Refresh your Cyber Security habits

3 Tips for Cyber Security

Cyber security may not be the most exciting topic, but it is extremely important and it is everyone’s responsibility. There are some really basic things you can do to really increase your own security, both when doing business, as well as in your personal life.

Cyber Security

Cyber Security Tips

3 Tip for Cyber Security

Cyber security may not be the most exciting topic, but it is extremely important and it is everyone’s responsibility. There are some really basic things you can do to really increase your own security, both when doing business, as well as in your personal life.

Don’t reuse passwords

I’m sure you hear this one a lot, but a lot of times it’s not explained why!

Let’s say you sign up for the website to do some shopping. You use your Gmail email address and the same password as the email address. Two months later, news breaks that had their customer database hacked and all emails and passwords were stolen.

These hackers will use programming to test all those email/password combinations. Within a few minutes, they are in your Gmail account, because you haven’t secured it with multi-factor authentication!

Now that these hackers are in your Gmail, they are able to see what other websites you’ve signed up for. They can start either logging in using that same stolen password or doing a password reset to your email that they are logged into. Soon, all your accounts are stolen and you’re completely locked out of everything!

Always use Multi-Factor Authentication

You’ll notice in the above that I specified that the hackers were able to enter due to no Multi-Factor Authentication (MFA).

This is critical and is one example of why IT people use the term “defence in layers”.

Should you make the cardinal mistake of reusing passwords, you may still be saved by having MFA.

You will be familiar with this, it’s where you get a text with a one-time-use code, or you need to open an authentication app to get a short-lived code. MFA is not fool-proof, and there have been cases of people using social engineering to bypass these – but that’s why you have layers of security!

Never share passwords

Sometimes it may seem super easy and convenient to give your password to someone to log into your computer for you, but this is another cardinal sin of cybersecurity.

Once someone else knows your password, your account is no longer considered secure. You never know how that person is keeping that password (Did they write it down on a sticky note on their screen? Are they giving it to someone else to log in to?), and you can never know exactly what they will do under your login. And it’s not a stretch to imagine that someone working nearby may overhear your password, and then they can log into your account and wreak havoc!


David Boyes

Ausure’s Cyber Security Team Lead

Compare Cyber Insurance Policies

Compare leading Australian Insurers like AIG, Allianz, Brooklyn Underwriting, CGU, Chubb, Dual, Emergence and Zurich.

Compare Quotes

If Hackers Steal Data Who Pays

It’s Just Hackers

In 2014 Hackers stole data from Yahoo that resulted in the details of 500 million users personal details including names and emails, as well as “unencrypted security questions and answers” be taken.

The breach damaged the trust in the brand, required Yahoo to publicly disclose the cyber-breach and advise all its users to change their passwords.

However, not all users changed their password and some are still reporting loss of data

The Cost of a Cyber Breach*

The costs of a data leak or data loss are rapidly accruing, with the total average cost per data breach within Australia now sitting at $AUD2.82 million, according to a 2015 study from IBM and Ponemon Institute. Moreover, the average cost per lost or stolen record has reached $AUD144, while the average number of breached records per incident is just under 20,000.


But I don’t have that many clients

The high-profile breaches recently included MySpace (359 million), LinkedIn (164 million) and Adobe (152 million), however, the hacking of a Gold Coast doctor in 2012 cost $4000 dollars.

Report a cyber incident

The Australian Signals Directorate (ASD) provides government with a greater understanding of cyber threats, and the coordination of whole-of-government operational responses to cyber incidents. The Cyber Security Incident Reporting (CSIR) scheme assists ASD with this role.

The Australian Government Information Security Manual (ISM) states agencies must report cyber security incidents to ASD. Cyber security incident reports are the basis for identifying and responding to cyber security incidents across government.

Reporting cyber security incidents helps ASD to develop a threat environment picture for government systems, and assist other agencies who may also be at risk. Cyber security incident reports are also used for developing new policies, procedures, techniques and training measures to help prevent future incidents.

The types of cyber security incidents agencies should report to ASD include:

  • suspicious or seemingly targeted emails with attachments or links
  • any compromise or corruption of information
  • unauthorised access or intrusion into an ICT system
  • data spills
  • theft or loss of electronic devices that have processed or stored Australian government information
  • intentional or accidental introduction of viruses to a network
  • denial of service attacks
  • suspicious or unauthorised network activity.

To report a cyber incident:

Sources: *

Need Cyber Insurance?

Compare Cyber Insurance


Please note Insurance News is an information service sometimes provided by third parties Insure 247 Australia doesn’t warrants the accuracy of any information contained there in, readers should make their own enquiry’s before relying on information in the stories Terms of Service

Compare Australian Cyber Insurers

Please note that any advice given has been provided without taking into account your objectives, financial situation or needs. It is also based on information we have obtained from you. You must ensure the information is accurate and complete. Otherwise, this advice may be based on inaccurate or incomplete information. You should consider whether the advice is appropriate in light of your objectives, financial situation and needs