The Australian Cyber Security Centre (ACSC) has developed an Easy Steps Guide to help Australians reduce their risk of being targeted by cybercriminals.
Here are the easy steps you can take to secure your devices and accounts:
1. Update your devices
Cybercriminals hack devices using known weaknesses in systems or apps. Updates have security upgrades to fix these weaknesses. Turn on automatic updates so that this happens without your input.
Turn on automatic updates on all your devices.
For more information, read our advice on updates.
2. Turn on multi-factor authentication (MFA)
MFA improves your security by increasing the difficulty for cybercriminals to access your files or account.
Turn on MFA, starting with your most important accounts:
- Email accounts
- Online banking and accounts with stored payment details
- Social media
For more information, read our advice on MFA.
3. Backup your devices
A backup is a digital copy of the information stored on your device, such as photos, documents, videos, and data from applications. It can be saved to an external storage device or to the cloud. Backing up means you can restore your files in case your device is ever lost, stolen, or damaged.
Regularly back up your files and devices.
For more information, read our advice on backups.
4. Set secure passphrases
In cases where MFA is not available, a secure passphrase can often be the only thing protecting your information and accounts from criminals.
A passphrase uses four or more random words as your password. Change your passwords to passphrases, making sure they are:
- Long: The longer your passphrase, the better. Make it at least 14 characters in length
- Unpredictable: Use a random mix of unrelated words
- Unique: Do not reuse passphrases on multiple accounts
If you struggle to remember all of your passphrases, consider using a password manager. With a password manager, you only need to remember one password, the password manager takes care of the rest. Search 'password manager' on cyber.gov.au for more advice.
For more information, read our advice on passphrases and password managers
5. Watch out for scams
Cybercriminals use email, SMS, phone calls and social media to trick you into opening an attachment, visiting a website, revealing account login details, revealing sensitive information or transferring money or gift cards. These messages are made to appear as if they were sent from individuals or organisations you think you know, or you think you should trust.
To spot scam messages, stop and think:
- Authority: Is the message claiming to be from someone official?
- Urgency: Are you told you have a limited time to respond?
- Emotion: Does the message make you panic, fearful, hopeful or curious?
- Scarcity: Is the message offering something in short supply?
- Current events: Is this message related to current news stories, big events or specific times of year (like tax reporting)?
To check if a message is legitimate:
- Go back to something you can trust. Visit the official website, log in to your account, or phone their advertised phone number. Don’t use the links or contact details in the message you have been sent or given over the phone.
- Check to see if the official source has already told you what they will never ask you. For example, your bank may have told you that they will never ask for your password.
For more information, read our advice on scams.
- Report cybercrime to ReportCyber.
- Report scams to Scamwatch.
- Contact IDCARE if you've experienced identity theft.
Need more information?
- Sign up to our free alert service.
- Contact the ACSC: Call 1300 CYBER1 (1300 292 371)