Today we use internet-connected devices in all aspects of our lives. We go online to search for information, shop, bank, do homework, play games, and stay in touch with family and friends through social networking. As a result, our devices contain a wealth of personal information about us. This may include banking and other financial records, and medical information—information that we want to protect. If your devices are not protected, identity thieves and other fraudsters may be able to get access and steal your personal information. Spammers could use your computer as a "zombie drone" to send spam that looks like it came from you. Malicious viruses or spyware could be deposited on your computer, slowing it down or destroying files. Show
By using safety measures and good practices to protect your devices, you can protect your privacy and your family. The following tips are offered to help you lower your risk while you're online. Keep your device secureMake sure to download recommended updates from your device's manufacturer or operating system provider, especially for important software such as your internet browser. Antivirus software, antispyware software, and firewalls are also important tools to thwart attacks on your device. Keep up-to-dateUpdate your system, browser, and important apps regularly, taking advantage of automatic updating when it's available. These updates can eliminate software flaws that allow hackers to view your activity or steal information. Windows Update is a service offered by Microsoft. It will download and install software updates to the Microsoft Windows Operating System, Internet Explorer, Outlook Express, and will also deliver security updates to you. Patching can also be run automatically for other systems, such as Macintosh Operating System. For mobile devices, be sure to install Android or iPhone updates that are distributed automatically. Antivirus softwareAntivirus software protects your device from viruses that can destroy your data, slow down or crash your device, or allow spammers to send email through your account. Antivirus protection scans your files and your incoming email for viruses, and then deletes anything malicious. You must keep your antivirus software updated to cope with the latest "bugs" circulating the internet. Most antivirus software includes a feature to download updates automatically when you are online. In addition, make sure that the software is continually running and checking your system for viruses, especially if you are downloading files from the web or checking your email. Set your antivirus software to check for viruses every day. You should also give your system a thorough scan at least twice a month. Antispyware softwareSpyware is software installed without your knowledge or consent that can monitor your online activities and collect personal information while you're online. Some kinds of spyware, called keyloggers, record everything you key in—including your passwords and financial information. Signs that your device may be infected with spyware include a sudden flurry of ads, being taken to websites you don't want to go to, and generally slowed performance. Spyware protection is included in some antivirus software programs. Check your antivirus software documentation for instructions on how to activate the spyware protection features. You can buy separate antispyware software programs. Keep your antispyware software updated and run it regularly. To avoid spyware in the first place, download software only from sites you know and trust. Make sure apps you install on a mobile device come from the Apple App Store for iPhones or Google Play for Android devices. FirewallsA firewall is a software program or piece of hardware that blocks hackers from entering and using your computer. Hackers search the internet the way some telemarketers automatically dial random phone numbers. They send out pings (calls) to thousands of computers and wait for responses. Firewalls prevent your computer from responding to these random calls. A firewall blocks communications to and from sources you don't permit. This is especially important if you have a high-speed internet connection, like DSL or cable. Some operating systems have built-in firewalls that may be shipped in the "off" mode. Be sure to turn your firewall on. To be effective, your firewall must be set up properly and updated regularly. Check your online "Help" feature for specific instructions. Use strong protectionMaking use of complex passwords and strong methods of authentication can help keep your personal information secure. Choose strong passwordsProtect your devices and accounts from intruders by choosing passwords that are hard to guess. Use strong passwords with at least eight characters, a combination of letters, numbers and special characters. Don't use a word that can easily be found in a dictionary or any reference to personal information, such as a birthday. Some hackers use programs that can try every word in the dictionary, and can easily find personal information such as dates of birth. Try using a phrase to help you remember your password, using the first letter of each word in the phrase. For example, HmWc@w2—How much wood could a woodchuck chuck. Choose unique passwords for each online account you use: financial institution, social media, or email. If you have too many passwords to remember, consider using password manager software, which can help you create strong individual passwords and keep them secure. Use stronger authenticationMany social media, email, and financial accounts allow the use of stronger authentication methods. These methods can include using a fingerprint, one-time codes sent to a mobile device, or other features that ensure a user is supposed to have access to the account. For more information on strong authentication methods, visit the Lock Down Your Login Campaign. Protect your private informationWhile checking email, visiting websites, posting