Articles by the cybersecurity community

#Phishing - Microsoft Teams

 #Cybercrime - beware of spoofed Microsoft Teams emails. Similar to the recent spate of Dropbox phishing that appear to be form a colleague sending a file via Dropbox, these emails look like a notification from a colleague via Teams and request the recipient to log in via the supplied link to see the message. The link/s in the message goto a #phishing page made to look like a Microsoft Teams log in page. These phishing emails are designed to obtain Microsoft log in credentials.

** What can you do? **

  • All users of technology need to remain vigilant against cybercrime.
  • When you receive an email with a link to a log in page, consider NOT clicking that link, instead goto the page yourself with a URL you know/find yourself.
  • If you have inadvertently been tricked by phishing, change your password/s immediately.

AusCERT Innovates with its first ever Virtual conference - we can be heroes - excerpt from article

The article was originally published on LinkedIn- and can be seen in it's entirety on that platform at this link Article about AusCERT's first virtual conference [NOTE you need to be logged into the LinkedIn platform to view the article.]

The folowing is an excerpt  of that article 

AusCERT Innovates with its first ever Virtual conference

This year really needed some normality, and the loss of so many industry conferences due to the pandemic, was taking even more of that away. Also conferences are a good way to learn new skills and understand other perspectives, so the lack of industry conferences (for any profession) due to this virus adds to the general malaise the world is blanketed with. In comes AusCERT, swooping in like a super hero (but minus the badly fitting tights and improbable costume changes) to bring us an amazing four day event in cyberspace.
Overcoming the challenges of delivering workshops remotely without the class physically present, the AusCERTconference tutorial days saw great success. Some attendees had feedback that the facilitators could have improved their offerings by communciating with participants prior to the workshops to ensure any virtual machines or downloads were done ahead of time, but that is all a learning experience, and the facilitators will know how to improve if they are ever faced with virtual workshops in the future - and odds are they will be!
The presenters and topics were diverse and there were enough variations on topics to be of use and of interest to a variety of people from a variety of professions. The sheer diversity of presenters and presentations added so much richness to the conference and the fact that the whole conference was played to people not geographically located together was amazing.



cartoon boy - A. Turner 2020 | Avengers comic image - Avengers #48, Marvel Comics, 1963

Guest Post - Louisa Vogelenzang - 5 behaviours that demonstrate you already have the foundations to manage risk in the online world

Thank you to Louisa Vogelenzang , the cofounder of The Cybersecurity CafĂ© podcast for permitting me to reproduce an edited version of her original article on managing online risk.

Image of the earth with lines surrounding it with HTTPS

Whether you are an individual or a small business, I want to show you that you already have solid foundations you can build on, to help you to confidently manage your risks in the online world. Why? because you already practice those skills on daily basis as a part of the way you secure your physical world.

Let's start with a small exercise and I will show you how.....

In your head, make a quick list of all the valuable items you have at your property or business....

black and white drwing of a clipbaord with a checklist boxes on left lines on right


I am guessing that your list was fairly easy to come up with and that it includes mostly physical items - your loved ones, family photos, perhaps some jewellery, the family car, a shed full of tools, art you have collected, your personal laptop, smartphones, gaming consoles, perhaps your vintage record collection, passports or maybe an inherited family heirloom. If you are a small business maybe your list included your staff, your precious stock, your current cash takings as well as a view of some of the items that are less easy to quantify like the trust your customers place in you or the 'experience' of being in your store.

The important thing is, you are able to identify the items of value to yourself and/or your business.

I bet you also know the value of many of these items in total and individually, you can visualise where they are kept, and you know what steps you have taken to protect them. You have probably before now, also thought about the impact it would have on you if these items were stolen - some items are replaceable, some are not. You may have also insured your items for a total figure and have also named specific high value items on your policy, to ensure you have the ability to replace them in the event that they are stolen or destroyed.


