Here are the easy steps you can take to secure your devices and accounts:
1. Update your devices
Cybercriminals hack devices using known weaknesses in systems or apps. Updates have security upgrades to fix these weaknesses. Turn on automatic updates so that this happens without your input.
Turn on automatic updates on all your devices:
- Mobile phone
Regularly check for updates for your:
- Smart devices
To turn on automatic updates, follow our Step by Step guides for:
2. Activate multi-factor authentication (MFA)
MFA improves your security by increasing the difficulty for cybercriminals to access your files or account.
Activate MFA, starting with your most important accounts:
- Email accounts
- Online banking and accounts with stored payment details
- Social media
To activate MFA on your accounts, follow our Step by Step guides for:
- Apple ID
- WhatsApp and WhatsApp Business
3. Backup your devices
A backup is a digital copy of the information stored on your device, such as photos, documents, videos, and data from applications. It can be saved to an external storage device or to the cloud. Backing up means you can restore your files in case your device is ever lost, stolen, or damaged.
Regularly backup your devices:
- Mobile phone
To set up automatic backups, follow our Step by Step guides for:
- Apple Mac users: backing up to an external storage device or the cloud.
- For Apple iPhone users: backing up to the cloud.
- For Microsoft Windows 10 users: backing up to an external storage device or the cloud.
4. Set secure passphrases
In cases where MFA is not available, a secure passphrase can often be the only thing protecting your information and accounts from criminals.
A passphrase uses four or more random words as your password. Change your passwords to passphrases, making sure they are:
- Long: The longer your passphrase, the better. Make it at least 14 characters in length
- Unpredictable: Use a random mix of unrelated words
- Unique: Do not reuse passphrases on multiple accounts
For more advice on how to build strong passphrases, see the ACSC’s Creating Strong Passphrases guidance.
5. Watch out for scams
Cybercriminals use email, SMS, phone calls and social media to trick you into opening an attachment, visiting a website, revealing account login details, revealing sensitive information or transferring money or gift cards. These messages are made to appear as if they were sent from individuals or organisations you think you know, or you think you should trust.
To spot scam messages, stop and think:
- Authority: Is the message claiming to be from someone official?
- Urgency: Are you told you have a limited time to respond?
- Emotion: Does the message make you panic, fearful, hopeful or curious?
- Scarcity: Is the message offering something in short supply?
- Current events: Is this message related to current news stories, big events or specific times of year (like tax reporting)?
To check if a message is legitimate:
- Go back to something you can trust. Visit the official website, log in to your account, or phone their advertised phone number. Don’t use the links or contact details in the message you have been sent or given over the phone.
- Check to see if the official source has already told you what they will never ask you. For example, your bank may have told you that they will never ask for your password.
For more information on spotting scam messages, see the ACSC’s Detecting Socially Engineered Messages guidance.
- Report cybercrime to ReportCyber.
- Report scams to Scamwatch.
- Contact IDCARE if you've experienced identity theft.