Steps to Stay Secure with Security Configuration Console ...
DEPARTMENT OF HOME AFFAIRS ACT NOW, STAY SECURE. …
Transcript of DEPARTMENT OF HOME AFFAIRS ACT NOW, STAY SECURE. …
DEPARTMENT OF HOME AFFAIRS
ACT NOW, STAY SECURE.
CYBER SECURITY CAMPAIGN
SENIOR AUSTRALIANS STAKEHOLDER KIT
INTRODUCTION
The purpose of this kit is to assist organisations to communicate simple, actionable
behaviours to educate members on how they can be more secure online.
Cybercrime costs the economy $29 billion annually, yet most Australians do not see
cybersecurity as a pressing issue or risk. In fact, most Australians actively look for ways to
not have to think about or engage with the topic of cybersecurity. Most people think a
cybercriminal ‘wouldn’t be interested in me’ but stealing small amounts of data or money
adds up quickly when done on a huge scale, and to the average person, losing even a few
thousand dollars can be devastating. To help address this, the Department of Home Affairs
and Australian Cyber Security Centre (ACSC) are asking for your help to spread the word that
learning simple habits and tricks (like using Multi-Factor Identification) can make a huge
difference in staying secure online.
This kit contains:
• Cyber Security for Seniors presentation with speakers notes
• Real life case studies taken from the ACSC ReportCyber hotline
• Ready-to-post Facebook content
• A copy of How to Use the Internet Securely: A Guide for Seniors
We thank you for your support in this important campaign.
CYBER SECURITY SEMINAR
Please click here to be taken to the Cyber Security Campaign resources page and navigate to
the Cyber Security for Seniors presentation with speakers notes.
This seminar can be delivered online or in-person.
We recommend sharing a copy of How to Use the Internet Security: A Guide for Seniors with
attendees available to download at cyber.gov.au/seniors
CASE STUDIES
These case studies are real word examples based on 2020 data from the ACSC’s cybercrime
reporting tool, ReportCyber. They demonstrate different ways cybercriminals target
individuals and small businesses and show how crimes could have been prevented through
a deeper understanding of cyber secure behaviours.
CASE STUDY #1 – PHISHING/SCAM PHONE CALL
Ron*(not his real name) received a call from someone impersonating a cyber security
company employee asking to investigate a hacking attempt on Ron's computer.
Ron was asked to download software onto his computer, allowing the hacker to remotely
access Ron's device. Ron was advised that he was using expired antivirus software, and that
he had been overcharged for it and was entitled to a partial refund.
In the process of “refunding” Ron, the hacker advised him that he had been accidentally
overpaid $100,000 by the company and could he please transfer the amount back.
Ron's bank statements later revealed that the hacker had actually transferred $100,000 of
Ron's own money between Ron's accounts - it wasn't from the company at all. Ron
immediately informed the bank, who quickly froze his accounts to prevent further criminal
activity.
THE LESSON:
Luckily, Ron didn't lose any money to this cybercriminal because he verified and informed
the bank immediately.
It is important to note that because of the prevalence of phishing, most companies will not
call, email or SMS you to:
• ask for your username, PIN, password or secret/security questions and answers
• ask you to enter information on a web page that isn't part of their main public
website
• ask to confirm personal information such as credit card details or account
information
• request payment on the spot (e.g. for an undeliverable mail item or overdue fee).
Learn the signs so you don't get caught by a cybercriminal phishing for your personal
information or hard-earned savings.
CASE STUDY #2 – CLUB PRESIDENT IMPERSONATION
Ming* (not their real name) is the Treasurer of a local-level sports club. One day, Ming
received an email from the club President asking to transfer $3,850 USD for upgrades to the
club’s website.
The requested funds were transferred to a US bank account in the following week.
A month later, the transfer was questioned. The club President was not aware of any emails
or payments owed for work on the website and pointed out that the website was managed
by an Australian company.
On investigation, they discovered that emails from the “President” had in fact come from a
generic email address ending in [email protected]
Financial Loss: $3,850
THE LESSON:
Cybercriminals are crafty and might use a familiar name and email address.
Be cautious if:
• you’re asked to urgently pay a bill
• you’re asked to change your details or password
• you’re asked to click on a link or open an attachment.
If you think a message or call might truly be from an organisation you trust (such as your
bank or a supplier) find a contact method you can trust. Search for the official website
and/or phone their advertised phone number.
Do not use the links or contact details in the message you have been sent or given over the
phone as these could be fraudulent.
