Protect yourself before you start browsing the web by ensuring your operating system, web browser, security software, browser plugins (like Java or Adobe products) and other applications are up-to-date.

Cookies are small text files, or bits of information left on your computer by websites you have visited, which let them ‘remember’ things about you. 

Cookies may also be used to store your preferences and settings for particular websites, which means your experience can be customised based on your past behaviour. 

From a security perspective, cookies are unlikely to be used maliciously against you as they are just text read by your browser. They don’t contain any code that could be executed. However, websites are able to gather a lot of information about you and your website activity. 

If you have concerns about how this might impact on your privacy, you could consider regularly clearing the cookies from your computer or device. Some browsers let you block them altogether. But note that this could affect your experience of some websites. 

Visit your browser vendor’s website for more information on privacy and how to manage cookies.

Computer security professionals refer to these steps as ‘hardening’ measures and they do just that—they make your software, your devices, your network and the connections between them harder to access and more resilient to attack.

Routers and modems 

A router is a small electronic box that creates a network for the devices in your home. A modem connects that network to the internet. Many internet providers offer a combined router/modem unit that performs both these functions in one device, and here we refer to the device simply as a router. 

Setting up your router

1. Ensure the network password provided by the ISP or router manufacturer is hard to guess, and if not change it to something more secure.

2. Some manufacturers’ administrator passwords to access the settings for routers are publicly available online, so in this case it’s imperative you change the password on your device. Where possible, also change the default administrator username (typically ‘admin’ or ‘administrator’) to something hard to guess. 

3. Ensure remote management is disabled. Remote management on your modem or router can allow you to make changes to your internet connection, including passwords by logging into your device via the internet. By disabling this function, you are protected from unauthorised people remotely accessing your router and tampering with it.  

4. Consider enabling the ‘guest’ Wi-Fi feature on your network for visitors that may need access. This way you don’t need to share your actual Wi-Fi password with them and you can cycle the guest Wi-Fi password as needed without having to reset all your wireless devices in your house. 

In many cases it is straightforward for a cybercriminal to determine the make and model of the device you are using, and then access your router. 

Use the strongest encryption protocol 

Because wireless networks don’t need a wire between a computer and the internet connection, it is possible for anyone within range to intercept the signal if it is unprotected. 

This means you need to use the strongest encryption protocol provided by your router, which is currently WPA2. You should be able to check this by looking at the device settings. The WPA2 protocol was introduced in 2006, so routers purchased on or before this date will not give you the option of selecting it. 

Manufacturers often classify old devices as ‘legacy’ models and no longer develop firmware upgrades for them, and this can leave you exposed to known security flaws. 

If that’s the case, you should consider replacing your router. 

Not using the strongest encryption protocol increases the chances of your internet communications being intercepted by cybercriminals. 

Make sure your router uses the latest ‘firmware’ available 

Firmware is the software embedded into your router that determines the functions it can perform. Just like new software updates for your computer, new firmware for your router will provide improved features and address any security vulnerabilities. 

To find out which version of firmware is installed on your router, some have a button you can click to automatically check if a more recent version is available. If not, you can log in to the device and check its settings. Then if you go to the manufacturer’s website, it will tell you if there’s a more recent version of firmware for your device and allow you to download it. 

Be careful when you do this. Make sure you follow the instructions in your device’s manual and select the correct firmware upgrade version for your model of router, because a failed update can render your device unusable and disconnect all your computing devices from the internet. 

If you don’t feel confident to update your firmware, you could get in touch with a reputable computer technician. You could also think about replacing your router. 

Upgrading to a current router model will offer you significant benefits such as additional features and configuration options, and most importantly, faster data transfer speeds.

Criminals have been known to set up Wi-Fi hotspots in order to steal users’ banking credentials, account passwords, and other valuable information. 

