Cyber safety package

We have put together a brief cyber safety package with links and short descriptions below. We hope you find it useful as a starter guide to find more suitable resources for you on the Web. Please note that we have focused on resources we think are relevant to undergraduate students the Australian National University (i.e. information for the ACT or Australia).

Emergency Help / Reporting Crimes and Scams

Public Wireless Networks

  • Google Safety Centre: Using Secure Networks: Google's resources on secure networks and safety when using public and private wireless networks. Google recommends that when using public networks you should avoid doing sensitive business as the connection between your computer and the wireless point is unencrypted. Furthermore, they recommend that you password protect and encrypt using WPA2 your personal wireless networks, to prevent others from spying on your online activity or changing the settings so that they may do so.
  • Why Using a Public Wi-Fi Network Can be Dangerous, Even When Accessing Encrypted Website: An article on advice on security when using wireless networks that are open to the public. In general, open Wi-Fi networks are not encrypted and network traffic is easily visible, and as such you should avoid using public wireless networks for sensitive tasks, or if you must, pay for a VPN to encrypt your traffic. Furthermore, when connecting to an open wireless network you should always ensure that it is marked as a public network to prevent infected computers on a public network attempting to infect you.

General Advice

  • 2013 Norton Report Australia: Symantec's annual report on the prevalence of cybercrime and cybercrime victims, specific for Australia. The global statistics can be found at http://www.symantec.com/about/news/resources/press_kits/detail.jsp?pkid=norton-report-2013
  • Cyber and Technology Enabled Crime: The Australian Crime Commission's public document on cyber-crime, and what common types of cyber-crimes Australians face, the extent thereof, and how the Australian Government intends to respond through educating internet users on how to be safe online.
  • Cyber(smart): A website targeted at young people and their guardians and teachers about staying safe online, including cyber-safety, cyber-bullying, and giving out information online.
  • Get Safe Online: An incredibly extensive resource on almost everything to do with cyber-security and staying safe online. Includes advice about online gaming, safe use of OSX and Linux systems, firewalls, advice on cyber-security for mobile devices, social networking, safeguarding appliances such as TVs and refrigerators which have Internet access, online stalking and harassment, and common attacks and scams such as ransom attacks, pay day loan fraud, money muling and laundering, and various types of card fraud.
  • Protecting Yourself Online: Similar to the above, a PDF that is put out by the Government on basic cyber-safety for the modern user. It encourages keeping your software, security related and otherwise, up to date, securing your wireless networks properly with a secure password, SSID, and encryption, thinking carefully about downloading files and opening suspicious emails, and avoiding fake links purporting to be from banks asking for personal information.
  • Stay Smart Online: The Department of Communications online security website, designed for internet users to get basic information on how to protect themselves and their devices from online threats. Once again, it encourages regularly updating your software and keeping it up to date, multiple data backups, avoiding illegal file sharing networks and services, restricting and encrypting remote access to networks and systems, and if a business getting a risk assessment before you allow remote access.

Spam, Viruses, Malware, Identity Theft, and Online Scams

  • Dealing with Spam: A resource of advice for how to deal with spam messages and emails. The advice is to opt-out of giving your email address and phone number to websites and services you sign up for, and using a separate email that you give to websites and services rather than the one you use for personal or business emails.
  • Internet Storm Center: A diary that logs intrusion detection sensors for over 500,000 IP addresses.
  • Malicious QR Codes: Where's the SeQRity?: A useful resource on staying safe while using new QR codes and scanners, and how to detect malicious QR codes. To ensure safety while using QR codes, you should avoid entering any personal information into a link arrived at by QR code, and avoid those that do not look like they were printed on the poster and were added after.
  • Scamwatch: Online Scams: A brief explanation of online and email-related scams which typically target computer or mobile- device users. Common scams include “free” offers which ask for your credit card or bank details, emails which offer you a product you bid on in an auction for a price but the product is never given to you, requests for money for fake investments, and emails which claim that you must pay the sender for a domain name renewal.
  • Spotting a Phishing Message or Website: A helpful resource on detecting phishing scams and emails. It is specifically about emails and websites relating to the University of South Australia, but the advice given is generic and helpful with regards to all potential phishing messages and sites. To summarise, when receiving a potentially suspicious email, one should check for grammar and spelling, hover over links to see where they actually take you when clicked, and look for identification and contact details in the signature, which phishing emails normally lack.
  • Stop, Think, Connect: Tips and Advice: A web page of tips for online safety, including protecting your computer and personal information and how to limit information sharing. Specifically, it encourages users to keep software current and up to date, automate updates to ensure that software updates itself, use unique passwords for different accounts, when banking and shopping ensure that you only do so at addresses starting with “https://” or “shttp://” rather than “http://”, and set your own custom security settings, where possible, on online accounts to ensure that you only share the information you are comfortable putting in public.
  • Tips For Staying Safe Online: A PDF of tips for protecting your identity and preventing identity fraud. The advice summarises to using up to date antivirus and firewall software which you keep up to date to protect against malicious software and unauthorised attempts at accessing your information, and keep strong passwords with good character variety which you change frequently.
  • Viruses, Spyware, and Malware: A brief explanation of various types of malicious software, or malware, differentiating between viruses which replicate themselves to spread to other computers and damage computer functions, adware which displays advertisements while connected to the internet, spyware which gathers information about your computers activities and transmits it to another party, and browser-hijacking software which changes your browsers settings and functions in order to advertise.
  • Zero Day: An up-to-date, current blog about cybersecurity and new attacks, approaches, and defences.