CASE STUDY #3 – HACKED SOCIAL MEDIA ACCOUNT
One morning Faiza* (not her real name) received an Apple ID sign-in request from another
country, which she declined.
Later that day, Faiza discovered that she could no longer access her social media accounts.
The next morning, she woke up to an email from someone claiming to have stolen her
accounts and passwords. They said they'd also accessed her camera on her personal device
and had recorded her.
They threatened to release her private information and videos to her contacts and post the
content on social media unless she paid them a Bitcoin ransom.
THE LESSON:
Avoid becoming a victim of cybercrime by applying multi-factor authentication (MFA) to
your accounts where possible, or setting effective passphrases when MFA is not available.
Multi-factor authentication is one of the most effective ways to protect against
unauthorised access to valuable information and accounts.
What is it?
Multi-factor authentication (MFA) typically requires a combination of something the user
knows (pin, secret question), physically possesses (card, token) or inherently possesses
(finger print, retina). You can set this up as the way you access some of your accounts.
Where multi-factor authentication is not available, a strong passphrase can often be the
best way to keep your accounts cyber secure.
Passphrases are most effective when they are long, unpredictable and unique.
Instructions on how to apply MFA are available on the ACSC’s website at:
https://www.cyber.gov.au/acsc/individuals-and-families/step-by-step-guides
FACEBOOK CONTENT
Post 1:
Updating your software is like getting your car serviced. It improves your
device’s performance and makes it more secure.
You can find the Australian Cyber Security Centre’s step-by-step guide for
turning on automatic updates here: https://www.cyber.gov.au/acsc/individuals-
and-families/step-by-step-guides
Alt Text: [Image: A man with his arm around his grandson’s shoulder sitting on a
grey couch. His grandson is showing him something on his mobile phone and
they are smiling]
Post 2:
Cybercriminals are always finding new ways to hack into devices. Setting up your
device to automatically install updates can fix any weaknesses in your software
and keep hackers at bay.
You can find the Australian Cyber Security Centre’s step-by-step guide for
turning on automatic updates here: https://www.cyber.gov.au/acsc/individuals-
and-families/step-by-step-guides
Alt Text [Image: A woman with grey hair wearing a green long sleeve top is
sitting at a desk. She is smiling at her laptop as she is typing .]
Post 3:
DID YOU KNOW?
Updating your software is like getting your car serviced. It improves your
device’s performance and makes it more secure. Updates will also add new
features to your device and make it run faster. You can even turn on automatic
updates so your device will update itself while you sleep!
Get the Australian Cyber Security Centre’s step-by-step guide on how to tun on
automatic updates at https://www.cyber.gov.au/acsc/individuals-and-
families/step-by-step-guides.
Alt Text: [Image: Elderly couple sitting together looking at their laptop screen.
They are sitting in a garden patio. The woman is wearing a blue floral shirt and
the man a white collared shirt with checks on it]
Post 4:
Multi-factor authentication (MFA) on your account is what a security screen is to
your home. It protects you from criminals who are trying to break in.
The multiple layers make it harder for cybercriminals to hack in. They might
manage to work out one part, like your password, but they will still need to
obtain other pieces of the puzzle to access your account.
To learn how to turn on multi-factor authentication, visit
https://www.cyber.gov.au/acsc/individuals-and-families/step-by-step-guides
Alt Text: [Image: A grey-haired man is sitting on his outdoor deck wearing a
maroon collared short sleeve shirt. He is holding his phone in one hand and
credit card in the other]
Post 5:
Multi-factor authentication (MFA) is one of the most effective ways to protect
against unauthorised access to your valuable information and accounts. With
multi-factor authentication activated, you need to give multiple pieces of
information to gain access to your account. For example, you may need to enter
your password and a text message code to login to your social media profile.
Visit, https://www.cyber.gov.au/acsc/individuals-and-families/step-by-step-
guides for our step-by-step guides for turning on two-factor authentication.
Alt Text: [Image: An older woman is sitting in a café looking at her phone with
her laptop open. She has short white hair and is wearing glasses and a blue and
white shirt.]
Post 6:
Performing a 'backup’ is when you make a copy of your important files and put
them somewhere secure. It’s like photocopying precious photos to keep in a safe
in case you lose the originals. Having a backup of your important files and
cherished photos will provide you peace of mind if something goes wrong with
your device or you get hacked by cybercriminals, as you can easily restore your
files from your backups.
The Australian Cyber Security Centre has developed step-by-step guides for
backing up and restoring your files, check them out here:
https://www.cyber.gov.au/acsc/individuals-and-families/step-by-step-guides.
