10 easy ways to protect yourself from cyber attacks

Use your smarts, and technology, to be cyber-secure – at home, at work, at uni or out in the world.

1. Check if you’ve already been involved in a data breach

Before you begin to put steps into place to protect yourself against cyber attacks, ensure you haven’t already unknowingly been the victim of one.

Visit haveibeenpwned.com and change those passwords for any accounts that it suggests may have been compromised.

Oh no – my data has been compromised! What should I do?

First things first – stay calm. It depends on the nature of the breach, but you may need to act quickly.

If only the username and password of an unimportant account has been stolen, that’s possibly a low-level concern. If your phone number has been released, then you’ll need to keep an eye and ear out for scams – be discerning of any calls or text messages coming from random numbers (or even allegedly ‘trusted’ numbers).

You should change the password for the affected account right away. If you use the same password for other accounts, or one that is similar, make sure you change them too. 

Think about changing your passwords for:

• your bank accounts
• email
• health and government services
• social media accounts.

And if changing a password triggers a prompt asking you to sign out of that account on all other devices, say yes.

2. Check the strength of your passwords 

Test the strength of your passwords at howsecureismypassword.net (for an extra security measure, use something similar to your original password to test its strength).

When choosing a password, remember: the longer it is, the stronger it is. A strong password is at least 14 characters long and hard to guess.

Or upgrade your cyber security measures with a passphrase

Using a sentence – a passphrase – is a great way to create a long password that you’ll never forget.

Something like “RabbitCheesePencil#3Outlook” is easier to remember and is stronger than “D3nt@o9e” – just change the 'Outlook' part depending on what you’re logging into. 

3. Avoid these passwords

The following passwords are considered the most common and easiest to crack – so if you’ve got any of these or similar variations, you should seriously consider changing them – quickly!

• 123456 (or any chronologically-ordered numbers)
• 987654321
• 123123
• QWERTY
• 111111
• Password

4. Use a password manager

Sick of trying to remember all your passwords, or having to change them every time you login? 

Choose a password manager to securely store and make passwords for you. They're very convenient as you only need to remember one master password after you set it up.

A password manager will help you create unique and complex passwords for your work and personal accounts. A PM also stores them securely within its system and enters them into websites as you login.

VU Cyber has partnered with Dashlane to provide VU students with a free password manager. 

Dashlane stores your passwords and keeps them up-to-date across your:

• phone
• computers
• tablets
• other devices, including personally owned devices.

All VU students and staff have access to a free account.

5. Use multi-factor authentication

For an extra layer of security, consider using multi-factor authentication. Also known as two factor authentication, MFA and 2FA, it adds an extra layer of security for websites, so you can confirm who you say you are.

There are multiple ways you may be asked to prove your identity, but your phone is usually key. You may log into your bank software, to be prompted for a pin. Or get a request to use a MFA app such as Microsoft Authenticator when accessing your work emails.

See more information about [setting up and using MFA]( https://www.vu.edu.au/about-vu/facilities-services/it-services/online-s…).

6. Trust no one (on emails, phone or text)

This may sound a bit extreme – but always be on the lookout for deceitful emails and compromised web pages (spam and phishing). Interacting with these puts your information at risk and can download viruses. Remember:

• don't open email from unknown email addresses
• trash attachments in unexpected emails
• avoid risky clicks – instead type the address into your browser.

Hackers and scammers are getting more and more sophisticated. Protect yourself from a cyber attack by being discerning about any text messages you may receive, particularly if they ask you to input your credit card details. 

If for example, someone from your bank calls and leaves a message and number, always check the number online before you ring back.

And whatever you do, do not give out any personal information over the phone or in an email, unless you’re totally sure it’s safe. You don’t want to fall victim to ‘social engineering’, which is where people are tricked into providing sensitive personal information by people who sound legitimate but are actually bad actors. 

If you are contacted on the phone by someone asking for personal information, ask for their name and number, and tell them you’ll call them back. Just because they might have some of your information, doesn’t mean they are who they claim to be.

7. Secure your device

If your mobile device is unsecured, lost or stolen, it could be used to access your info, your money or steal your identity and irreplaceable data like photos or messages. 

Secure your devices by:

• installing anti-virus software
• setting a password, gesture or fingerprint that must be entered to unlock
• setting the device to require a password before applications are installed
• leaving Bluetooth hidden when not in use and disabling automatic connection to networks
• enabling remote locking and/or wiping functions, if your device supports them.

8. Update your software

Make sure you routinely update the software system on your devices – your phone, tablet and laptop. In fact, consider turning on automatic updates, so the work is done for you in the background.

Network defenders work to plug holes in systems, to make sure bad actors can’t work their way in. We have to do our part by updating our software with their most recent fixes.

And it’s not just hardware that needs updating. Enjoy your applications are up to date and you’re navigating around the web on the most recent version of your browser. And of course, your anti-virus software! It can go a long way in helping protect you from a cyber attack. 

9. Use a secure web browser

Keep to sites that use the green padlock and ‘HTTPS’. Only provide sensitive personal information when you see this padlock – like providing your TFN or credit card when buying something online.

If a site has an ‘invalid certificate’, it may be a sign that it’s a bit dodgy and should be avoided. Make sure you also pay close attention to website URLs – malicious sites often use a variation in common spelling, or a different domain (.org rather than .com, for example) to deceive web users. 

Likewise, only download files from trustworthy sites, otherwise they may contain a virus designed to spy on you or hold your computer at ransom (ransomware). Yikes.

10. Report anything suspicious to your IT department

If you receive any suspicious emails or files at work or at uni, report them to your company’s IT department.

They’re the experts after all, and can investigate for you, to either confirm that you’ve received a phishing link, or that the file or email in question is legit.

You should now be feeling a lot more cyber savvy and know what to look out for as your surf the web. For more, the Australian Government has some tips on how you can safeguard your privacy and personal information online.