Everyday cyber safety training module

Welcome to Everyday Cyber Safety training. Our aim is to give you an understanding of the basics of keeping safe online and to show you how to protect yourself from cyber threats.

In this module you will learn:

  • Keep your anti-virus software up-to-date
  • Create strong passwords that are difficult to guess 
  • Stay safe while on social media
  • Protect yourself against identity theft
  • Recognise and deal with 'social engineering' techniques
  • Keep your anti-virus and software up-to-date

    Criminals look for security gaps in your operating software and applications and then try to exploit them to steal information about you.

    To keep your devices as safe as possible, software manufacturers regularly release updates which fix security issues and counteract new types of cyber threats. In addition, all devices should have up-to-date anti-virus software installed, to protect against malicious software (malware).

    How to keep your devices secure

    • Ensure you have anti-virus software installed on all your devices.
    • Set your anti-virus software to automatically update to protect your device from new threats.
    • Ensure you set up automatic software updates on all your devices. These will have the latest security updates to prevent cyber criminals from accessing your device.

    Check your understanding

    Do you have anti-virus and software set to automatic updates?

    Yes

    Great. Software updates provide the latest security updates to prevent a cyber criminal from gaining access to your system. Anti-virus software updates protect your device from malicious software.

    No

    Setting up automatic software updates will give you the latest security updates to prevent cyber-criminals from accessing your system. Anti-virus software updates protect your device against malicious software. Now is a good opportunity to spend a few minutes setting up automatic updates, updating your devices and making sure your anti-virus software is up-to-date.

  • Using safe passwords

    We all rely on passwords to access bank accounts, social media, email and more. That’s why protecting them is so important. Creating a strong password is the first step in reducing the risk of unauthorised access to your systems or accounts.

    How to create strong passwords

    • Use a mimimum of 10 characters, a mix of uppercase and lowercase letters, numbers and special characters like #,&, and *.
    • Consider creating unique passphrases that only you will know. Passphrases are longer and more complex than passwords. For example, 'AreY0uACyberCri1minal?BadLuckm8'.
    • Avoid using keyboard patterns such as 'qwerty' or ‘qazwsx', repeated letters (e.g bbbbb) or sequential numbers (e.g 123456789).
    • Make passwords hard-to-guess and avoid using the names of your children, partner, pets or your birthday.
    • Ensure you create different passwords for your different accounts.
    • Don't share your passwords with anyone.
    • Consider using a password manager to help you create and manage strong passwords.

    Check your understanding

    Pick the strongest password from the below.

    September1970

    Incorrect. Never use a date.

    Rover

    Incorrect. You should not use easy-to-guess information, and especially personal information such as a pet’s name in your password. It is also under 10 characters long and does not contain any numbers or special characters.

    123456

    Incorrect. This password uses numbers next to each other on a keyboard. It also has less than 10 characters.

    bestoftimesworstoftimes

    Incorrect. While this is a long password (passphrase), it’s a well- known phrase.

    Myd0gzn@m3iz_Mil0

    Correct. This password has over 10 characters, uses a combination of upper and lowercase letters and has a number and a special character (@). Because this password stands for ‘My dog’s name is Milo’ this password is complex, and easier to remember.

  • What is Multi-factor authentication (MFA)?

    MFA provides an extra layer of security by only letting you access an account after you provide at least one additional piece of evidence, as well as your username and password. A common form of MFA is when you’re sent a code to your mobile phone which you then enter to continue logging in.

    MFA makes your accounts much harder to break into than if you were only using a password. Even if a criminal does obtain your password, they will still have to get past at least one additional barrier to access your account.

    Type of Authentication

    Description

    1 Factor Authentication Something you know, like your password or PIN.
    2 Factor Authentication Something you know + something you have. This requires a regular password and then a one-time code sent to your mobile phone for example to access the account.
    3 Factor Authentication Something you know + something you have + something you are. Something you are refers to a unique biometric input, such as your fingerprint for example.

    You should consider MFA on all accounts (email, social media and banking) where it is available to increase the safety of your accounts.

    Check your understanding

    How does MFA help keep your accounts secure?

    It makes your accounts much harder to break into than if you used a password alone.

    Correct. MFA adds at least one extra layer of security to your accounts, by asking for a password plus something you have (e.g. an SMS code) or even something you are (fingerprint), to verify the account. This makes it much harder for a cyber-criminal to access your account.

    It stops malware from entering your system.

    Incorrect. MFA doesn’t prevent malware from entering your system. The best way to stop malware is by installing antivirus software and keeping your application software up-to-date.

  • Protecting yourself on social media

    Criminals can use personal information from your social media accounts to commit identity theft. They can also use the information in ‘social engineering’ calls, which are when a scammer gains your confidence because they’ve found out a little bit about you.