Alt Text: [Image: A senior couple are sitting in a park with facemasks on taking a
selfie on a black phone. They are both wearing white collared button up shirts]
Post 7:
When you back up your computer, phone or tablet, copies of your files are saved
online or to a separate device. Having a backup of your important files and
cherished photos will provide you peace of mind. If something goes wrong with
your device or you get hacked by cybercriminals, you can easily restore your files
from your backups.
Fine out how to backup and restore your files at
https://www.cyber.gov.au/acsc/individuals-and-families/step-by-step-guides
Alt Text [Image: Man sitting at a park bench looking at a tablet computer. He is
wearing a driving hat, tinted reading glasses a black vest and plaid shirt.]
Post 8:
DID YOU KNOW?
Backing up your device regularly means that you’ll always have access to your
most up-to-date files.
The Australian Centre for Cyber Security has developed step-by-step guides for
backing up and restoring your files for different device types including Apple or
Windows. Get the guides here: https://www.cyber.gov.au/acsc/individuals-and-
families/step-by-step-guides
Alt Text: [Image: Silver haired couple sitting in their backyard looking at their
tablet. The man has his arm around his wife’s shoulder, and they are smiling at
the device.]
Post 9:
If a password puts a padlock on your account, a passphrase gives its own
security system! They’re stronger and more secure versions of passwords.
When you can’t turn on multi-factor authentication, use a passphrase to secure
your account. Passphrases use four or more random words as your password.
This makes them hard for cybercriminals to guess but easy for you to remember.
For more information on passphrases visit,
https://www.cyber.gov.au/acsc/view-all-content/publications/creating-strong-
passphrases.
Alt Text: [Image: An older man is sitting on a grey couch. He has his computer on
his lap and is looking at his credit card. The man is wearing a coral coloured t-
shirt with a blazer over the top and reading glasses.]
Post 10:
When you create a passphrase, make it:
Long.
The longer, the better. Aim for at least 14 characters in length. Four or more
random words that you will remember is great. For example, ‘purple duck
potato boat’.
Learn more about creating secure passphrases here:
https://www.cyber.gov.au/acsc/view-all-content/publications/creating-strong-
passphrases.
Alt text: [Image: An elderly couple are at a white table in their house looking at a
tablet. The man is standing as his wife sits and holds the tablet. They are waving
to the people on their video call]
Post 11:
When you create a passphrase, make it:
Unpredictable.
The less predictable your passphrase, the better. Sentences can make great
passphrases, but they’re easier to guess. A mix of four or more random words
will make a stronger passphrase.
Learn more about creating secure passphrases here:
https://www.cyber.gov.au/acsc/view-all-content/publications/creating-strong-
passphrases.
Alt text: [Image: A grey-haired woman is sitting on a dark purple couch, wearing
a blue bathrobe, and holding a cup of coffee whilst looking at her silver laptop.]
Post 12:
When you create a passphrase, make it:
Unique.
Don’t recycle your passphrases. Use different passphrases for different accounts.
Learn more about creating secure passphrases here:
https://www.cyber.gov.au/acsc/view-all-content/publications/creating-strong-
passphrases.
Alt Text: [Image: Man sitting on a grey leather lounge wearing a yellow Hawaiian
shirt, black pants and headphones. He has his laptop resting on his knees and he
is typing.]
Post 13:
Arm yourself with the knowledge to use the internet more securely so you can
browse with confidence and continue enjoying your time online with the
Australian Cyber Security Centre’s Guide for Seniors called How To Use The
Internet Securely. Get the guide at https://www.cyber.gov.au/acsc/view-all-
content/guidance/how-use-internet-securely-guide-seniors
Alt text: [Image: Senior couple sitting in their kitchen at a dining table. On the
table is a cheese board and a silver laptop. The man wears a blue collared top
and has their dog sitting on his knee. He has his hand on a glass of red wine. The
woman is holding a glass of red wine and is wearing a light blue button up shirt.]
Post 14:
RECOGNISE AND REPORT SCAMS
The faster you report a scam, the quicker we can act. If you believe that
someone is attempting to use the internet to scam you, it’s better to be
proactive and cautious than risk being taken advantage of. To report a
cybercrime you can use the Australian Cyber Security Centre’s online reporting
tool at https://www.cyber.gov.au/acsc/report or call the Cyber Security Hotline
on 1300 CYBER1 (1300 292 371).
