October is Cyber Security Awareness Month and an annual reminder for all Australians to stay secure online.
The theme for 2024's Cyber Security Awareness Month is 'Cyber security is everyone's business'.
This year, we are encouraged to take time to talk cyber security with family, friends and colleagues, and urge them to take action.
Cybercrime reports are increasing and malicious cyber activity continues to pose a risk to every Australian. Cyber security is everyone’s business. By taking simple steps, everyone can help make Australia a more secure place to connect online.
Here are some simple steps you can take to improve your cyber security:
Turn on multi-factor authentication
Multi-factor authentication (MFA) is when you use two or more different types of actions to verify your identity. It’s one of the best ways to protect your accounts. Turn on MFA where possible. Start with your most important accounts, such as:
- online banking
- accounts that save your payment details, like online shopping or gaming
- social media
- other accounts that hold personal information, like myGov.
Learn more about MFA: Turn on multi-factor authentication
Keep your devices and software up to date
Software and app updates are an essential part of keeping your devices running smoothly and securely. But it’s easy to ignore these important update prompts and this could be potentially harmful to your device. Performing these updates can have many benefits such as:
- Security enhancements
- Bug Fixes
- New Features
- Compatibility
- Improving performance
Check that automatic updates are on and install updates as soon as possible. Learn how to update your devices.
Use strong and unique passwords, such as a passphrase
Passphrases are made up of four or more random words making them longer than a traditional password. This makes them harder to guess but easy to remember. Changing your passwords to a passphrase is a great way to improve your cyber security.
When you choose your passphrase, make it:
Long - The longer your passphrase, the better
Aim for at least 14 characters long. Four or more random words that you will remember is great. For example: 'purple duck potato boat'.
Unpredictable - The less predictable your passphrase, the better
A good passphrase is made up of four or more random words. Sentences don't make great passphrases as they can be easier to guess. For example, it is predictable to have spaces between words, a capital letter at the beginning and punctuation at the end. Using a mix of random words is far more unpredictable and makes stronger passphrases.
Unique - Don’t recycle your passphrases
Use different passphrases for different accounts. Your Facebook password should be different to your email password and so on.
Additional password tips
- Avoid saving any of your passwords in a document, email, note or anywhere on your device that can be hacked.
- Never give out your passwords to anyone.
- Don’t use anything personal to you that can be easily guessed such as family names, nicknames, pet names, date of birth or sports teams. Some of this information, can be obtained simply by looking at your social media or online work profiles.
- Change your passwords frequently, especially if there is a data breach.
- Consider storing your passwords and passphrases in a reputable password manager.
Recognise and report phishing scams
Phishing is a way cyber criminals trick you into giving them personal information.
They may make contact via fraudulent emails, text messages, phone calls or social media often pretending to be from large organisations you know or trust such as utility providers, financial organisations, telecommunications companies and government agencies. They may also take the form of fake vouchers or competitions, surveys, postal notifications, bills, account alerts etc.
They may try to steal your online banking logins, credit card details or passwords. Phishing can result in the loss of information, money or identity theft.
Spear-phishing is when these emails and text messages are highly targeted to the recipient.
Here are some red flags to look out for:
- Suspicious sender: The message, phone call or email may appear to be from a known company, but the number or email address is unfamiliar or doesn’t match the official contact details.
- Urgent language: Scammers often use urgent language (‘Your account is locked!’, ‘Payment overdue’ or ‘Immediate action required!’) to pressure you into acting quickly without thinking.
- Suspicious links: Unsolicited text messages or emails may contain suspicious links or attachments. Do not click or open, they may contain malware. If you’re unsure, go directly to the source by visiting the official website or app, log in to your account, or call their phone number.
- Request for personal information. Legitimate companies, financial institutions, and government agencies will never ask for personal information such as passwords, credit card numbers, PINs or remote access to your device via phone calls, social media, texts, or pop-ups. Scammers, on the other hand, may request these details or ask you to download suspicious files. Many organisations clearly outline what information they will and will not ask for, so if someone asks for something unusual, it’s likely a scam.
Please note, Australian Mutual Bank will NEVER:
- ask for your Internet Banking login details or credit card details via phone, email, text or social media.
- use email, text or social media to send you a link to an Internet Banking login page or install our Mobile Banking app.
- ask you to communicate your passwords to the bank in any form
What to do if you have encountered a scam:
- Contact your bank. Contact your financial institution if you think your credit cards or bank account may be at risk. They may be able to close your account or stop a transaction. Australian Mutual Bank members can contact our Fraud Team by calling 13 61 91 or by emailing info@australianmutual.bank.
- Change the passwords to any accounts which may be accessed. This could include banking, superannuation, MyGov and email accounts. You may also need to close any unauthorised accounts that have been opened in your name.
- Run antivirus or security scan software on your devices to remove any malware.
- Report a cybercrime via ReportCyber if you have fallen victim to a scam.
- Help keep Australia secure by reporting the scam to the National Anti-Scam Centre - Scamwatch.
- Beware of follow up scams, particularly ones promising to help you get your money back. One in three victims of a scam have been scammed more than once according to Scamwatch.
- Ongoing support. If you or someone you know has been impacted and may need ongoing help, there are support services available. These avenues of support are available to help, listen and believe.
- For more advice on how to avoid scams and what to do if you or someone you know is a victim of a scam, see our Security Advice section or visit the Scamwatch website.
Cyber security is everyone’s business, and it’s important for everyone to take action to secure their accounts and devices from cyber threats.
Sources:
