How to transact safely online

Cybersecurity can easily feel like one of those things that we have no control over. The good news is that there is a lot we can do to keep ourselves and our money safe, and increase our peace of mind.

October has been Cybersecurity Awareness Month since 2004. Its main purpose is to remind ordinary consumers around the world that there are many ways to keep their data and their money protected. This year, the campaign gives advice around four topics.

1. Always enable multi-factor authentication

Multi-factor authentication (MFA) is a security measure that requires you to follow a two-step process to prove your identity when you log into your account. The first step is giving your password. The second step is to provide an extra way of proving that you are you, like entering a PIN code.

Examples of MFAs include:

• An extra PIN.
• The answer to an extra security question like, “What’s your favourite pet’s name?”
• An additional code either emailed or sent by SMS.
• A biometric identifier like facial recognition or a fingerprint.
• A unique number generated by an authenticator app.

What should you do?

When an online service provider offers MFA, always turn it on. It’s easy to do and makes it twice as hard for criminals to access an online account.

2. Manage your passwords Using the same password on more than one account is not safe. If your one password falls into criminal hands, it can unlock your entire online life – including your bank accounts.

The solution is to use a password manager. Password managers are pieces of software that create new passwords for you and store all your passwords in one safe place. Only you have the password to unlock your password manager, and this main password is never kept on the system’s servers.

Quality password managers encrypt all the passwords stored on them, no matter if the passwords are stored on your device or on the company’s servers. This means that your passwords would be impossible to decode if a hacker tried to breach your password manager. The only access to your passwords on a password manager is with a password only you know.

Password manager advantages

• Manages hundreds of unique passwords for your online accounts.
• Saves time.
• Works across all your devices and operating systems.
• Protects your identity.
• Notifies you of potential phishing websites.
• Alerts you when a password has potentially become compromised.

What should you do?

Start using a password manager today.

3. Keep your software updated

One of the easiest ways to keep your information secure is to keep your software and apps updated. The reason is that updates fix general software problems and provide new security patches where criminals might get in.

What should you do?

Update your software as soon as updates becomes available.

Get software updates only from the company that created it. Never use a hacked, pirated or unlicensed version of software (even if your friend gave it to you).

Enable automatic software updates. When there’s an update available, it gives a reminder so you can easily start the process.

When you are on a website and a pop-up window appears asking you to urgently download something or fill out a form, don’t do it. These are always fake and should not be followed.

4. Don’t fall for phishing

Phishing is when criminals use fake emails to lure you into clicking on them and handing over your personal information or installing malware on your device. Here is how to spot a phishing email:

• Contains an offer that’s too good to be true.
• Language that’s urgent, alarming or threatening.
• Poor grammar and spelling mistakes.
• Greetings that are ambiguous or very generic.
• Requests to send personal information.
• Instructions to click on an unfamiliar hyperlink or attachment.
• Sending email address doesn’t match the company it’s coming from.

What should you do?

If the email came to your work email address, report it to the IT Department immediately. If the email came to your personal email address, delete it without clicking on anything and block the email address that sent the mail.

Go back