The Commissioner's site has information on the day, info for young children and school students, for family and friends, and for the workplace and community, as well as pertinent research on the digital lives of Aussie teens, a picture and song book for younger children showing cute sugar glider possums teaching about safe digital device usage and more, and you can find these resources, free, here.
Sophos says the day serves "as a reminder to check your online security practices and make sure everyone is cybersafe."
We're told that "Nearly all Australians (99%) accessed the internet in 2020 – up from 90% in 2019. With internet usage rising at an exponential rate this past year (in part driven by growth in remote working) and as we all spend more time online, whether that be for work, study or play, it has never been more important to brush up on cyber hygiene."
Paul Ducklin, principal research scientist at Sophos, has provided his top tips on how to be cyber safe:
1. If you own a website, make sure it’s secure
For many small businesses in countries with strict lockdown, online sales are the only way to keep trade alive at all, due to "click-and-collect" regulations.
As a result, many small businesses have enabled online purchasing for the first time over the last year, with web developers reporting a rush to implement online payment mechanisms in the first months of the pandemic.
If your business has a website, even if it's only a modest one, go back and review the security of the site and any payment collection services you work with or connect to.
If you can afford it, get a third-party to do the review so you get an independent opinion of what has been set up well, which parts could be improved, and which parts, if any, need urgent attention. (You can be sure that the crooks are regularly "testing" your server, even if you're not.)
If you are running a website via HTTP only, perhaps because the information you're providing is public anyway and you don't think it needs encrypting, please upgrade to HTTPS for the greater good of all.
If you don’t manage your own website, speak to your hosting service – any reputable provider will be happy to answer your questions, and won't get in the way of an independent security assessment.
2. If you shop online, take care before you share your card data
It’s just a few minutes’ work to make an old-school written copy of the emergency contact numbers and email addresses for organisations such as your bank, card issuer or insurance company. That way you will have access to them even if you lose your payment card or your phone gets stolen.
These days, many banking apps have a “quick lock” option that allows you to freeze and unfreeze access to your account or payment card in seconds. In an emergency, such as if you think you put your card number into a phoney site or you misplace your card, you can block access to it right away, even before you call up to ask the bank for advice.
3. Educate your friends and family
Lots of occasional web users have become heavy consumers almost overnight. Many people who previously just used the internet to read the news or check emails are now using it in multiple ways every day, including for meeting up for chats with groups of people they don't know well, if at all
Talk with your friends and family about good online security practices. Advise them on how to spot scams no matter how they arrive.
Cybercriminals are taking advantage of people being at home to make predatory phone calls; are abusing home deliveries to send scams via SMS; and are taking advantage of people trying to download health advice or set up vaccine appointments.
Meanwhile, Lindsay Brown, vice-president of Asia Pacific and Japan at LogMeIn, also shared some very interesting information.
He notes that "Australian consumers lost over $175 million to scams in 2020 while businesses reported 1057 data breaches. As cyberattacks continue to rise and target unprepared victims, it is important to ensure your cyber security hygiene – and of those around you – is up to scratch against modern day threats."
He also shared three tips on how you can stay safe online:
1. Stop reusing passwords and make them complex!
Passwords have been around for a long time and won’t be disappearing anytime soon. However, Australians continue to practice poor password habits more so than their international counterparts.
90% of Australians know the dangers of password reuse, yet 69 per cent continue to use the same or a variation of their password anyway – higher than the global average (66%).
We should always be using a unique password for each and every account so one compromised account will not impact others. The ideal password is be made up of a random sequence of characters (uppercase, lowercase, symbols and numbers) and at least 14 characters long.
The most practical way of managing this is using a password manager like LastPass to auto-generate, auto-fill and store complex passwords while requiring only one master password from the user.
2. Layer your security with multi-factor authentication (MFA)
MFA is an excellent way of thwarting authentication risks by requiring the user to confirm two or more factors, be it contextual or biometric. 56 per cent of Australians say they use MFA for their personal accounts and 35 per cent are using it at work.
I’d like to see this percentage increase so that more accounts and devices are protected, particularly as remote working and unhardened devices mean sensitive information is more likely exposed to malicious activity.
3. Use a dark web monitoring tool
Forty percent of people don’t know what the dark web is, let alone know if/when their data is compromised. Monitoring the dark web for if your information is leaked is a crucial step in taking control of your online assets and protecting yourself from data breaches.
Luckily, there are tools available in the market that proactively watch for breach activity and alert users when they need to take action. LastPass’ dark web monitoring feature, for example, actively checks email addresses and usernames against a 3rd party database of breached credentials and alerts the user if a match is found.
Never assume that your security is foolproof – having a tool like this in place is a safety net for when things go wrong.