Alt text: [Image: A man with greying hair is sitting at his kitchen bench. He has
his phone to his ear and is looking at his silver laptop. The man is wearing a
white and blue t-shirt and reading glasses.]
Post 15:
If it sounds too good to be true, it probably is. While a message might say you’ve
won a prize or that your computer contains a virus, that message is not unique
to you. It might be coming from a scammer and they want to take advantage of
you. To find out more, visit www.scamwatch.gov.au and www.cyber.gov.au
To report a cybercrime you can use the Australian Cyber Security Centre’s online
reporting tool at https://www.cyber.gov.au/acsc/report or call the Cyber
Security Hotline on 1300 CYBER1 (1300 292 371)
Alt text: [Image: A woman is sitting on a brown leather couch with her mother.
She is showing her mum how to use her tablet. Her mother is smiling at her.]
Post 16:
DID YOU KNOW?
Cybercriminals are crafty and might use a familiar name and email address. Be
cautious if:
• You’re asked to urgently pay a bill
• You’re asked to change your details or password
• You’re asked to click on a link or open an attachment.
It might be coming from a scammer and they want to take advantage of you.
You can visit www.scamwatch.gov.au and www.cyber.gov.au to find out more.
Alt text: [Image: A man with a white moustache sits on his back porch next to
the pool. He is wearing a fedora and has glasses hanging around his neck. He is
holding his phone with two hands and looking at it.]
Post 17:
Cybercriminals are always coming up with new ways to target people. It never
hurts to brush up on your cyber security know-how from time to time and learn
new ways to stay secure.
Get The Australian Cyber Security Centre’s Guide for Seniors at
https://www.cyber.gov.au/acsc/view-all-content/guidance/how-use-internet-
securely-guide-seniors
Alt text: [Image: A couple with grey hair is sitting in their backyard on a white
bench. The husband has his arm around his wives’ shoulder, and they are
looking at their tablet. The wife is holding the tablet and touching the screen.]
Post 18:
Think about what you post.
Think carefully about the information you share online and who will see it. Only
accept friend requests from people you know in real life
Find out how to take control over what information others see about you, to
help reduce risk when you’re socialising online at the Australian Cyber Security
Centre’s website: https://www.cyber.gov.au/acsc/view-all-
content/guidance/be-control-what-you-share
Alt text: [Image: An elderly couple sit at a table with cups of tea. The woman is
wearing a bright blue t-shirt and smiling whilst typing. The man is wearing a light
blue collared t-shirt and is looking at his wife.]
Post 19:
Get alerts on new threats
Sign up for the Australian Cyber Security Centre’s free alert service at
https://www.cyber.gov.au/acsc/register/individuals-and-families. This will let
you know whenever a new cyber threat is found, and will also give you advice on
what to do if an attack happens.
Alt text: [Image: A grandfather sits with his grandchild on his lap whilst looking
at a mobile phone. The grandfather is wearing a charcoal shirt and the young
child is wearing bright blue pyjamas.]
Post 20:
Talk about cyber security with family and friends
Now that you’ve been skilled up in cyber security, share what you’ve learnt with
your family and friends. Your knowledge could help them out of a tricky situation
down the track!
You can visit www.scamwatch.gov.au and www.cyber.gov.au to find out more.
Alt text: [Image: A multigenerational family gather around a mobile phone in the
living room. The grandmother and father are smiling at the mobile phone as the
baby laughs and the mother is holding the device.]
Post 21:
Avoid public Wi-Fi when you’re banking or shopping online
Public Wi-Fi is great for watching videos or reading websites but keep any online
activity involving money for your home internet connection. Public Wi-Fi can be
risky.
You can visit www.scamwatch.gov.au and www.cyber.gov.au to find out more.
Alt text: [Image: a phone is tapping on an electronic EFTPOS machine. There is a
hand holding a coffee cup and a menu laying on the bench. There is a yellow sign
on the EFTPOS machine that reads “tap here”.]
Post 22:
Report cybercrimes and incidents to keep Australia secure.
If you think you’ve been a victim of a cybercrime, act quickly. More advice can
be found at cyber.gov.au. To report a cybercrime you can use the Australian
Cyber Security Centre’s online reporting tool at
https://www.cyber.gov.au/acsc/report or call the Cyber Security Hotline on 1300
CYBER1 (1300 292 371)
Alt Text: [Image: A woman with grey hair who is wearing a blue knitted jumper
sits at her desk. She has her chair turned around and is smiling at the camera.
Behind her is her computer set up on her desk along with a lamp, printer, and
some wall decorations.]