Here are some of the items from my list I thought I would share, including their value to me and what steps I've taken to protect them:

·       My family Invaluable and (overly) protected at all times, I wish they never had to leave my side but when they do, I am verifying their safety as often as they can tolerate (mostly via SMS or in the case of my dog via my pet cam!).

·       My wedding and engagement rings. High sentimental value and to protect these, I never take them off. This is probably because my Mum lost her original engagement ring down the kitchen sink when she took it off one day and I am also quite clumsy, so would probably end up doing something similar!

·       An inherited item of family jewellery. High value both sentimental and monetary - this is kept in a safety deposit box offsite (I can't trust myself not to loose it).

·       The family car. Medium value - it's insured and in the garage protected by key fob entry that only those who live in the block have access to as well as an electronic key individual to the car, immobiliser and car alarm. I am aware there are certain circumstances where my insurer won't cover me and we've made a note of those (for example I can't allow my Dad to drive the car if he visits from the UK unless I pay extra and add him to the insurance during that time).

·       All the other items of value in my apartment are secured as you might expect by a combination of key fob entry to the apartment block where a video entry also controls who can enter the apartment block without a key (they must be authorised to do by a tenant who authenticates them by sight over video). A front door key unique to my apartment that only I, my husband and a trusted friend have a copy of and window locks.

Having a look around my local neighbourhood at the small businesses in the area here are some examples of the physical security measures they take:

·       My local coffee shop locks their outdoor tables and chairs away at night inside their building to reduce the risk of them being stolen

·       The local supermarket franchise uses CCTV inside and out and a security guard on the door, presumably to help them to manage shoplifters during opening hours and the risk of store break-in over night as they have high value items like liquor and cigarettes on the premises.

As well as knowing what your valuables are, their value, where they are kept and how you are protecting them, you probably also know what to do when things go wrong - who to call and what process you will follow in the event of an incident. For example if you come home and find your tool shed has been broken into you will probably check what is missing, call your loved one(s) to let them know, try not to touch anything to preserve any forensic evidence, call the police and report it and then once you have a crime number from the police, call the insurer (if you have insured this item). The police may also physically attend the incident to take photos or try to capture some forensics and provide advice on how to reduce the risk of this kind of incident in the future. Your insurer may also send an assessor onsite


You also will likely know how you will recover from a security incident for example if your car is stolen, recovery might mean taking public transport until you can arrange a hire car via your insurer (if they offer one), then once the insurance claim has been processed, you will need to go out and buy a new car. If your mobile phone is stolen you might (if you have been taking back ups of the phone) be able to recover fairly quickly and easily - perhaps you have a spare phone and can be up and running in no time, using the back ups.

You are also able to adapt to new threats - perhaps you have a neighbour who had their car stolen from their drive whilst they were unloading their car (here in Australia car theft is still fairly common with latest statistics confirming there is one car stolen every 10 minutes). You learn from the police that thieves are targeting the area in this way at the moment, previously you were not aware of this threat and now you are worried about your family being vulnerable as they often leave the car running in the drive. As a result you take some steps to reduce your risk and improve your overall resilience with new processes that your household agrees on (not leaving the car engine running with the keys in the car on the drive) and you also decide to install some new tools/technology settling on some CCTV outside of your garage.

It is important to also note that our risk appetite (how much risk a person is willing to accept) varies from person to person and business to business - this can be down to our knowledge/awareness of a threat, whether we believe we are vulnerable, the potential impact to us personally (often in $$) of a particular risk being realised, our available budgets to reduce a risk and our even our previous experience.

Here is an example of how our physical security risk appetite can vary between humans...

Jenny, Chris and Jim go to the same swimming pool around the same time each week for the adult lane swimming on a Tuesday evening. They don't know each other and they all have a different perceptions of the physical environment around them. As a result;

·       Jenny aims to lock her wallet and smart phone in the lockers available which costs her $2 each time, except for every now and again when she doesn't have the right change and can't be bothered to go back out to the front desk again. On these occasions, Jenny leaves her bag at the side of the pool as everyone at the pool seems nice enough.

