October is Cyber Security Awareness Month.
The Australian Signals Directorate's Australian Cyber Security Centre (ASD's ACSC) is running an awareness campaign as a reminder for individuals to stay secure online.
Cyber security is everyone's responsibility and Cyber Security Awareness Month is an annual reminder to review your security measures and spread awareness to help everyone improve their cyber security knowledge.
2023 Cyber Champions
This year, along with providing tips and resources, we are proudly joining the "2023 Cyber Champions" initiative (also run by the ASD's ACSC).
This initiative aims to make Australia the most secure place to connect online.
Learn more about the initiative and access resources here.
2023 Theme
The theme for 2023 is "Be cyber wise - don't compromise".
To help spread awareness we will provide basic information as well as links to tools and resources.
We will split this into two topics:
- Simple steps to be more cyber wise this week, and
- Be a cyber wise business, later this month
Visit the Australian Signals Directorate's Australian Cyber Security Centre website to find out more about the ACSC campaign.
Simple steps to be more cyber wise
Last year saw an increase in cybercrime reports to the ASD's ACSC by 13%.
According to the Annual Cyber Threat Report, a cybercrime was reported every seven minutes!
However, we can all help reduce the gaps in security that cybercriminals rely on by following four simple steps.
Step 1 - Update your devices regularly
Software and operating system updates can fix flaws that cybercriminals exploit to gain access to your device or bypass security measures.
This means that outdated applications and devices can leave you vulnerable to cyber attacks.
Regularly updating software can reduce the time you are left vulnerable and with less people vulnerable to recent exploits, we may be able to slow the pace of cybercriminals.
According to the ASD's ACSC Annual Cyber Threat Report:
In 2022, malicious cyber actors exploited older software vulnerabilities more frequently than recently disclosed vulnerabilities and targeted unpatched, internet-facing systems. Proof of concept (PoC) code was publicly available for many of the software vulnerabilities or vulnerability chains, likely facilitating exploitations by a broader range of malicious cyber actors.
Malicious cyber actors generally have the most success exploiting known vulnerabilities within the first two years of public disclosure - the value of such vulnerabilities gradually decreases as software is patched or upgraded. Timely patching reduces the effectiveness of known, exploitable vulnerabilities. This has the potential to decrease the pace of malicious cyber actor operations and forcing pursuit of more costly and time-consuming methods (such as developing zero-day exploits or conducting software supply chain operations.
Wherever possible, enabling automatic updates is recommended. This is an easy 'set and forget' step you can take to keep yourself safe. Learn more about these updates here.
Step 2 - Turn on MFA (multi-factor authentication)
MFA requires two or more actions to be taken to verify your identity.
This adds an extra layer of protection which makes it much harder for cybercriminals to gain access to your accounts.
These actions should combine multiples of the following types of authentication:
- Something you know (e.g. PIN, password or passphrases)
- Something you have (e.g. a smartcard, verification code sent via SMS, email or authenticator app)
- Something you are (e.g. biometrics like fingerprints or facial recognition)
MFA is sometimes also called two-factor authentication (2FA) or two-step verification.
While it can seem inconvenient at first, MFA provides a strong defense against the majority of password related cyber attacks.
You can find more information about multi-factor authentication here, or follow this how-to guide to protect your devices and accounts.
Step 3 - Set and perform regular backups
Having a copy of your important information in a secure location is a useful precaution.
This can be on an external storage device or in the cloud, ensuring information is not lost if your device is damaged or stolen.
It is recommended that you perform backups regularly, though what information and how often you back up can depend on your device and file usage.
More information and guides for setting up automatic backups on iPhones, Apple Macs and Windows PCs can be found here, more advice for backup strategies can be found here.
Step 4 - Use secure passphrases
Passphrases are made up of random words and can be made longer than traditional passwords because they are easier to remember.
If you do have trouble remembering long passphrases or traditional passwords, a reputable password manager may help.