to social media, or shopping, pay attention to where you click and who you give your information to. Unscrupulous websites or data thieves can attempt to trick you into giving them your personal data. Be careful what you clickPhishing attacks—where hackers send seemingly genuine messages to trick you to hand over personal information—are becoming more sophisticated. For instance, you may receive an urgent message stating that your bank account has been locked and requiring you to enter your password and Social Security number to unlock it. Think twice before clicking on links in messages such as this. Most genuine messages from financial institutions will not ask for personal information directly, but will instead instruct you to call or visit a website directly. You can also verify the email address that sent the message to ensure it came from the expected sender. Shop safelyWhen shopping online, check out the website before entering your credit card number or other personal information. Read the privacy policy and look for opportunities to opt out of information sharing. (If there is no privacy policy posted, beware! Shop elsewhere.) Learn how to tell when a website is secure. Look for "https" in the address bar or an unbroken padlock icon at the bottom of the browser window. These are signs that your information will be encrypted or scrambled, protecting it from hackers as it moves across the internet. Be careful what you shareSocial media allows sharing of all aspects of life, but it's important to control who has access to the information you share. Information thieves can use social media postings to gather information and then use the information to hack into other accounts or for identity theft. To protect yourself, make use of privacy settings to limit the visibility of personal posts to your personal networks, and restrict the amount of information you share with the general public. Responding to data breachesEven if you make all the right moves, your data may be stolen from a company you trusted to keep it safe. If you find that your personal information has been accessed without your authorization, take steps to protect yourself. Place a fraud alert on your credit file. Review your annual credit reports. And if you suspect your information has been breached, put a freeze on your credit file to prevent fraudsters from opening new accounts in your name. For more information, see the Attorney General's information sheets on identity theft. Parents, take controlDon't let your children risk your family's privacy. Make sure they know how to use the internet safely. For younger children, install parental control software on devices that limits the websites kids can visit. To protect your children's future credit, consider setting up a credit freeze for your child. But remember: no software can substitute for parental supervision. Additional InformationConsumer information from the California Department of Justice, available at www.oag.ca.gov/privacy. OnGuard OnlinePractical tips from the federal government and the technology industry to help you be on guard against internet fraud, secure your computer, and protect your personal information. Online Guide to Practical Privacy ToolsComputer security resources from the non-profit Electronic Privacy Information Center. Table of Contents IntroductionWhat is personal cyber security?In an increasingly tech-driven world we use devices and accounts every day that are vulnerable to cyber threats.
Personal cyber security is the continuing steps you can take to protect your accounts and devices from cyber threats. What are cyber threats?The main cyber threats affecting everyday Australians are scams and malware.
These attacks can have significant personal and financial impact on victims and are growing in sophistication and frequency. Read more about the different types of threats affecting Australians. How can this guide help protect me from cyber threats?The Personal Cyber Security: First Steps guide is the first in a series of three guides designed to help everyday Australians understand the basics of cyber security and how you can take action to protect yourself from common cyber threats. If you are learning about cyber security for the first time, or are keeping yourself up to date, this guide is an excellent place to start. Turn On Automatic UpdatesWhat are updates?An update is an improved version of software (programs, apps and operating systems) you have installed on your computer and mobile devices.
How do I set up automatic updates?Automatic updates are a default or ‘set and forget’ setting that installs new updates as soon as they are available.
Your device must be powered on, plugged into power and have unused storage space.
More detailed information on how to turn on automatic updates can be found in our step-by-step guides. What if the automatic update setting is unavailable?If the automatic update setting is unavailable, you should regularly check for and install new updates through your software or device's settings menu. What if my older device and software do not receive any updates?If your device, operating system or software is too old, it may no longer be supported by the manufacturer or developer. When products reach this ‘end of support’ stage they will no longer receive updates, leaving you vulnerable to cyber-attacks due to known software ‘bugs’. Examples of products that are end of support include Windows 7 operating system and the iPhone 6. If your device, operating system or software has reached end of support, we recommend upgrading as soon as possible to stay secure. For more information you can read our Quick Wins for End of Support guide. Activate Multi-Factor Authentication (MFA)What is MFA?You can use multi-factor authentication (MFA) to improve the security of your most important accounts. MFA requires you to produce a combination of two or more of the following authentication types before granting access to an account.
