Last year, less than a week before I had my baby I got a strange text from the ATO that went something like this “Your ATO account has been disconnected from MyGov, if this wasn’t you call us”. I was 37 weeks pregnant, fat, tired and still working! The last thing I felt like doing was calling the ATO but thought I better. Lucky I did, turns out someone had stollen my identity, called the ATO, convinced them they were me and proceeded to change the contact details, change the bank account linked and disconnect my account so I could no longer access it on MyGov. Why you ask? Well they then made a number of amendments to my tax returns and activity statements so it looked like I was due over $60,000 in refunds which they then tried to withdraw to their newly added bank account! 😲
Fast forward to today and last night my 17 year old step daughter had her Instagram account hacked, email changed so she can’t reset the password and now someone is posting stories that look like she’s boasting about her BitCoin returns! 🤦♀️
Unfortunately there are shit people in the world that do crap like this all the time. I must admit I’m pretty savvy when it comes to online stuff so didn’t think this was going to happen to me.
Now my step daughter had a couple hundred followers and had only posted a handful of images, but this kind of hacking happens to large businesses. I’ve seen businesses crushed when all of a sudden they loose access to their account of tens of thousands of Instagram followers which they rely on for sales. And if I’ve learned anything, it can happen to you too.
So let’s take a look at some ways you can avoid being the next victim of a cyber criminal.
Always Use 2 Factor Authentication
This is a must! Most social media and email apps have the option to turn on 2 factor authentication – DO IT!
This means each time you log in on a new device (or someone else tries to) you will have to confirm it was you with a code – either a text to your mobile or using an authentication app. It may seem like a pain, but this small thing can save you a much bigger hassle – trust me!
If you use a device all the time such as your phone or home computer you can save the browser so you won’t be asked for a code th next time you login. But if you’re using a shared computer, the library, school or anywhere someone else can access be sure not to save the browser when logging in.
To turn on 2 factor authentication go to your app, go to settings, find the privacy or security settings and look for “turn on 2 factor authentication”.
Use Secure Passwords
If you’ve been using the same password since high school it’s time for a change! Your password for every application you use should be different and they should include a mixture of numbers, letters and symbols to be secure.
I recommend using an app such as LastPass to store your passwords so you don’t have to remember them. With LastPass they securely store your passwords and you only have to remember one – your LastPass password. Then You can use the Lastpass extension on your browser and app on your phone to fill in your username and password details whenever you log in.
LastPass is also great for sharing log in access to third parties as it allows them access to log in but doesn’t share the actual password. You can then remove their access at any time.
Avoid connecting your apps by logging into an app with another such as using Facebook to login to Canva. Wherever possible use a separate login username and password instead as if one gets hacked (it does happen, even to the big guys) it can affect all your connected apps.
Review Third Party Access
When you use an app, let’s say Facebook, you often give permission for other apps to have access to your account – such as an integration plugin like Zapier, or a game (looking at you Candy Crush fans).
Over time you give lots of other companies access to your information and sometimes these companies can be dodgy – or get hacked themselves.
Be sure to review your list of authorised apps and remove any that no longer need access.
In Facebook Go to Settings and Privacy > Settings > Security and login > Apps and websites. Or click here. Once you’ve cleaned out your apps and websites, check your Games tab and Business Integrations too.
Tighten Up Your Privacy Settings
Hackers use personal information they find on social media to hack your accounts or steal your identity. Next time you see a meme asking you to state your first pet and the street you grew up in to find your Ninja name don’t fall for it! These memes and just phishing for information you would use in your security questions.
On Facebook go to https://www.facebook.com/privacy/checkup/?source=settings_and_privacy to do a privacy check up of your account and be sure to tighten things up so that only your friends can see what you post and not the public. You can adjust these setting on a post by post basis so have them set as tight as possible and then if you need to spread a message far and wide you can make a post public.
Be sure to up your privacy on all your social media accounts.
Use an Anti-virus Software
Another way hackers get in is by sending viruses. This can be via Messages or email. It can be as easy as a friend’s account getting hacked and them sending you a funny video to watch – you click the link only to install the virus all before you can say #$!@ o&#!
To protect your computer from viruses install a reputable anti-virus software such as Norton, Avast or McAfee.
Now this can be hard if you’re an overly optimistic person and like to give everyone the benefit of the doubt! But when it comes to online – always be sceptical of any emails or messages that don’t look quite right or you weren’t expecting.
I opened some new bank accounts last month and then the week my new cards arrived I got a scammer message to active my card via text message. I did a quick scan of the message to realise it wasn’t actually from them. But the scary part was they new I had new accounts, and cards and which bank I had signed up with.
If you’re not sure about an email always look at the from address. They can make an email look very official but usually the from email is @officialcompany.somethingrandom.com.
Anyone can create a subdomain so it is the word directly before the .com or .com.au that needs to be official. For instance @support.facebook.com is an official email but @facebook.emails.com is not. Also look for .gov.au or .org.au as it’s much harder for hackers to get these domains.
Avoid public wifi
Public wi-fi is readily available to you – and hackers! It’s also much less secure and easier to hack. If you must use it don’t log on to anything secure such as your bank account, email or Shopify backend.
Save all your important transactions for when you’re using your own password protected wifi if possible.
So there you go, just a few ways you can stay vigilant and protect yourself and your business from security attacks online. Make the time to implement these now before it’s too late.