• Confirm the ‘official’ hotspot name from venue staff and manually connect your device to it. Don’t let your device automatically connect to the first hotspot in its list.
• Turn off network discovery options like “Remember networks this device has joined.”
• Turn off file sharing. If you have file sharing turned on and you connect to a public Wi-Fi hotspot, your files could be accessed by others using the same hotspot.
• Install a reputable virtual private network (VPN) solution on your device. When enabled and configured correctly, a VPN is a service that uses encryption to keep your information secure when using public Wi-Fi, as well as providing a level of anonymity. That said, a VPN doesn’t secure your devices or online accounts, so it’s important that you still keep them up to date with the latest security software updates, and always use strong passwords. Also consider the following when selecting a VPN service provider:
  • Look at independent reviews online. You’ll often find honest reviews from other users, so research the app on reputable blogs, websites or trusted sources that are not the app’s own website. You can also find out more about the app’s description, its content rating and the developer, and whether an app only encrypts some of your data, not all of it.
  • Where the company is based. Make sure you select a VPN provider that is based in a country with strong privacy laws. This reduces the possibility that data collected by your VPN will be shared with others.
  • VPN apps may provide your personal information to third parties. Many VPN apps are funded by advertising (which appears within the app) giving consumers the option to download the apps for free. In exchange, VPN apps may share your information with third parties. If you use a VPN app to keep your internet activity private, make sure you review its terms and conditions and privacy policy, to see if it shares information with third parties.
  • Consider the app permissions. Apps will ask for access to certain information on your device to help improve how it operates for you. For example, the app may request permission to read your text messages or access your photos. These permissions will be outlined and explained on the app store or during installation. Generally, a VPN application should not require access to your personal data.

Don’t do your online banking or shopping, send confidential emails or enter your passwords or credit card details on public Wi-Fi. Wait until you’re using a secure home, office of mobile connection.

When you are using websites while on public Wi-Fi, make sure the websites are secure. Always look for a https (‘s’ stands for secure) in the website address and a padlock on the web browser.

Always remember to disconnect from the hotspot after you have finishing using. it. 

But remember, no public Wi-Fi is 100% secure, so consider using your own mobile data for any sensitive transactions.

• Ensure your phone, tablet or laptop has a reputable anti-virus installed.
• Keep software patched and up-to-date with the latest release version, to ensure that any identified security holes have been closed.
• Set-up two-factor or multi-factor authentication wherever possible. Online systems such as banks, Google Mail and Facebook offer this option for transactions or when logging into accounts. This way, a malicious hacker can’t log in without also having access to your phone or SMS inbox, even if they know your username and its associated password.

You can install a password manager on your computer, smartphone or tablet. It will generate and remember secure passwords for you and some password managers will sync across your devices. 

The downside is that if the password manager is breached, all your information is accessible.

Two-factor authentication (often shortened to 2FA) provides a way of ‘double-checking’ that you’re really the person you’re claiming to be when you log into your online accounts, such as banking, email or social media.

When you log into an online account with a username and password, you’re using what’s called single-factor authentication. You only need one thing to verify that you are who you say you are.

With 2FA, you need to provide two things – your password and something else such as a code sent to your mobile device or your fingerprint – before you can access your account.

This second level of authentication is not new, however, it is gaining momentum as accounts are left vulnerable with weak or poorly-secured passwords. A range of websites including Twitter, Paypal and WordPress have an optional second factor to their log-in processes, and online banking sites have used 2FA for a long time.

Two-factor authentication is also known as multi-factor authentication.

How do I set up 2FA?

Some online services will automatically prompt you for a second factor when you log in. However many don’t, so you will need to activate it yourself. You’ll find the option to switch on 2FA in the security or privacy settings of your online accounts (it may also be called ‘two-step verification’).

The Turn It On website details which websites and apps offer the option to use 2FA and gives instructions on how to set it up.

There are several types of 2FA available based on either something you know, something you have or something you are. Examples include:

• SMS codes sent to your phone

• security questions set up by you, which only you would know the answers to when prompted

• a physical device, like a security token that generates temporary access codes

• software, such as Authenticator app, that sends a notification to your smart phone (or tablet) or provides a temporary access code. Once you’ve installed one, you can use the same app when setting up 2FA on any accounts which offer this option.

• fingerprint scans

• voice recognition.

Some accounts, for example MYOB, also give you a list of backup codes when you switch on 2FA. When asked for a code you can use one of these, but each code will only work once, so you’ll need to create more when you’ve used them all. Backup codes are really useful if you need to log in without a phone to hand. You will need to store the codes somewhere safe.

Do I have to use 2FA every time I access a service?

Generally, once you have set up 2FA, you should only be prompted for unusual activity such as setting up a new payee for your bank account, logging into an account from a new device, or changing your password.

Why is it important?