·       Chris doesn't want to pay the extra $2 for the locker (he's trying to save for his first motorbike) and decides to take the risk of leaving his bag at the side of the pool, but looks over to his bag every now and again to check nobody is looking suspicious around it.

·       Jim had his wallet and phone stolen at the same swimming pool last year and spent many hours cancelling and getting replacement cards and getting his phone set up again (he hadn't backed up his phone and his insurer wouldn't cover him for this item outside of his house). He also lost $200 in cash that was in his wallet in addition to the cost of the new phone. He never forgets the $2 locker money and considers this a worthwhile investment at $104 per year.

As well as these 'self-managed' physical risks that we manage on a daily basis, sometimes governments mandate laws to help enforce the reduction of a particular physical risk - for example the use of seatbelts in cars and strict blood alcohol levels for drivers to help reduce the risk of traffic accidents. Manufacturers can also sometimes build security features into their devices for example in the case of cars, alarms and immobilisers are now fitted as standard although maturity varies greatly across different manufacturing industries.

The truth is, a lot of this article probably seems like common sense and is very familiar to you because physical risk is often so much easier for us to understand. Unlike the virtual/online/digital world, humans have been living in the physical world for several hundred thousand years and we are for the most part, very familiar with making risk based decisions within it.

I am hoping this story has helped you to recognise that you should start with a position of confidence when it comes to your ability to manage risk in general, because you do this every single day. To recap these are some of the existing skills you likely already have, that you can apply to your online/digital/virtual world;

1. Identifying what is valuable to you and/or your business, where those valuables are kept, how well they are protected and the potential impact if something happened to these valuable items

2. Being aware/staying up to date on threats around you and whether you might be vulnerable to them

3. Knowing what to do in the event of an incident

4. Knowing how you will recover from an incident

5. Being ready to adapt to reduce your risk

And whilst there are some key differences between the virtual world and the physical world, I will make sure we unpack all of these in the weeks to come, so that you can learn how to adapt your skills accordingly.



Guest Post - Louisa Vogelenzang - You know how to safeguard your keys in the physical world – here’s how to do it in the online world!

Thank you to Louisa Vogelenzang , the cofounder of The Cybersecurity CafĂ© podcast for permitting me to reproduce an edited version of her original article on passwords.

image of a bu nch of antique keys on a ring sitting on a wodden table



Keys - to your house, your car, your garage, your bike, your workplace– we’ve all got them and most of us have experienced some level of anxiety when we misplace them or worse still, they are compromised.

If you have a bunch of keys nearby, have a look at how they are all quite unique - from house keys to car keys to bike locks, to the smart card you use to access your workplace, to the key to your filing cabinet at home (if you have one), where you might keep your passport.

Think about how you generally choose the level of security surrounding your keys, which can often be based on your risk appetite  or on the risk appetite determined by others. Here are some examples;

·       For my bike, I have chosen a bike lock that can't be cut (easily) by bolt cutters. It was more expensive than a standard bike lock but I have a high insurance excess and feel it is worth it to reduce the risk (and cost impact) of my bike being stolen.
·       In the apartment block where I live, tenants and owners have to go to a trusted 3rd party, fill in a form and provide ID to get another key copied. None of the owners in the apartment block asked for this system, it was put in place by the builder.
·       If you run an AirBnB you might leave the key in a lockbox with a pincode that you only share with your cleaner and your guests. You change this periodically to ensure that past guests can't potentially access the property in the future.
·       If you are a small business, or a security conscious household, perhaps you have chosen an additional layer of security on top of your keys. 

The best example I can think of is when you require someone to have a key to the building AND they must also know the code to turn off the alarm before proceeding into the building. This allows you to authenticate the person AND to trigger an alert if worst case, someone breaks into your house or business.

