NEXT UP ON this.
It might sound like a problem for big corporations and tech nerds, but cyber crime is a serious and growing challenge for everyone. A cyber attack is reported in Australia every eight minutes, according to the Australian Cyber Security Centre’s most recent Annual Cyber Threat Report, with more than three quarters involving Australians losing money or personal information.
Data breaches – where cyber criminals gain unauthorised access to sensitive information like personal or financial information – are on the rise in Australia. Optus, Telstra, Canva and Eastern Health are some of the most high-profile, and there are hundreds more incidents that don’t make the news.
‘In the past, a large amount of cyber crime was just people trying to practice their hacking skills, not with the idea of causing a great deal of harm, but just to be mischievous or to learn something new,’ says Dr Jesse Laeuchli, a senior lecturer in cyber and networking security at Deakin University. ‘Now a lot more of it is serious, in the sense that people are using these attacks to steal money.’
Cyber crime is a complex caper, but protecting yourself can be as simple as knowing where you’re vulnerable and putting in place basic protections.
Cyber criminals use computers and the internet to commit crimes. They steal information, money and cause disruption through identity scams and fraud, online scams and attacks on computer systems and websites.
‘Normally it’s for some sort of financial gain, but it could be for harassment purposes or to cause damage in the physical world if it’s a more sophisticated attacker,’ Dr Laeuchli says.
‘There have been some surprising attacks recently that have affected people’s cell phones, where attackers have managed to get their number transferred to a new SIM card or a new phone.’
For the average person, information relating to your identity is most at risk, and the leaking of this data can have financial implications.
‘The risk is that the attacker will steal some personal information about you and use it to impersonate you and either open accounts in your name or access accounts that you currently own,’ Dr Laeuchli says. ‘They might take money out of them or sign you up for something that you don’t want or that they’re going to use.’
The trouble with cyber crime is everyone is potentially at risk because we share data with organisations of all shapes and sizes. Even worse, cyber crime is vastly different from a lost wallet or stolen car as it’s hard to detect.
‘It’s quite difficult to know if you’ve been the victim of a cyber attack,’ Dr Laeuchli says. ‘You can do everything right and still be a victim.’
One of the easiest ways to protect yourself from cyber crime is to enable multi-factor authentication – on everything from your bank accounts to email and social media accounts – which defends against the majority of password-related cyber attacks.
‘Two-factor authentication is something you know, like a password, and something you have, like a cell phone or security dongle,’ Dr Laeuchli says. ‘The company will send you a message asking for some information, like a code, from the thing that you have.
‘In terms of low effort but high effectiveness, two-factor authentication is one of the best tools.’
If you use the same password for most of your online accounts or always choose simple passwords like combining your dog’s name and date of birth, Dr Laeuchli’s advice is simple: don’t.
‘People will often think of a random word and change some letters to numbers or put their birthday on the end,’ he says. ‘They just follow these common patterns. It’s not very safe, because people who attack passwords are aware that these models exist.’
Instead, he recommends choosing four random words from the dictionary, like ‘horse battery staple chair’. ‘This makes it much harder for the attacker to model what you’re doing.’ Passwords that are at least 10 characters long are most effective.
A password manager like Last Pass, which stores your passwords and requires you to remember only one master password, can randomly generate passwords and sync across your devices.
‘A password manager is safe from average and even sophisticated cyber criminals, as long as you use it properly,’ Dr Laeuchli says.
Even if you’ve set up multi-factor authentication and a system for creating strong passwords, it pays to keep an eye out for anything dodgy in your bank accounts and email.
‘Monitor your credit card usage and make sure nobody’s impersonating you and opening new accounts,’ Dr Laeuchli says. ‘If you get an email or SMS from somebody that seems odd, make sure you talk to the person rather than just follow through, as some of them look pretty convincing.’
Regularly updating your Windows and mobile phone operating systems can also help to keep you safe from cyber attacks, he says.
‘Really sophisticated attackers use these ‘zero days’ attacks that nobody’s seen before, so there’s no protection. As soon as they’re used, cyber criminals get wind and rush to make use of them because they know there’s a finite window where people haven’t updated their systems. But if you’re regularly updating, you’ll be safe.’
If you’re worried you might have been caught up in a data breach, free sites like Have I Been Pwned? can run searches across various databases.
Subscribe for a regular dose of technology, innovation, culture and personal development.