While it does require one extra step to a log-in process, it provides a much stronger defence for your account. If your password is hacked(accessed by someone else without your permission) and you have 2FA activated on your account—the hacker cannot gain access. They need both levels of authentication.

Having 2FA is not going to remove all risk, however, you are much harder to hack than accounts with only single-factor authentication. This means you are a much less attractive target and you are reducing your risk dramatically.

If you’re travelling or will not have access to your second level for a period of time, consider changing your second criteria to something you will have access to, or obtain some single-use back-up codes. Do not turn 2FA off!

We recommend:

• wherever possible, activate two-factor authentication (2FA)

• use strong passwords/passphrases and keep them safe

• do not use the same passwords across multiple sites

• use a password manager to keep stock of all your passwords and log-in details.

There are risks when using your mobile device for online banking. Refer to Mobile Devices for more information.

Computers at internet cafés, libraries, airports and hotels are convenient, but because so many people use them, they are more likely to be infected with malicious software than other computers. 

Assume they are already compromised with malware that can track anything you do online, including capturing passwords or content you view online. 

Steps to protect yourself when using public computers 

• If using public wi-fi don’t log onto secure sites or make online purchases as your details may be intercepted. 

• Don’t allow the browser to save your username and password. Turn off the option when logging into your email account and other websites. Always log out when leaving a website. 

• Make sure no one is watching you. 

• Log out if you leave the computer, even if it is for a moment. 

• Delete your browsing history before you log out of the computer. Go to the tools menu of the browser and select options or internet options. 

• Make sure the browser has any auto complete function turned off, delete cookies and clear the history. 

• Do not type in sensitive information. Keystroke loggers can capture your password, credit card number and bank details as you enter them. Avoid financial transactions on public computers that may reveal sensitive information. 

• Avoid using your USB memory stick. It could pick up malicious software from the public computer and spread it to other computers, including your computer at home. If you need to use your memory stick, scan it with your anti-virus program before you use it again.

When sending and receiving files via email, remember the following:

• Never open an attachment from a source you do not know or are unsure about. 

• Even if you are comfortable about the source of the file, scan it before opening using your anti-virus software. 

• Set your anti-virus software to scan every incoming and outgoing email and attachment automatically.

Portable storage includes CDs, DVDs, memory sticks or external hard-drives. When using these devices:

• Never connect or insert a storage device into your computer or open files if you are unsure of its origin or owner, or if your anti-virus software is not up-to-date. 

• Scan your device before opening any files using your anti-virus software. 

• If you are sending files to someone else, save the file to the portable device, then scan the device using your anti-virus software before giving it to them.

Peer to peer file-sharing is a system that allows a person to make specific files on their computer available to anyone, anywhere on the internet, who has the same file-sharing software. This software allows its network of users to see and download files from the computers of all the network members who are online at the same time. 

Peer to peer file-sharing has received a lot of publicity because it is widely used for sharing files such as music or computer software.  

Be careful – sharing some files may contravene copyright laws. 

Only join music and movie file-sharing services where you can stream, download or purchase digital files with the copyright owner’s permission. It’s important to keep your file-sharing legal. Downloading copyrighted music, movies and software using peer to peer file-sharing programs without the copyright owner’s permission could have serious legal implications. 

Stop and think before downloading files through these networks. Don’t download files from sources that appear suspect or that you aren’t sure you trust. 

Make sure the peer to peer file-sharing network can only access the files on your computer that you want accessed. 

Users of peer to peer file-sharing software should also be aware they may not be anonymous while participating in these networks. 

Parents should be aware that peer to peer file-sharing networks may contain inappropriate images, audio and video clips, and should monitor their children’s access to, and use of such networks. 

Consider using a dedicated computer for file-sharing.

Due to the heightened security risks associated with participating in peer to peer file-sharing networks, you may want to consider dedicating a computer solely to file-sharing activities. In this case, you should: 

• Only use this computer for file-sharing, and only have files on it that you are prepared for others to see. 

• Ensure that all the security software and measures mentioned in this website are installed, activated and kept up-to-date, for example, anti-virus and firewalls. 

• Always disconnect this computer from the internet once you have finished file-sharing. 

• Never have this computer connected to other computers in your home or office when sharing files on the peer to peer file-sharing network. 

• Always scan files downloaded and stored on the dedicated computer before transferring them to other computers in your home or office.