You will have also have thought about the potential impact if any of your keys were lost or stolen and you have a plan on how you might recover. For example you might give copies of your most valuable keys (maybe your house key) to a trusted neighbour or family member, or maybe you decide you are OK with storing a spare under the flowerpot in your front garden. Maybe you know in your head that you would definitely change the key to your front door and therefore locks, if you thought your house key had fallen into the wrong hands (even if you had a spare).

picture in teal and dark green and black of a digitalised hand with finger pointing to a digitalised planet Earth

Now think of your digital life.....your email, your social media accounts, your online shopping accounts etc. The good news is that some of these same principals you already know well very from managing keys in your physical world, also apply to your online keys (passwords) too.

Here are some of the skills you already have to help you manage your online keys (passwords):

1. You make sure that you don't have the same key for all of your physical valuables

As mentioned above, you have lots of different keys for different 'use cases' in your physical life and you would be unlikely to choose to have the same key for all of your valuables.
 
You just need to apply this same principal for your online keys (passwords) - this means using different keys (passwords) for different online accounts e.g. email, banking, online shopping and social media accounts (more on how to make this easy to manage later).
 

2. You have covered the 'what ifs' in terms of your house keys or car keys falling into the wrong hands.

 
In the example above we looked at how you might have thought about what you would do if you thought your house key had fallen into the wrong hands and what the implications could be of that event (based on what that key was protecting).
 
You should also have a think about this for your online keys (passwords). For example, maybe you are storing a scan of your passport and identity card in your email (you sent this in an email to a real estate agent for a rental application in the past). Imagine if someone got the ‘key’ to your email - this would be the equivalent of them getting the key to your house AND your filing cabinet and knowing your address. However, unlike the physical world, where you might see evidence of a break in, in the online world, you might never know that they were able to access these documents AND take a copy of them, until they started to use this information to impersonate you (we will cover this in more detail in a later blog on online identity theft).
 

3. You add an extra layer of security around your keys if required

 
Like the alarm that needs a pin code and will potentially alert you if someone unauthorised tries to access your building, you should also considering adding extra layers of security around your digital keys (passwords).
 
The equivalent in the online world, is something known as Two Factor Authentication (2FA). This is where, instead of a static alarm code that only you/trusted family members/employees know, a once-off code is sent to your phone which you need to enter to access your online accounts. This is usually sent to an 'authentication' application (such as google authenticator), or perhaps via text message - this means only you can see it. Once this is set up, you won't typically need to enter a code in addition to your key (password) every time you need to access your account, just when something changes e.g. you log in from a different computer.
 
The good news is that unlike the physical expense you might need to go to, to buy and set up an alarm for your house or business (and also potentially pay an additional fee for alerts sent to you if there are intruders), in the online world this service is absolutely free so you might as well set it up!
 
You will need to be prepared to invest some time upfront in setting this feature up for your accounts but I assure you this time will be well spent - it will provide you with an extra pair of eyes, alerting you if someone tries to access your online accounts and stopping them from doing so, because without the code that is only received on your phone, they can't get in to your account. Since turning this on several years back, I've received countless notifications of attempts to access my email and social media sites from countries I have never even visited - it was so reassuring to be able to say 'no this wasn't me' and have the piece of mind knowing they hadn't been able to get into my accounts.
 
You can read more about 2FA via the helpful guide from the UK’s National Cyber Security Centre (NCSC) and there is another good site called turn on 2FA that takes you through step by step how to get this working for your online accounts. Like those physical alarm panels that are all slightly different in terms of how the operate, each online site might have a different way of turning this Two Factor Authentication feature on. It is worth noting that unfortunately, not all online sites offer Two Factor Authentication yet, so you will need to make sure you always have a unique and secure key (password) we will cover the details on how to do this later in the blog.
 