MFA makes it harder for cybercriminals to gain initial access to your account by adding more authentication layers, requiring extra time, effort and resources to break. Two-factor authentication (2FA) is the most common type of MFA, requiring two different authentication types.
Regularly Backup Your DevicesWhat is a backup?A backup is a digital copy of your most important information (e.g. photos, financial information or records) that you have saved to an external storage device or to the cloud. Backing up is a precautionary measure so that your information can be recovered in case it is ever lost, stolen or damaged. How do I backup my devices and files?You should regularly back up your files and devices. What that looks like, whether it is daily, weekly or monthly, is ultimately up to you. Backup frequency could depend on the number of:
For more detailed information on backing up to both external storage devices and the cloud you can read our step-by-step guides. These cover back-up guides for PC, Mac and iOS. Use Passphrases To Secure Your Important AccountsMulti-factor authentication (MFA) is one of the most effective ways to protect your accounts from cybercriminals. If MFA is not available, a unique strong passphrase can better protect your account compared to a simple password. What is a passphrase?A passphrase uses four or more random words as your password. For example: ‘crystal onion clay pretzel’.
Which accounts should I secure with a passphrase?If your most important accounts are not protected with MFA, change your passwords to unique strong passphrases, starting with your:
If you have a lot of email accounts, prioritise those that are linked to your online banking or other important services. You can typically change your password to a unique strong passphrase through your account settings menu.
For more advice on how to build strong passphrases you can read the Creating Strong Passphrases guidance on the website. Secure Your Mobile DeviceToday smartphones and tablets are used to connect, shop, work, bank, research, track our fitness and complete hundreds of other tasks at any time and from any location. What can happen if my mobile device is compromised, lost or stolen?
How do I secure my mobile device?
Read more on how to protect your devices. Develop Your Cyber Secure ThinkingPersonal cyber security is not just about changing settings, it’s also about changing your thinking and behaviours. Watch Out For Cyber ScamsCybercriminals are known to use email, messages, social media or phone calls to try and scam Australians. They might pretend to be an individual or organisation you think you know, or think you should trust. Their messages and calls attempt to trick you into performing specific actions, such as:
Scam messages can be sent to thousands of people, or target one specific person.
To learn more about how to spot phishing or scam messages you can take our quiz. What should I do if I get a scam message?If you receive a scam message or phone call, you should ignore, delete or report it to ACCC’s Scamwatch. You can also contact the ACSC’s Cyber Security Hotline on 1300 CYBER1 (1300 292 371) if you are concerned about your cyber security. If you’ve engaged with a scam and think your bank accounts, credit or debit cards may be at risk, contact your financial institution immediately. They may be able to close your account or stop a transaction. What if I’m unsure if a message is a scam?If you think a message or call might truly be from an organisation you trust (such as your bank) find a contact method you can trust. Search for the official website, phone their advertised phone number, or visit a physical store or branch. Do not use the links or contact details in the message you have been sent or given over the phone as these could be fraudulent.
If you think you’re a victim of cybercrime you can report it through ReportCyber or call our Cyber Security Hotline on 1300 CYBER1 (1300 292 371). You can also keep up to date on the latest threats by signing up to ACSC’s free alert service. We will send you an alert when we identify a new cyber threat. Stop And Think Before You Share On Social MediaCybercriminals can use information you have publicly posted on your social media account/s in their scams and cyber-attacks. Remember the internet is permanent and you can never fully remove what has been posted. How can I stop and think before posting?
What information should I avoid sharing?Avoid sharing information (including photos) online that cybercriminals can use to identify you, manipulate you through a scam or deduce your account recovery questions. This may include your:
If you think you’re a victim of cybercrime you can report it through ReportCyber or call our Cyber Security Hotline on 1300 CYBER1 (1300 292 371). You can also keep up to date on the latest threats by signing up to ACSC’s free alert service. We will send you an alert when we identify a new cyber threat. If you would like to understand some of the terms used within this personal security guide better you can view our glossary on the website. Next guide in the Personal Cyber Security SeriesNow that you have completed the ACSC’s Personal Cyber Security: First Steps guide you should begin the Personal Cyber Security: Next Steps guide. The Personal Cyber Security: Next Steps guide outlines the actions you can take now to further increase your cyber security. |