Businesses, Workplaces, and Online Banking

  • Avoiding Mobile Fraud: What Small Businesses Need to Know: An article on advice for small business on protecting themselves while providing services and sales to customers over mobile devices, which, in summary, recommends capturing the GPS coordinates of the purchase at the time to relate it to the shipping address, coming up with better ways to fingerprint mobile devices, and understanding mobile purchasing patterns to avoid punishing legitimate buyers with fraud detection techniques.
  • Stay Safe Online this Christmas: Advice from SCU on online shopping and banking safety. The recommendations are to avoid deals that look too good to be true, only using secure payment methods, only sending account details via a secure webpage rather than by email, and always keeping a copy of all transactions.
  • Strategies to Mitigate Targeted Cyber Intrusions: The Australian Signals Directorate's (formerly Defence Signals Directorate) list of measures designed to protect government bodies' information security from targeted attacks. The most effective measures, which avoid the most common problems that the ASD has seen, is to use application whitelisting to restrict access to the internet, restricting administration privileges to those roles which require them, and ensuring that all applications and operating systems are up to date and have been patched.

Password Security

  • Diceware: As recommended by Eric Wolfram, a system for creating complex, very secure, random passwords and phrases. An interesting example of secure, hard-to-guess, password creation, using a system of dice rolls to create strings of words to use as passwords.
  • How to Write Good Passwords: An article containing an example of a system for writing secure, memorable passwords, which is a very good example and assists coming up with a system of your own, based on simple mnemonics that the user will remember, each tailored slightly to the website or account that is being used.
  • How to Pick a Safe Password: More advice on picking a good password, from Eric Wolfram. Furthermore, goes into detail about what you should not do, such as making your password publicly searchable information like your numberplate, the names of your family, friends, or pets, and names and words found in the dictionary in general.
  • Password Size Does Matter: Advice from a cybersecurity expert about the importance of long password lengths and strategies for coming up with secure, hard-to-guess passwords, specifically, why varying the characters used in an 8 character password to include numbers and symbols is still not as secure as a 32 character password written in plain English text.

Miscellaneous

  • 10 Rules for Online Dating: A set of useful tips for staying safe, from scams and other dangers, while online dating, specifically not to give away personal information, not send real money, and use a free email specific for the service so as to not give away any identifying or personal information.
  • Know Your Google Security and Privacy Tools: Information about tools and settings to secure and protect your Google accounts, such as two-step verification which requires your phone as well as your password to access your account, using privacy settings on Google+ and Youtube in order to control who can see your information, and opting out of their analytics and advertisement management programs.
  • Stop, Think, Connect: Hacked Accounts: From the same Stop, Think, Connect initiative as above, this is a web page on what to do if you suspect that one of your accounts has been compromised. The information summarises to looking for messages or posts that you personally did not make to identify that the account has been compromised, and if so, advising contacts to avoid links from you until you have changed your password and scanned your computer using your security software for potential malware.

Updated:  18 June 2020/Responsible Officer:  College Dean /Page Contact:  ANU Cybercrime Observatory Webmaster