4. When you do find out your key has been lost or stolen, you enact your plan to recover from this

 
As we explored earlier, you generally have a plan of what you will do if your physical keys are lost, stolen or compromised in some way. You should absolutely apply the same principal in the online world and apply a sense of urgency to compromised online keys (passwords), especially if they were being used to protect online accounts where you might be storing information valuable to cyber criminals or where you might have used that key (password) on more than one account. We will go through how to identify compromised online keys (passwords) next (point 5).
 
The good news is, it is also a lot easier to change your key (password) in the online world than is to change your key in the physical world and even better, it is also free! (more details later in the blog).
 

5. You proactively check on your keys

 
I am sure like many people, you proactively tap your pocket or look in your handbag to check your keys are in there, so you need to do this same proactive check for your digital keys (passwords).
 
Thankfully there is also a really easy way to proactively check up on whether any one of your keys (passwords) has been compromised via this wonderful website from Troy Hunt.
 
On Troy's site, you can type in your email address and it will right away let you know if your email address has ever been compromised in a data breach, because if it has, it is likely your key (password) or other details went with it too.
 
 
If anything comes up on your search, you will need to immediately change the keys (passwords) you use for that site if you haven't already done so (for example if you received an email from the site that was compromised advising you to do so AND you followed up with the action!).
 
If you were using that site key (password) on any other websites it is also important to change the passwords for those other sites too.
 
Thankfully I double checked and I had changed these passwords in response to these breaches at the time, but it was a good opportunity to do an audit and check again, to make sure I hadn't missed any.
 
I remember when I found out about these breaches at the time I asked myself - should I even care if someone was able to log into my MyFitnessPal account and see what exercised I had tracked? I then reminded myself that I should care because:
 
- Cybercriminals could have used this combination of my email and key (password) to access other (more lucrative) accounts of mine if I was re-using that same key (password) on those other sites - hence the importance of not using the same key (password) for multiple sites.
- This information would have value to cyber criminals, even if they didn't intend to use it directly themselves, because they could sell this on a place called the Darknet/Darkweb 

Now, if like many people, you need to create a new key (password) after visiting Troy's site, you definitely don't want to be using any of the passwords that cybercriminals have on their list already. Think of this list as being the like one big 'skeleton key' or 'masterkey'. enabling cyber criminals to easily try their luck with keys (passwords) we might already be using.
 
You can visit this recent blog post from the UK's National Cyber Security Centre (NCSC) if you are keen to see the complete list but if not, this screenshot should give some great insights into the sorts of passwords (keys) that you don't want to be using:

 
What about those websites that make you use capitals, numbers and special characters? are they not secure passwords?

question mark blue with grey shadow
Cybercriminals unfortunately know the patterns we often use when we are forced to create a password with special characters, numbers and capital letters.
 
According to Troy Hunt and some Microsoft research cited on Troy's website, cyber criminals know we will normally start with something simple then change it to suit the website's password requirements. When we do this, we tend to follow a pattern and put a capital letter first, symbols last and a number in the last 2, or we will substitute symbols for a letter such as $ for s, @ for a and so on.
 
For example, if you decided to cut a key (create a password) starting with the suburb you live in - let's say it's called St Neots - this is how you might build the password to meet the site's criteria of at least 8 characters, of which one must be uppercase, one a special symbol and one a number:
 
Stneots -> Stneot$ -> Stneot$12
 
We will cover the types of passwords (keys) you should be creating in a moment...but I would just like to take a moment to say thank you to Troy Hunt - he really does do some incredible work in providing this free service to the community and is a true cybersecurity hero!
 
Now for some of the differences to be aware of when it comes to online ‘keys’ v’s your physical keys:
 
1. You generally have to 'cut' the key yourself
 
Unlike the key to your new house that you picked up from the real estate agent, when you sign up for a new online account, you will be asked to create a key (password) yourself. This is both a great opportunity and a great responsibility.
 
