COVID-19 has us spending more time at home either working or binging Netflix. This has really put the spotlight on the level of cyber security we practice at home.
Alman Partners take cyber security seriously. We have been extremely fortunate to work with experts and like-minded firms who have educated us in this area. The biggest learning is understanding that there are lots of people out there who want to do us harm in the cyber world by preying on our human flaws. They try and fool us by impersonating people or brands we trust, taking advantage of our generosity in times of crisis and by the simple fact that technology is everywhere and a password is needed for everything.
I want to share some of these learnings with you because if you raise this topic with friends or family, it doesn’t take long before you find someone who has been impacted by cybercrime, often costing them financially and most definitely emotionally. Please read on to find some practical steps you can take to better protect yourself in our online world.
Step 1. Exposure
You may already be exposed and not know it. There have been countless reports of user data being stolen, with some of the most prominent being LinkedIn, Yahoo, Facebook, Marriot, and the list goes on and on. So how do you know if you have been caught up in these exposures?
- Go to the ‘Have I been Pwned’ website.
- Enter your email address and click on the pwned? button.
- If your email address has been used in a compromised account, the website will list the name/s of the sites where your data has been exposed and what type of data was compromised.
- You should change your password for these sites IMMEDIATELY as well as any other sites where you have reused the same password.
Step 2. Passwords
If you only take away one thing from this blog it would be this, do not re-use passwords.
I know this is not easy to do and there are so many factors to consider, length, capitals, numbers, symbols etc., so I recommend outsourcing it all and subscribe to a trusted Password Manager, this way you only have to remember one very good password or passphrase and the service takes care of the rest. These services take a bit of effort to set up at first, but once you have done so they do all the heavy lifting for you in the future.
They are available on all platforms, including your mobile devices and they usually come with family subscriptions so your loved ones can also be protected. Setting them up generally involves logging in to each of the sites you use and going through the ‘change your password’ process so the service can suggest a new password and recognise the site so you don’t have to remember the password in the future.
I recommend the following services:
The above services have plenty of guides and how-to videos to assist you through the setup process. When setting up the account you need to ensure the following:
- Use a strong unique password or a passphrase
- Enable 2-factor or multifactor authentication
Step 3. Multi-Factor Authentication (MFA)
Let us not get too caught up in what 2-factor or Multi-factor Authentication is, rather let’s focus on why you should enable it and alternative ways of implementing it.
Why you should enable it is simple. If your account has been breached and your password exposed, you have an added layer of protection. A potential cybercriminal needs an additional piece of information before they can access the service or your personal information, or change your account settings.
Usually, the default tool used for MFA is a code sent to your mobile phone via a text message or to your email account. I would strongly recommend that you do not use an email address if you can, as email accounts are relatively easy to compromise. Instead, I recommend you use an Authentication App or at very least a text message sent to your mobile phone.
Authentication apps are installed on your mobile phone and are easy to use and set up. This typically involves scanning a QR code with your mobile phone. An account is then added to the App and a random code is generated, which you enter when asked for it by the site you are logging in to.
Example of Microsoft Authenticator
I recommend the following authentication apps that are available for both Apple and Android devices:
- Microsoft Authenticator
- Google Authenticator
Step 4. Update, update, update
I know it can be frustrating, you do an update and things change, on your mobile phone or PC, or the application you are using. The bottom line is it’s one of the most important things you need to do to keep your devices and apps secure.
There is a constant war going between the good guys and the bad guys, and a lot of the issues are only fixed after a vulnerability has been exposed. This is why it is so important to ensure your mobile devices, PC applications and antivirus software are kept up to date.
In this online world, updating is just like maintaining your car. It requires effort and some inconvenience, but if you don’t do it, all you are doing is exposing yourself to problems in the future.
I hope this information has been helpful. I’ll leave you with a couple of links to Australian Government cyber security websites. Stay safe.
Alman Partners Pty Ltd, Australian Financial Services Licence No: 222107.
Note: This material is provided for information only. We do not guarantee and accept no legal liability whatsoever arising from or connected to the accuracy, reliability, currency or completeness of any material published on this website or any linked website.