With everything happening in the world right now, and with our lives increasingly becoming digital and online, it is important that we all maintain solid cyber security hygiene. This is not just for our websites and digital assets, it is also for our everyday lives and keeping ourselves and our families cyber safe.
I have a background in IT and Cyber Security for one of Australia’s biggest companies, and I will be sharing some tips below that will help keep you cyber safe.
The Australian Cyber Security Centre (ACSC) has sent out an advisory titled “Australian organisations should urgently adopt an enhanced cyber security posture”. Essentially warning Australians of cyber security attacks that may be coming from Eastern Europe.
It is important to note that you will never be 100% safe from Cyberattacks. Governments and banks have top-notch cyber security systems and millions/billions of dollars of budgets and they can still get breached. At the end of the day, if someone really wants to “hack” you or your websites, and they have the technical skills/knowhow and time/money to do it, there’s not much you can do to stop it.
But what we can do is make it harder for cybercriminals to attack us, and reduce the likelihood of falling victim. Cybercriminals are commonly set up like businesses. They want to make the most amount of profit for the least amount of effort and time. If you have some of these basic security hygienes in practice, it will make it harder for you to be “cyber attacked”. This will more than likely make it not profitable for them and they will move on to someone who is easier – the “low hanging fruit” (and trust me, there are lots out there).
It is just like having cameras, alarms, guard dogs and fences on your house that deter criminals – they will most likely move on to an easier house down the street that does not have those things.
1. Protect Your Accounts With Secure Unique Passwords
This is very important. You must have secure (16 character plus) passwords that are unique to each site.
Conventional passwords are often simple words that are easy to remember and associated with the individual who creates them – for example, a pet’s name, birthday, or favourite football team. This makes it easy for anyone to guess and gain access to accounts.
Passwords can either be a passphrase that only means something to you. This could be a combo of words and numbers. Or these could be traditional secure passwords with a combination of special characters, upper case, lower case, and numbers.
Some examples of some secure passwords are:
- [email protected]
- [email protected]$tTurb0
- I LOVE 2 Read b00ks!
Here is a resource to check how secure your passwords are.
You should also enter your email address or phone number into https://haveibeenpwned.com/. This is an online tool that notifies you when your account has been part of a data breach. If any of your accounts have been part of a data breach, please change your passwords immediately, especially if you use the same password across multiple accounts or services.
Once a service or application has been hacked, the data is posted on the dark web where it is either listed for free or can be bought.
Online criminals will use this data and plug it into bots that will scour the entire internet trying every single application with your email address and password to see if they can gain access.
This is where having a secure unique password is beneficial, as only that account or application will be compromised, in which you can just change the password. If you used the same password for every account, every one of these accounts would be at risk of being compromised.
2. Use a Password Manager To Stay On Top Of Your Passwords
Password managers are recommended. They allow you to create unique complex passwords and store them securely. They can also generate secure passwords for you when you are creating an account.
Why use a Password Manager?
As well as securely storing your passphrases in one place, password managers can:
- Assist you in creating and checking the strength of your passphrases.
- Alert you if your passphrase has been compromised and quickly assist you in changing a compromised password.
- Single sign on access across all accounts governed by one master password.
- Store digital records such as banking information, addresses and passphrases all in one place.
- Works across multiple devices including; Windows, Mac, iPad, iPhone, Android.
- Conveniently delegate and share passphrases and digital records with chosen individuals, allowing you to delegate tasks that require your passphrase without compromising the security of your account. You also have the ability to revoke access to your passphrase once it has been sent.
All you need to remember is your master password which must be secure and unique. You can also set up other backup options such as two-factor authentication and trusted recovery accounts (for example a partner or family member) in case you forget your master password or lose access to your password manager.
I personally recommend LastPass, however, there are many alternative password managers out there such as 1Password, Keeper, Dashlane, Nordpass, etc.
Here is a great review of the various password manager options you can choose from.
Think of password managers as your own personal assistant to keep your passwords safe, secure and easy to use
3. Get That Extra Layer Of Security With Two Factor Authentication (2FA) / Multi-Factor Authentication (MFA)
2-Factor Authentication (2FA) / Multi-Factor Authentication (MFA) will provide you with a second layer of protection for your online accounts. Potential hackers would require your password AND your phone or security key to access your account.
This means that even if your account was compromised and your password was visible, attackers would not be able to log into your account as they would need another method of authentication. This may be an SMS code sent to your phone or a code in an authenticator such as Google Authenticator.
You should set up 2FA/MFA for every service or account that will allow it. As well as your hosting (if possible) and your WordPress logins. Wordfence will allow you to set this up for your websites.
Personally, I recommend 2FA/MFA through SMS and Google Authenticator. Google Authenticator is an app that you can get on your mobile device.
4. Be Prepared For The Worst With Device And Website Backups
Backups are also very important. You should have regular backups of your devices and your websites.
- Website backups can be done through:
- Plugins such as Updraft Plus
- SaaS services such as ManageWP
- Hosting – You can get a dedicated hosting backup subscription in which all your files are stored offsite at a separate server.
- Device backups can be done through:
- Cloud backups to a cloud server (e.g. Microsoft One Drive, Google Drive, iCloud, AWS, iDrive, Acronis, One Backup, etc)
- Hardware backups to an external device such as a USB stick or Portable Harddrive (and then stored securely and even off-premise).
