We all know we need to protect our mobile phones and computers. But how? And are you doing enough?

I'm sure we've all come close to clicking that dubious link purporting to be from our bank, IRD or Spark.

Bronwyn Groot, fraud education manager at the Commission for Financial Capability (CFFC), took just five minutes to look at my online set-up and found two ways in which I was open to be scammed or defrauded. I closed the loopholes within minutes of the call.


Now, I am comfortable with the technology, and if I'm an easy enough target it must be child's play to steal from less online-savvy Kiwis.

The single most important thing you can do to protect your online finances from fraudsters, says Martin Cocker, chief executive of Netsafe, is to have different passwords for everything — especially your email, online banking/investing, Trade Me, payment accounts, and any shopping websites you use.

Cocker says if criminals get hold of your email address and password from a hacked site such as LinkedIn, the criminal then takes a stab that you have a Gmail account, which uses the same password. Inside your email account they will find which bank and shopping websites you use. If you use the same password each time the criminal has hit bingo.

Multiple passwords are hard to remember. A password manager such as LastPass will help with that. It can generate random passwords when you need them and save them. When you next need visit a website or app, you tap on the LastPass icon and it fills in the specific password for that site. That way you only need remember one password. It works on all my devices.

I asked Cocker what would happen if the password manager is hacked, but he assured me that it's an added level of security making it much harder for criminals to gain access. On my phone, LastPass requires my fingerprint for access.

The next level of security to add is what's called "two factor authentication". This is where you enter your username and password, then enter a code which you receive in a text.

The spectre of criminals accessing my bank account online or with my EFTPOS card scares the bejesus out of me. I know if I don't reveal my passwords and PINs to anyone the bank should cough up for any losses. But banks will argue, where possible, that it was the customer's fault.

I phoned my bank while researching this article to see if there were additional protections that I'm not using already. There are. I can, for example, hide my accounts online so anyone who breaches the security only sees what's in my current account. This isn't a failsafe because the criminal could guess what I've done and unhide the accounts.


Another sensible protection, says Groot, is to have a dedicated credit card for online shopping with a very low credit limit and single payment limit. A daily withdrawal limit for cash on bank accounts isn't a bad idea either.

Modern systems such as Windows 10, and newer Android/iOS systems, have sophisticated security features and our overall protection is better than it was a decade or so ago, says Cocker.

Nonetheless, if you want to protect your money it's a very good idea indeed to have additional security (antivirus/malware) software. This is especially the case for people who are not tech savvy.

Since researching this subject I've purchased top-of-the-line antivirus/security software. Among other things it can search my devices for security/privacy vulnerabilities. It might be unnecessary, but I don't want to take chances.

I noticed as well that Windows Security on my computer offers to carry out an additional scan, which I've told it to do regularly in the future.

You should also change the privacy settings of your social media accounts to high levels, says Groot. This stops the type of information gathering that she did on me.

Then backup your computer and phone, preferably to the cloud. If you get hit with ransomware, where you are asked to pay money to unlock your device, you can stick two fingers up to the criminal, wipe your phone/computer, and start again with your backup.

If you do receive suspicious, unsolicited emails, Google the name of the company or website along with the word "scam" and see what you find.

Even all of this together won't guarantee you won't be hacked and defrauded, but it will reduce your exposure to financial crime.