With the rapid proliferation of technology in our lives, cyber security is now something that affects everyone. The potential for an incident is ever-present – there’s risk in your phone, it’s there when you open your computer at work, start your car, walk into a shop, even when your brand-new refrigerator connects to the internet.
Good cyber security protects your personal devices and the networks you connect to from digital attacks that aim to access, change or destroy information. On an individual level, a digital attack can result in scams, extortion and identity theft. On an organisational level, it has the potential to impact business performance, brand reputation and the services government can deliver to citizens.
Cyber security is important because it protects your information and enables you to be confident in how you store information, who has access and when. There are 2.5 quintillion bytes of data created each day. Data is extremely valuable and cyber security is the barrier to protect it from being stolen, sold or changed. It also ensures information is consistently and readily available when you need it.
Technology has advanced exceptionally in the last few decades – there are now more devices than people, making complete security difficult. As governments and organisations learn about and adopt new technology, hackers and digital attackers advance and adapt too.
Meet the Service NSW I.T. Security and Risk Team
Service NSW takes its responsibility very seriously and is investing in cyber and information security in terms of people, technology and process improvement. NSW citizens and customers entrust us with their information, and it’s our duty to take all appropriate measures to keep this information confidential, available and reliable.
Service NSW has an I.T. Security and Risk Team involved in almost every project in the organisation to improve security awareness and provide expertise to keep Service NSW and citizens’ information secure. The I.T. Security and Risk Team gets involved in establishing project requirements – including creating and enforcing policy, risk assessments, product security/penetration testing, security fixes and sign off before any projects go live. They also promote and encourage strong security practices within all teams, ensuring sensitive information and access is protected. The first line of both attack and defence in cyber security is people, so providing solid security awareness and training across all Service NSW staff is important. The tips and tricks provided to staff can readily be applied to everyday situations and be useful to everyone.
6 top tips for better passwords
A common target of cyber security attacks is to steal personal information that can be leveraged for financial gain. With Privacy Awareness Week just gone, it’s a great reminder to take the necessary steps to protect your own and our customers’ information.
In some cases, particularly with repeated or simple passwords, it only takes a computer 0.29 milliseconds to crack a seven-character password. On the other hand, a 16-character password can take over two centuries to crack!
- Go long. Only five years ago, a seven-character password was enough to be secure but now the standard is moving towards a 10-12-character password or passphrase. Some websites have a character limit set for passwords, but the longer you can make it the better. It’s the same with bank PINs – most allow up to 8 digits.
- Get creative. Many websites now have basic password complexity enforcement to ensure your password is secure. This includes ensuring your password contains at least one capital letter, number or even symbols. However, hacking algorithms can swap out letters with commonly used number and symbol replacements (i.e. P@ssw0rd) to crack your password, even though the website you’re signing up to has told you it’s secure. Use symbols and numbers creatively (i.e. igo&EATcake4breakfast).
- Change it up. Most people pick something that’s easy to remember and use it (or something very similar) across different accounts. We recommend having a completely different password for every platform. Which brings us to our next tip...
- Defer to a password manager. If you’re doing the right thing and changing every password, but you worry about remembering them, a password manager can help.
- Think outside the box. People often pick a word that is dear to them, like their dog’s name, or something generic like ‘Password1234’. These passwords might be easy to remember but they’re also easy to hack.
- It’s not rocket science. We have been conditioned to think that our password has to be a random, complex word, but it doesn’t need to be that difficult. Think of your password more as a sentence like ‘iliketoeatCAKE@9pm’ to make it lengthy, but easy to remember.