Week 1: Activate Multi-Factor Authentication (MFA)
The first message for the month is to activate MFA wherever possible. MFA is an additional layer of security that acts as an additional barrier to an attacker in the event your password is compromised.
Passwords can be compromised in any number of ways.
- We can be tricked into accidentally giving them away by a phishing email that takes you to a fake login page that harvests our username and password.
- A database containing our password information can be stolen from a service we use.
- With a cybercrime reported every six minutes in Australia2, it pays to take the time to switch on MFA, especially for critical services such as email.
- Watch a video on MFA
- Read the article Understanding MFA
Week 2: Apply automatic updates to all software
Software updates are more than just functional improvements – they’re crucial for your device’s security. These updates often include patches for vulnerabilities that attackers can exploit. By enabling automatic updates for your device, operating systems and applications, you help protect your systems from potential threats.
Week 3: Avoid password re-use. Use passphrases
30% of small businesses have upgraded passwords to passphrases3. That’s according to the Council of Small Business Organisations of Australia (COSBOA)’s Cyber Wardens program.
That means there is still work to be done. Passphrases are a good idea because passwords are often simple to guess and quick for computers to break.
The temptation is also often to re-use passwords or use passwords that are linked to something or someone special to you. Below is a video that shows how that makes it easy to break passwords.
The goal of a passphrase is to create something that’s easy for you to remember, but hard for a computer to guess. A nice approach is:
- Pick 4-5 random letters eg. RKEB
- Think of a word that starts with each letter eg. RosyKoalaEggyBread
- Add some numbers or characters if you like eg. RosyKoala&2EggyBread
- That’s your passphrase!
Week 4: Ask “Is this a phishing email?”
Phishing emails are a common vector of attack used to trick people into giving away sensitive information, including passwords and login details, or downloading fake apps or malicious software.
Whenever you receive an email that looks or feels a bit odd or unexpected, remember to Stop, Check and Reject.
- Read an article on phishing and SMiShing scams
- Watch a video explaining phishing
We can all play a part in shutting down cyber criminals. For the latest scams targeting customers, search ‘CommBank Safe’ on the CommBank website.