How to protect yourself
-
Back up your data
Backing up the data on your devices — by copying it to another, separate location — is one of the most important things you can do.
Why it matters
If you’re targeted by an online attack you may not be able to access or use your computer, phone, or any of your other devices. But if you’ve backed your data up you will still have access to a copy, no matter what ends up happening to your device.
What to do
Back up your data regularly — for example, every week. You can:
get an external hard drive and do an 'offline' or 'cold' backup, and/or
sign up to a cloud-based service like Dropbox, iCloud, Google Drive or OneDrive and do a cloud backup. -
Update regularly
When you’re alerted to an update for your device or one of your apps, don’t ignore it — install it as soon as possible.
Why it matters
Updates aren’t just about adding new features. They’re also about fixing vulnerabilities in a device or an app that attackers could find and use to gain access to your system.
What to do
Run updates when you're notified of them, or set your system preferences to update them automatically — then you don’t have to think about it.
If you don't use an app anymore, remove it from your devices.
If your device can’t receive security updates anymore, upgrade to a newer model as soon as you can.
-
Use different passwords on everything
We know it's easier to use the same password for all of your accounts, or stick to two or three that you use in lots of places. But it opens you up to risk.
Why it matters
If an attacker gets access to one of your account passwords, it often gives them access to many of your other accounts as well. This can happen easily, whether it's from a company's data being breached, phishing attacks or if you share a password with someone.
What to do
Use a different password for every online account you create – this should be totally different, not just changing a symbol or number.
Try using a password manager, which will store and manage your passwords for you. The password manager will be the only account you need to remember login details for.
Think about using a short phrase or add a few random words together to create a passphrase, rather than a password.
Passphrases are usually stronger and easier to remember than passwords.
You can add a mix of letters, numbers and symbols to make your passphrase more complex, for example 'Wint3r here 1s warmer than Summ3r'.
Review the passwords for some of the accounts you’ve had for a while – they probably have weaker or reused passwords.
-
Turn on two-factor authentication
With two-factor authentication (2FA), you can choose to have a code sent or generated on your device, like your phone, that you can use to authenticate who you are every time you log in. This can also be called:
- multi-factor authentication (MFA)
- two-step verification
- two-step authentication.
Why it matters
Even if someone gets access to the password for one of your accounts, they won't be able to access it if they don’t have your phone to receive the 2FA code.
What to do
Turn on two-factor authentication, especially for your important accounts, like your email and social media accounts.
If several types are available, choose the option that isn’t a text message, as texts are less secure types of 2FA – though they're still safer than no 2FA.
-
Install antivirus software and scan for viruses regularly
Antivirus software can help you detect and remove viruses from your computer system before the virus has a chance to do any damage.
Why it matters
Viruses, ransomware and malware can destroy or lock you out of your devices. Antivirus software can notify you of them before they have a chance to go all through your system or network.
What to do
Install an antivirus program on your computer. If you’re not confident doing this yourself, a computer services company can do it for you.
Run it regularly, for example every week, and clean up any viruses it identifies.
Tell your IT person about any viruses you’ve found the next time you see them.
Supported versions of Microsoft Windows come with a free antivirus called Windows Defender. Otherwise, get a legitimate antivirus from a well-known, trusted company — your local computer services company can give you advice on what would work best for you.
Don’t just download any free antivirus software online, as many of the ones you see advertised for free are fake. They could download malware or adware onto your computer instead of helping you detect and remove it.
-
Be smart about social media
We’re so used to sharing things online that we don’t really think about it anymore. Everyone knows your pet's name, where you went to school, where you work, and even when you’re away on holiday.
Why it matters
The information you post to your Facebook profile, your Twitter feed or your Instagram account to keep your friends and family up to date could be used to steal your identity, hack into your online accounts or see that you're on holiday and your house might be empty and easier to steal from.
What to do
Check the privacy controls on your social media accounts. Set them so only your friends and family can see your full details.
Don’t put too much personal information on your social media accounts.
Remember our tip about passwords. If you share pictures of your dog on Facebook, make sure you’re not also using your dog’s name as your password.
-
Check who you're giving information to
If you're asked to give personal information or financial details online, always double check where the request is coming from.
Why it matters
Scams, fraud and phishing emails all attempt to trick you into giving away your personal information or your financial details — often by pretending to be a legitimate business, like a bank. Don’t give out personal information online unless you know who’s asking for it and why.
What to do
Stop and check before you give out any personal information. Make sure you know how the companies you deal with will contact you, and know what kind of information they’ll ask you for. For example, a bank will never email you with links to online banking and ask you to login.
If you’re not sure why you’re being asked for information, call the company directly to check what they want it for. Businesses are legally obliged to only ask for information they need.
If you get any requests via email or text message for personal or financial details that you're unsure about, do some checks before giving your information away. For example, if your insurance company asks you for information online, phone them or, if you can, visit your local branch to query their request first.