Protecting accounts is the first line of defence to protect our information from cybercriminals. Passwords are frequently the only thing protecting our intellectual property, communications, network access, and personal data. This can quickly become the weakest link in security due to the way we select and use our passwords.   

The following are some key measures that can be taken to protect our accounts.

Use Strong Passwords

Your passwords should be the ‘strong silent type’ - hard to guess passwords which you keep to yourself. A strong password is very helpful in limiting the risk of unauthorised use of your account. A strong password can be created through use of a paraphrase that contains a minimum of 8-10 characters and use a combination of special characters, numbers, and some capital letters. An example would be something like Lifeisgood01$.

It is important to keep your passwords confidential, change passwords often, have different passwords for different purposes, and not reuse them.

Enable Multi-Factor Authentication (MFA)

Multi-factor Authentication (MFA) is an authentication method that requires the user to provide two or more verification factors (steps to prove it is you, through separate means) to gain access to a resource such as an application or an online account. Many websites, applications and devices offer this feature. The goal is to protect the account or device from cybercriminals trying to access data such as personal details or financial assets.

More information on two-step verification can be found here.

Encrypt Sensitive Information

File encryption protects individual files or file systems by encrypting them with a specific key, making them accessible only to the keyholder. The goal is to prevent malicious or unauthorised parties from accessing files that are stored on the computer or shared via email.

Consider encrypting the following types of information when sharing it via email or another online method:

  • Personally identifiable information, including any documents that contain details such as your driver’s licence, tax file number, date of birth and passport information
  • Anyone else’s personal data such as contact details, health information, working with children checks, photographs, giving and donations details, or other sensitive information.
  • financial or bank account details
  • intellectual property, confidential church information and financial reports.

In its simple form, sensitive documents can be password protected before sharing.

More information on encryption can be found here, and for further information about protecting data and privacy, see Risk Bite 1.

Consider a Password Manager

In today’s world every new website and application we sign up for is another password to remember.

To manage this, it can be tempting to use the one password for everything, or to write down or share a password, but that can seriously compromise security.

Consider using a password manager to help remember the passwords; the password manager is a software application designed to store and manage online credentials. It also generates passwords. Usually, these passwords are stored in an encrypted database and locked behind a master password. Read more information on password managers here.