Data security 101: Protecting your personal information
Written and accurate as at: Dec 06, 2017 Current Stats & Facts
When you think about digital technology and the internet, it’s probably safe to say that you use it on a daily basis to communicate with others and search for information – on both a personal and work-related level – often across multiple devices (e.g. desktop computers and mobile devices, such as smartphones, laptops and tablets).
Unfortunately, cybercriminals may attempt to obtain your personal information for financial gain using methods such as phishing and hacking.
For example, according to the most recent information from the Australian Competition & Consumer Commission’s (ACCC) Scamwatch, of the $72.8 million that has been lost in 2017 to people that have fallen victim to scams, $2.7 million of this has been attributed to attempts to gain personal information.
Consequently, when using digital technology and the internet, it’s important to keep your personal information secure and be alert to potential instances where someone may seek to obtain this from you.
Please see below for helpful information regarding phishing, browsers, mobile device security and passwords.
Phishing (e.g. email and messaging)
Phishing is a type of attack that cybercriminals use to trick you into giving out personal information, such as your passwords and bank account/debit card/credit card numbers.
It works by a cybercriminal sending you an email or message (via text message or a social media platform) that attempts to trick you into:
- Firstly, believing the email or message is real. For example, pretending to come from a legitimate business, such as a bank or telecommunications/utilities provider.
- And, secondly, taking some form of action. For example, clicking on a link, completing a form or opening an attachment (which can open the door to malware attacks involving viruses or spyware).
You can help protect your personal information by being alert to common signs of a potential phishing attempt. For example, the email or message:
- Uses a generic greeting, such as “Dear Customer”, instead of a personal salutation with your first and last name.
- Requests personal information (e.g. passwords and bank account/debit card/credit card numbers).
- Has spelling or grammar mistakes, the signature lacks details about the signer or how to contact the business, or a personal sending email address has been used (e.g. @gmail.com, @hotmail.com or @yahoo.com).
- Requires immediate action or creates a sense of urgency (e.g. your account had an “unauthorised login attempt”).
In addition to the above:
- Check the email address in the header from section of the email, instead of relying on the display name. Cybercriminals can spoof the display name of an email address.
- Before clicking on a link in an email or message, hold your finger down on it (i.e. smartphone or tablet) or move your mouse cursor over it (i.e. desktop computer or laptop). By doing this, you will be able to see the destination of where the email or message wants to take you. Once this is done, then confirm that the destination displayed matches the destination in the email or message and that it’s going to the business’s actual website.
- When an email or message has an attachment be cautious of the fact that it has the potential to house malware. As such, it’s often considered wise to only open attachments that you are expecting.
Please note: Cybercriminals can also create emails that appear to be from a friend, family member or co-worker. As such, if you receive an email from someone you know, but the tone or the message in general just doesn’t feel right, consider calling them to verify they sent it.
Browsers
When you think about it, browsers are one of the main ways that we interact with the internet. For example, when you search for information online, you are using a browser (e.g. Google Chrome, Mozilla Firefox, or Apple Safari). For this reason, browsers are often a target for cybercriminals when it comes to attempts to obtain your personal information.
Here are several helpful tips to protect your personal information when using a browser:
- Use the latest version of your browser as they have the most recent security patches and can be much more difficult for a cybercriminal to hack.
- Only install plug-ins or add-ons if you need them as they have the potential to add further vulnerabilities to your browser that can be exploited by cybercriminals – and once a plug-in or add-on is installed, just like your browser, make sure you are using the latest version. Plug-ins and add-ons are software that can be added to a browser to provide you with additional features, such as text editing, ad removal, or movie watching.
- If you are about to visit a website that your browser warns could be dangerous, consider closing it and opting for an alternative website that is deemed safer by your browser.
- Prior to sending personal information online, for example your debit card/credit card details for an online purchase, check that your browser is using HTTPS, which can be found in the address bar of your browser (i.e. the website address starts with HTTPS and a padlock icon is displayed). This is a sign of encryption whereby the personal information that is sent from your device (e.g. desktop, laptop, mobile or tablet) to the intended destination is scrambled so that only the authorised website may read it.
- Lastly, when you have finished visiting a website that has required you to log in, remember to log off before closing the browser, as this will remove personal information, such as your username and password.
Mobile device security
Your mobile devices (e.g. smartphones and tablets) can store a considerable amount of personal information. As such, it’s important to protect them.
Here are several helpful tips to protect your personal information when it comes to mobile devices:
- Use a screen lock, such as a strong password or swipe pattern, as well as consider the option of enabling remote wiping (if it’s available). Remote wiping allows you to delete personal information from your mobile device in the event that it’s either lost or stolen.
- Disable Wi-Fi and Bluetooth when these services are not in use. This will stop your mobile device from automatically connecting to potentially unsafe networks without your knowledge.
- Choose mobile apps from trusted sources and consider the permissions that each app requests upon its installation. This can help protect you from cybercriminals who create and distribute apps that may look legitimate, but in reality often house malware. Furthermore, just like browsers and plug-ins/add-ons, always make sure that you are using the latest version of your mobile apps and running on the latest operating system for your mobile device.
Passwords
The passwords that you use to log in to your devices, as well as certain apps and websites, help protect your personal information. As such, when it comes to creating strong passwords, try to avoid the following:
- Information that is either generally known about you or could otherwise be easily obtained (e.g. via your social media accounts). For example, your birth date, where you were born or your pet’s name.
- Commonly used passwords, such as consecutive keys/numbers/letters (e.g. 1234567, 7654321, abc123 or QWERTY) or words (e.g. password, login, admin or google).
Alternatively, consider using passphrases as your passwords; however, preferably not something used in every-day speech (e.g. between a rock and a hard place) as this can make your password less secure. An example of a passphrase could be the stringing together of several random words, “objectives retirement goals comfortable”. To further enhance the strength of a passphrase consider adding the following:
- Numbers – 9bjectives 4etirement 6oals 4omfortable
- Lowercase and uppercase letters – 9bjectiveS 4etiremenT 6oalS 4omfortablE
- Symbols (punctuation and spaces are also symbols) – “9bjectiveS 4etiremenT 6oalS 4omfortablE!”
Please note: To help increase the protection of your personal information, many online accounts now offer ‘two-step verification’ or ‘two-factor authentication’. This is where you need more than just your password to log in to your account, such as codes sent to your smartphone.
In addition to creating strong passwords, it’s important to be careful how you use them. For example, use a different, unique password for each device and online account (e.g. email, social media platform and website) that you hold. And, if you are struggling to remember all of your passwords consider the option of having a password manager. This special program securely stores all of your passwords. As such, you only need to remember one password – the password to your password manager.
Lastly, consider changing your passwords if you believe they have been compromised or stolen.
Moving forward
Although this is not a complete list of tips to help protect your personal information, it does serve to highlight the importance of understanding that cybercriminals are vigilant, across multiple avenues. As such, by taking precautions, you can help ensure that your personal information remains safe and subsequently is not obtained by others wishing to use it for financial gain.
To end on a light note, we leave you with a funny look at what happened when James Veitch, a British comedian, replied to a spam email. Watch it here.