5 tips for keeping yourself safe online

Cyber safety is everyone's business. Here's the latest advice to keep your data and devices secure.

Data breaches are becoming more common, but with the right information and some simple security tools we can keep ourselves, our families and our workplaces safe from cyber threats.

Recent data breaches have prompted many of us to view our online habits differently. As these events become more widespread and affect more people, there are steps you can take to protect your important information online. 

We asked the UOW's School of Computing and Information Technology Head of School, Distinguished Professor Willy Susilo for his tips on how to keep your accounts secure and data safe.  

Keep your devices healthy  

Make it a habit to shut down your laptop at the end of the day and regularly update software and applications. These  are your armour against attacks.

Professor Susilo, who is also Director of Institute of Cybersecurity and Cryptology (iC2), says that updating your device software can fix the weaknesses hackers use to access your information. Completing a regular computer backup will also help if your device or accounts have been compromised. 

Use passphrases for best protection 

Despite enduring popularity, a note on your phone or a Post-it on your monitor is not ideal to keep track of important passwords. Instead, Professor Susilo suggests using password manager software to sort and remember your passwords.

“With password manager software, you will only have to remember one master key. The software will then generate other passwords for your accounts that are truly random and all different,” he says.

When you create a password, certain security practices  Combining numbers, capital letters, and special characters is the norm in creating passwords. But experts now urge us to shift our thinking from words to phrases.

“Having a simple master key for a password manager software, say a spouse’s name or birthday, kind of defeats the purpose. Cybercriminals can easily guess these and steal all your other passwords,” he says.

Instead, he suggests thinking of a phrase unique to you for the master password. This makes it easier to remember and harder for others to guess.  

Turn on two-factor authentication 

Two-factor authentication provides additional protection and an extra barrier for those attempting to hack into your accounts. Professor Susilo always recommends opting for two-factor authentication on the accounts that offer it to safeguard your information.

“The best thing we can do is to use two-factor authentication. The power of authentication has proven to be quite safe because whenever we log in, we need to authenticate that it’s us via a phone or somewhere else.”

Another benefit is that you will be notified if someone is trying to access your account and can take appropriate action to secure your information. 

Stay alert  

Being across the latest news about scams and phishing tactics is more important than ever. Scammers may impersonate trusted organisations such as banks, police or the government to access personal info, bank details or passwords. These organisations will never ask for personal information, bank details or money over the phone, via email or text.

The tell-tale signs of phishing attempts are urgent calls to action or threats (for example, call now to avoid a fine), bad spelling and grammar, inconsistencies in the email domain, generic greetings and suspicious links or attachments.

If you encounter a suspected data phishing scam, remember to stop, think and verify. Do not interact with the message or click any links. If you still think the message could be legitimate, verify the person or company through another means, such as the contact details found on an official website, printed statement or membership card.

Otherwise, report the suspected data phishing message/attempt to Information Management & Technology Services (IMTS) and delete it.  

Cyber safety is everyone's business  

Data breaches are becoming more topical - especially in the fallout of recent, large-scale cyber security attacks. But Professor Susilo says they've actually been happening for quite some time.

“People are not really aware, especially when it doesn’t impact them or a mass of people. It doesn’t get traction in the news. But there are websites you can use to check whether your passwords have ever been compromised,” he says.  

If you do find that your password is vulnerable, you need to change it and monitor for any unusual activity. If you find your bank account has been compromised, Professor Susilo says you need to notify your branch and observe your transactions for the next few months. 

The bigger picture

Professor Susilo explains that while everyone needs to protect themselves and their data online, we shouldn’t place the responsibility on the individual alone.

“Everyone needs to protect themselves, but we need to make sure that we educate other people to understand the issues behind all of this,” he adds.

“If an individual is being attacked or compromised and they do not realise what is happening, there is nothing much we can do. But, when they realise and seek help, cyber security experts can fill in the gaps and make the online community safer for all,” he says.


Your cyber safety checklist

  • Use passphrases: A passphrase is a phrase completely unique to you that you set as your password. They are harder to crack compared to standard passwords that typically combine words, numbers and special characters.
  • Lock your computer: Make it routine to lock your computer whenever you are not using it directly. Try it the next time you step away from your desk, or during your lunch break. 
  • Be wary of high-risk technology: Off-campus public or free Wi-Fi hotspots, and QR codes pose some of the biggest risks for data theft and malware attacks. Don’t assume this technology safe.
  • Rethink what you share: Before sharing personal or professional information online, take a moment to 'Stop. Think. Verify'. Through social engineering, this data can easily be collected and used to build a profile on you.