Backups are essential in case you are compromised or fall victim to a ransomware attack. Instead of paying the ransom, you can just restore from a backup and not everything is lost. They are also handy to have in case of system failures or things like house fires, flooding, or bushfires. Or even something going wrong and you just want to restore from a backup to diagnose or fix the problem.
If possible, it is advisable to have more than one method of backing up. Try to have two or more types of backups. For example, backing up a website with Updraft Plus and ManageWP in case one of them fails or is corrupted.
5. Maintain Your Guard With Device And Website Updates
You must ensure that you are updating frequently across all of your devices and websites. Software updates not only provide your device or application with new features, they also fix and remove security bugs that have been identified by your device and application developers. Online criminals often try to exploit security bugs on personal devices. Keeping your software up to date by installing updates as soon as possible will assist you in keeping your devices more secure.
Device updates are critical to ensure that newly found vulnerabilities are patched, otherwise, these may be used as a backdoor for cybercriminals to access your device and/or systems. Device updates include:
- Operating System (OS) updates (Windows, Mac, etc)
- Mobile Phone updates (apps, OS)
- Modem/Router updates to the firmware
- Chrome, Firefox, Safari updates
- Anti Virus updates (Ensure that you have Anti Virus installed).
Website updates are also critical like device updates. These include:
- Plugin updates
- WordPress updates
Ensure that all of the websites that you are hosting are regularly updated. If there is a website in your hosting that you do not keep updated, it is posing a security risk to your entire hosting and attackers can access your entire hosting and all of your websites through just one outdated and vulnerable website.
If you are struggling to update and backup your website, speak with us today to have us look after it for you.
6. How To Not Get Caught With Phishing Emails
Phishing emails are one of the ways that many people are hacked, compromised or scammed. Phishing is a type of email scam where online criminals attempt to trick you into giving out your personal or financial information, which can then be used to steal your money or your identity.
Phishing messages are designed to look genuine, and often copy the format used by the organisation the scammer is pretending to represent – including their branding and logo. They will take you to a fake website that looks like the real deal, but has a slightly different address. For example, if the legitimate site is ‘www.realbank.com.au’, the scammer may use an address like ‘www.reallbank.com’.
Phishing emails may also contain malicious attachments. These are often in an exe, pdf or zip format. Be careful not to open any attachments you are not sure about.
An email can be considered suspicious if it…
- Is from someone you don’t usually receive emails from
- Asks for your personal or financial information. Legitimate businesses never ask for your personal or sensitive information via email
- Creates a sense of urgency. For example, asking you to verify your account before it is suspended
- Includes an attachment you weren’t expecting. Online criminals include attachments that contain viruses and malware
If you do receive an email that has the above signs or is uncharacteristic from someone you do know, call them up and verify if they did in fact send that email to you.
The Australian Government Cyber website has some great information on phishing scams and how to spot them.
You can also try this phishing quiz by Google to see how your phish detector skills match up.
Always be vigilant with emails. You wouldn’t let a stranger through the front door into your house, so why click on links in an email and open attachments from someone you do not know?
7. Be One Step Ahead Of The Scammers
Continuing on from Phishing Emails, scammers can also try to scam you through phone calls or SMS messages.
- Phone Scams
- Online criminals call individuals pretending to be someone from a legitimate organisation. This could be the Tax Department, a telecommunications company (e.g. Telstra), or a software company (e.g. Microsoft). Scammers often ask for personal, and financial information which they can later use for criminal purposes. If you suspect you are receiving a scam call, hang up, and call the organisation yourself. Scam calls often have poor overall call quality, may ask for payment in the form of prepaid gift cards, ask for financial information, or may threaten you.
- SMS Scams
- Smishing or SMS scams are a popular way online criminals persuade you to tap on a link. SMS scams are often specially crafted to look like they are from a legitimate organisation and encourage you to verify your details or claim a prize by tapping a link contained within the message. The link may take you to a website that asks you to verify your account details by entering them on the website or even compromise the information on your phone by downloading malicious software.
8. Keep Up Your Shield By Locking Your Screens And Setting Passcodes
It is recommended that you set up secure PINs and passcodes for your devices. If you have an iPhone, it is wise to set up a 6 number PIN code instead of the default 4 number PIN code. You should also set up passcodes for your computer logins and any other electronic device that you use that connects to the internet (e.g. iPad, Tablet).
If you need to leave your computer or device unattended, lock the screen so that no one can use it when you are not there. This is especially important if you are working in a public place like a cafe, office, or airport.
Maintaining your Cyber Security hygiene has never been more important. If you follow the 8 easy steps listed above you will give yourself the best chance to keep yourself, your family, and your clients safe from cyber attacks.
If you would like to discuss the best ways to keep yourself or your business cyber safe, you can reach out to us through our contact page and speak with me directly.
Disclaimer: The methods listed above will not guarantee that you will not fall victim to a cyber attack. However, they are gold standard cyber security hygiene practices to give you the best chance to stay cyber safe.
JS Website Design is your local Penrith Website Design Company. We offer a range of website redesign packages that can help grow your business online.
We offer free initial website consultations so we can assess your business needs. Contact us today to discuss your website design needs.
About the Author
Jordan Sidhom has over 7 years of experience in the IT industry with the last 5 years being in Cyber Security for one of Australia’s biggest companies. He utilises this knowledge to provide our clients with websites that are both functional and secure.