Type your email address into the NCSC's new website and it will tell you how many times your details have been leaked - and from which sites.
“New Zealanders are quite apathetic towards online security with a ‘she’ll be right’ attitude,” says the National Cyber Security Centre’s Mike Jagusch.
The harsh reality is more than 830,000 New Zealanders have experienced some financial loss, he says, quoting his agency’s quarterly survey.
“With the average amount per attackbeing $1260, the majority feel the impact,” he says.
The National Cyber Security Centre (NCSC) hopes a new website it is launching today, How Exposed Am I?, will help jolt people out of their apathy.
When you type in your email address, the site tells you how many times your details have been spilt in a cyber attack, when this occurred and the sites involved.
The data is pulled from haveibeenpawned, a service that has tracked online breaches since 2007 and dressed up with advice from the NCSC on staying safe and minimising the amount of personal details you share online.
You might be surprised how many times your personal details have been stolen. And the swiped data is usually put up for sale on the dark web – providing yet another reason to regularly change your password for any given site.
An image from the NCSC campaign How Exposed Am I?
I typed in my main personal email address. How Exposed Am I? told me it had been spilt in dozens of breaches, though all were historic (including a LinkedIn attack in 2011; I’ve changed my password for the service dozens of times since) and one for MySpace, which no longer even exists in its original form.
Still, it will be good shock therapy for some – especially those who use one password and don’t change it for years.
The site has been launched to help kick off Cyber Smart Week. You can check out a full list of events and resources on the NSCC’s website here.
Is AI making the scam threat worse?
“AI is contributing because it enables a scammer to create more realistic content that you might fall for,” Jagusch says.
“But there are still always multiple signs that something might be a scam, which haven’t changed.
“You can still ask: is the message creating an unnecessary sense of urgency? Is it sending me to a website that doesn’t look correct? Is it making an offer that’s too good to be true?”
Where to go for help
Own Your Online (www.ownyouronline.govt.nz) has become the official destination for Government advice for individuals or small businesses hit by a cyber attack or looking for cyber security advice.
You might be familiar with Cert NZ – the Cyber Security Response Team created by the Crown last decade. Last year, Cert NZ was folded into the NCSC, a wing of the GCSB.
After a transitional period, the Cert NZ brand has been retired.
Under the new set-up, the likes of big companies and government departments are directed straight to the NCSC for support (the NCSC’s website and alerts assume technical expertise), while regular punters and small organisations are pointed to the Own Your Online site, run by the NCSC.
5 tips to make yourself more secure
Use a different, complex password for every website. Better, use a pass phrase if a site allows it, says Jagusch. That is, several words. Some security experts recommend a lyric, because that’s easy to remember. But Jagusch says, “It’s best to use something that isn’t associated with you, like a favourite song.” His suggestion is four unassociated words.
Use a password managerto remember all your passwords for you, Jagush suggests. That way, you’ll only need to remember the password required to access your password manager. There are standalone bits of software, but web browsers like Edge, Chrome and Safari now have password managers built in that automatically suggest and autofill strong passwords.
Use multi-factor authentication or a code sent to another device every time you log on.Using an authenticator app on your phone is more secure than being sent a text message, Jagush says.
Make sure your email address is super-secure because it’s what you probably use as your logon name for multiple sites, Jagusch says – and your inbox contains a wealth of personal information.
Save sensitive stuff for your secure home or business connection. Never do anything involving vulnerable data, like online banking, when you’re connected to public Wi-Fi.
Chris Keall is an Auckland-based member of the Herald’s business team. He joined the Herald in 2018 and is the technology editor and a senior business writer.
