Unique passwords, two-factor authentication essential to for online safety - expert

A ransomware attack forced Waikato District Health Board's IT and telephone systems offline this week, affecting clinical services across its five hospitals and bringing online security into sharp focus.

Meanwhile, a 2020 study by Cybercrime Magazine estimated the cost of cybercrime damages would hit $US6 trillion by the end of this year.

But there are simple things every Kiwi can do to try and ensure their safety online, says Erica Anderson, CEO of New Zealand cyber security firm SafeStack.

"So the advice nowadays is to make sure that your passwords are unique and long," she told The AM Show.

You can do that by easily by looking around the room and naming four random objects you see - a "really good way" of making a unique password, Anderson says.

And while forgetting passwords is a reason people reuse the same ones again, uniqueness is important so that if you lose a password someone can't access more of your online accounts.

"Another way is two-step or two-factor authentication," Anderson continued. That involves a second step to logging in, like a SMS message with a unique code or approving the login via a third-party app.

"This is really good because if you get phished, if you accidentally give out your password, someone else needs that second step to actually access your account."

Phishing is where the attacker sends a fake message designed to trick the victim into revealing sensitive information, like passwords.

And even cyber specialists benefit from that added layer of security, with Anderson admitting she had been phished.

"I got a convincing email with a link telling me that there was something going on with my account and I needed to click the link and then log in.

"It was for a file that I was expecting, and I clicked through and, thankfully for me, I've got various other controls like two factor authentication. That saved the day."

There are a couple of other things Kiwis can look to do, just in case.

"One would be automatic backups," Anderson says. "So toggle that on, make sure that your phones, your devices and stuff are backed up to places like Google Drive or Microsoft OneDrive.

"The second thing I've got to recommend is to have that person that you can reach out to for help."

That might be grandchildren, parents or even the IT support team at work, she says. 

Alternatively, all Kiwis can call Government organisation CERT NZ, which supports businesses, organisations and individuals affected by cyber security incidents.