This week is Cyber Smart Week in New Zealand and we thought we’d take the opportunity to share some strategies and simple steps you can take to keep safe online. Xero has partnered with CERT NZ – the Government’s Agency that helps improve cyber security in New Zealand, to educate you on the importance of staying secure online.
According to a study from Norton cybercrime costs more than $126 billion a year globally. A further 680 million people have been victims of online crime, so getting the basics wrong online comes with huge risk.
Here are CERT’s top tips to ensuring you keep yourself safe online.
1. Always use strong, unique passwords
Hackers can crack a weak password in minutes so it’s essential that you have strong, long passwords. It also important to use a different password for each site. Having a unique password helps prevent a compromise of one login becoming a compromise of many. Using personal information as your password is also a big no-no. Using your name, your pet’s name or your birthday should be avoided at all costs as hackers can easily find this information online (especially through social media). To create a strong password use numbers, letters and symbols and make sure it is at least 10 characters long. Password manager software can help you manage your multiple logins and make it easy to maintain good password practices.
2. Use two factor or multi-factor authentication
Two factor or multi-factor authentication is like having a second lock for your front door. This means you need to present at least two separate items to gain access. These could include a password and entering a unique code that is generated by an app on your smart device or sent to you by text (SMS). 2FA is excellent as it adds an extra line of defence when you login online and significantly reduces the risk of anyone getting access to your account.
3. Update your operating system (OS)
Cyber threats are changing all the time so it is important that you keep abreast of updates. Up-to-date operating systems and apps are your first line of defence against many bugs and viruses. Updating operating systems is one of the easiest ways to protect yourself. Just make sure that when an update for an app or your OS pops up on any of your devices, install it right away. You can even set your system preferences to install updates automatically. Then you don’t have to think about it.
4. Check your privacy settings
Consider what you share on social media as hackers can use your personal information to steal your identity or get into your online accounts. Ensure that your privacy settings are set so that only your friends and family can see your details. Another things to keep in mind is that some websites ask you to set some account recovery questions in case you forget your password. Make sure the answers to these aren’t posted online or on social media – for example, the school you attended.
As Head of Security for Xero I come across many different forms of online crimes. The scenarios outlined below are some of the most common methods used by cyber criminals to defraud their victims.
Three common scams and how to avoid them
1. Advanced Fee Fraud
If you ever have to pay money to get money, it’s advanced fee fraud. This includes lottery and inheritance scams, and the Nigerian Prince/Diplomat that needs your help to get his gold/diamonds/cash out of the country. The only person that will profit if you respond to one of these emails is the fraudster. Better to forward the email to firstname.lastname@example.org or report it to Netsafe.
2. Money Laundering
If you ever receive money into your bank account from someone you’ve not met and know in person, and they ask you to send it to them in another country using Western Union, Moneygram, or other money transfer service, it’s very likely you’re laundering the proceeds of a crime. Chances are that this is money stolen from another person’s bank account and you’re being manipulated into being the “money mule” to send the money to the criminal that stole it.
3. Cold Calls
Beware of cold calls. Whether it’s supposedly from the “Microsoft help desk” to tell you you have a problem with your computer, or someone with an investment opportunity too good to miss, the caller’s objective is to steal money from you. Legitimate companies don’t work like this. No technology help desk is going to call you about your problem, you have to call them.
For more indepth information about protecting yourself online head over to the CERT site.