    A criminal can gather different pieces of information about you from places like Facebook, LinkedIn or Instagram and use it to create a profile of you, and use that for malicious purposes.

    What not to share on social media

    Personal details. Don’t publish your date of birth, passport, drivers licence, financial information or even the names of your children, partner or pets.

    Address. Never share information or images that reveal your home address and protect postal box locations too.

    Phone number. The people that you know should already know how to contact you.

    Location. Never share information or images that identify where you are, especially dates that you’ll be away on holiday or travelling for work. This could let criminals know when to break into your house.

    Private events. If you’re attending or hosting a private event, don’t share the details.

    Personal images. Only share images that you would feel comfortable if they were seen by a lot of people. What you share on the Internet could be available forever, to anyone.

    Safe social media practices

    • Only connect with people you know.
    • Change your privacy and security settings so you only share information with people you know.
    • Use strong passwords and Multi Factor Authentication (MFA) across all your social media accounts.
    Which of the following is ok to share on social media?

    Date of birth

    Incorrect. You should never share your date of birth on social media. A cyber-criminal could use it to steal your identity.

    Where you are

    Incorrect. You should never share information that identifies where you are. That includes dates that you’ll be away on holiday or travelling for work.

    Recent purchases

    Incorrect. Don't post to social media your recent purchases. Banks sometimes ask specific questions about recent transactions when customers contact them, as part of confirming their identity before a call can go ahead. If someone on social media knows several of your recent purchases, they could use this information for malicious reasons.

    None of the above

    Correct. Never share personal information about yourself on social media because it could help a criminal steal your identity.

  • How do I keep my identity safe?

    If a criminal obtains a copy of your driver licence, passport, birth certificate or other personal identification documents, they may be able to impersonate you. This means they could apply for a credit card or a loan in your name. If this happens, it may be difficult to convince organisations that you aren’t responsible for the debts, and that you’re a victim of identity theft.

    How to protect yourself

    • Don’t share personal information on social media. Ensure your privacy and security settings only allow people that you know and trust to see your profile.
    • Protect your computer from malware that can allow others to access to your files, by installing anti-virus software, and by turning on automatic updates for your operating system and software.
    • Stay informed about the latest online scams at scamwatch.gov.au, opens in new window and NAB’s latest scams, fraud and phishing alerts.
    • Never click on a link in a suspicious email or text message. Always access NAB’s website by typing nab.com.au into your browser.
    • Only use secure Wi-Fi networks that you trust, and avoid public Wi-Fi unless you are using a virtual private network (VPN).
    • Be careful when sending personal information via email. Always password protect personal information if you are sending it via email, and send the password separately.

    What to do if your identity is stolen

    If you are concerned that your identity may have been stolen:

    1.   Immediately report the issue to the Police and ensure you get a copy of the police report or reference number.

    2.   Change all your passwords on your online accounts.

    3.   Report the identity theft to ReportCyber, opens in new window.

    4.   Contact any organisations that may be affected. For example, contact your bank in the event that unknown activity occurs on your bank accounts, or to close any unauthorised accounts or applications. This also applies to social media accounts. Ensure to provide them with the reference number that you received from the police.

    5.   For advice on how to recover your identity, contact IDCARE, opens in new window on 1800 595 160.

  • What is Social engineering?

    Criminals use a technique called ‘social engineering’ to manipulate, charm or pressure you into doing something or giving away sensitive information, often over the phone. They might try to convince you to transfer funds, give them access to your computer, or use information they know about you to send spear-phishing emails or to conduct corporate espionage.

    Never give out customer or corporate information, or perform transactions over the phone, unless you are able to verify the caller’s identity.

    How to spot a social engineering call

    • You get an unexpected request for a payment, wire transfer or funds transfer.
    • The caller assures you that it’s important and urgent and tries to push you to comply with their request before you get a chance to think it through.
    • The caller becomes pushy or aggressive if you don’t give them the information they want.
    • The caller won’t give you their phone number.
    • The caller wants to remotely access your computer.
    • The caller’s story keeps changing.
    • The caller is unable, or refuses to, verify their identity.

    Check your understanding

    You get a call from a person claiming to be from the tax office, saying you need to make an immediate payment or you may face legal action. What are the warning signs that it could be suspicious?

    The caller is aggressive and threatening.

    Correct. Criminals will often be aggressive or threatening to cause confusion. However, there is more than one right answer.

    The request is out of the ordinary.

    Correct. However, there is more than one right answer.

    You've been asked to pay immediately over the phone.

    Correct. However there is more than one right answer.

    Any or all of the above.

    Correct. These are all warning signs of a social engineering call.

Congratulations!

You have completed NAB's Everyday Cyber Safety module. We hope you found it valuable.

Test your knowledge on other cyber safety topics.

Important information