwhelming, and using a password manager can help simplify keeping your passwords and personal information secure across all your devices.
- Be mindful about what information you store in your emails. Cybercriminals are on the lookout for your password, they may get a list of your commonly used passwords from the dark web, or they may try and trick you into giving them your password. If successful, they have access to all the information you stored in your email. Try opening up your email and searching for important documents, such as your tax return, bank statement, driver licence or passport. If you can find them in your email, then anyone who gains access to your email account can find them too.
2. Lock your front gate
- Create long and strong passwords for your internet router and Wi-Fi connections. Don’t make it easy for someone to guess your router password. For example, if your username is ‘Telstra’ and your password is ‘password’ (which can often be the default setting), this combination is easily guessable.
- Review your router settings and partition them so that you may, for example, be able to set up different sections within your router for work activity, home internet connections or things like gaming.
- Consider using a Virtual Private Network (VPN) for some extra security. A VPN hides your IP address and online identity by creating an encrypted tunnel for your internet traffic.
- Avoid using public Wi-Fi. It might be tempting to use, but public Wi-Fi is a public gateway to your belongings, so it’s just not worth it. Also, consider exercising caution when using public USB charging stations.
- Be mindful of what you are connecting to. For example, music players, or other electrical items called the “Internet of Things” (IoT). Products that connect to your Wi-Fi generally have little of no security. There is a story of a casino in Las Vegas that was hacked through the thermostat on their tropical fish tank.
- Get an IT expert to help set up your internet security. This may not need to be a professional, it can be someone you trust who understands online security.
3. Lock your doors and windows
- Consider paid quality antivirus software on your connected devices. Free software often won’t protect you in the same way. Also, consider ensuring the paid antivirus software provides ongoing protection that is live 24×7, rather than a ‘set and forget’ option.
- Understand what devices are connected to others within your network through a Wi-Fi (or Bluetooth) connection. This becomes a potential vulnerability, in a similar way that you might lock the doors, but leave a window open. Security is only as good as the weakest link.
Q. Most of us have busy lives, and often we do things without thinking. Do you have one final tip to help us stay in a safety-first mindset when online?
Whenever you are opening, reading, or sending any personal information online, ask yourself this one question; ‘How would I behave with this information physically, and does this reflect my behaviour online?’ This simple question can help to interrupt your regular behaviour patterns and hopefully put you on a path to more secure online habits.
This report is prepared by Bridges Financial Services Pty Limited ABN 60 003 474 977 AFSL 240837 (Bridges). Bridges is an ASX Market Participant and part of the IOOF group of companies. This report is prepared by the IOOF Research team for: Bridges Financial Services Pty Limited ABN 60 003 474 977 AFSL 240837, Consultum Financial Advisers Pty Ltd ABN 65 006 373 995 AFSL 230323, Elders Financial Planning ABN 48 007 997 186 AFSL 224645, Financial Services Partners ABN 15 089 512 587 AFSL 237 590, Millennium3 Financial Services Pty Ltd ABN 61 094 529 987 AFSL 244252, RI Advice Group Pty Ltd ABN 23 001 774 125 AFSL 238429, Shadforth Financial Group Ltd ABN 27 127 508 472 AFSL 318613 (‘Advice Licensees’). The Advice Licensees are part of the IOOF group comprising IOOF Holdings ABN 49 100 103 722 and its related bodies corporate (IOOF group). The Advice Licensees and/or their associated entities, directors and/or employees may have a material interest in, and may earn brokerage from, any securities or other financial products referred to in this document or may provide services to the company referred to in this report. The document is not available for distribution outside Australia and may not be passed on to any third person without the prior written consent of the Advice Licensees. The Advice Licensees and associated persons (including persons from whom information in this report is sourced) may do business or seek to do business with companies covered in its research reports. As a result, investors should be aware that the firms or other such persons may have a conflict of interest that could affect the objectivity of this report. Investors should consider this report as a single factor in making an investment decision. The document is current as at the date of issue but may be superseded by future publications. You can confirm the currency of this document by checking the intranet site (links below). The information contained in this report is for the sole use of advisers and clients of AFSL entities authorised by the Advice Licensees. This report may be used on the express condition that you have obtained a copy of the Advice Licensees Financial Services Guide (FSG) from their respective website. Disclaimer: The information in this report is general advice only and does not take into account the financial circumstances, needs and objectives of any particular investor. Before acting on the advice contained in this document, you should assess your own circumstances or seek advice from a financial adviser. Where applicable, you should obtain and consider a copy of the Product Disclosure Statement, prospectus or other disclosure material relevant to the financial product before making a decision to acquire a financial product. It is important to note that investments may go up and down and past performance is not an indicator of future performance. The contents of this report should not be disclosed, in whole or in part, to any other party without the prior consent of the IOOF Research Team and Advice Licensees. To the extent permitted by the law, the IOOF Research team and Advice Licensees and their associated entities are not liable for any loss or damage arising from, or in relation to, the contents of this report. For information regarding any potential conflicts of interest and analyst holdings; IOOF Research Team’s coverage criteria, methodology and spread of ratings; and summary information about the qualifications and experience of the IOOF Research Team please visit https://www.ioof.com.au/adviser/investment_funds/ioof_advice_research_process.