Sometimes the website you are using will prescribe a ‘template’ for the key (password) you need to create where they tell you it has to be so many letters, characters etc as described above.
 
We covered off early the types of key/passwords we should be avoiding earlier but for the best advise on how to cut a secure key (password) online I turn again to my go-to source - the NCSC in the UK and below is their verbatim and most recent advice on creating a strong password ;
 
Use three random words to create a strong password
A good way to create a strong and memorable password is to use three random words. Numbers and symbols can still be used if needed, for example 3redhousemonkeys27!
Be creative and use words memorable to you, so that people can’t guess your password. Your social media accounts can give away vital clues about yourself so don’t use words such as your child’s name or favourite sports team which are easy for people to guess.

 
If you are one of those people who have selected something that is easy to remember for your online keys (passwords) like a pets name or password 123456 or ever reused a password, don't be too hard on yourself - we are all human and tend by our nature, to select the easiest way around something. It hasn't helped that up until recently we were expected to remember all of these different keys (passwords) in our head but thankfully there are now solutions that can help which we will cover in the next point (2).
 
Note:
an added complication can sometimes be that the online world has changed it's mind about what is 'secure' when it comes to your online keys (passwords) so this can cause confusion because some websites might not have caught up with the latest advice and simply won't allow you to create a key (password) in line with the advice above for example if you choose 3 random worlds and this takes you over their character limit. If this happens, try not to worry too much, remember the internet has only been around for a couple of decades so we are still learning. What you can do in this scenario is:
- Turn on (if available) the second layer of security we talked about earlier (Two Factor Authentication - the alarm code and monitored alerting system for your online accounts)
- If 2FA is not available on the site, consider voting with your fingertips and taking your business elsewhere - you should expect business to take the security of your information seriously.
 
2. You will need to store your keys differently
 
Unlike the physical world where you have 1 or 2 key rings probably hung up in the hallway somewhere where you can see and find them ....
 
keys hanging on a wall vertically across


In the online world, you will need to store your keys (passwords) in a different way to physical keys and this is something new that we are understandably less familiar with.
 
We also need to remember what our online keys (passwords) actually look like and there are generally many more of them to remember, compared to our physical keys. I just did a quick count and I personally have over 100 different keys (passwords) for all the different accounts and services I have in my online life (in contrast I have about 20 different physical keys).
The good news is, the online world has come up with a solution for these challenges called a password manager.
 
The NCSC provides brilliant overview on password managers and their benefits which I highly recommend you read. I promise this will take around 2-5 mins of your time BUT it will be so worthwhile as this is your ticket to making your life so much easier when it comes to managing multiple AND secure keys for your online accounts.
 
 
Just remember that if you choose to use a password manager or browser based password management, make sure you are following the guidance in the link above on how to protect them well.
 




3. Criminals don't actually need to physically go to the address to commit crime using your key (password) in the online world.

 
We covered this concept in my last blog where we looked at the differences between physical and online criminals and how they can commit crime from anywhere. This is why it is even more important, to proactively check on your online keys (passwords) as we discussed above.
 

4. You can easily change your keys (passwords) in the online world

 
Unlike the physical world where you might have to change the key/lock if your keys become compromised which can be very expensive, most online sites have a mechanism to help you if you either lose (forget) your online keys (passwords) or if you discover they are compromised via Troy Hunt's site or via a notification from the provider that was compromised.
 
In fact, you have probably used this service yourself already, if you have ever had to reset a password for one of of your online accounts.
 
I used this service a lot before I invested in a password manager. I was doing my best to create secure passwords for myself but this often got me locked out of my accounts, because I couldn't remember them all! many times I found myself having to enter my email and get a link to reset my password (usually for an online account I hadn't used in a while).
 
Whilst it can feel like a drag at the time, as you just want to get into your account and get on with that purchase, just remember, this process is generally a lot less hassle than the process you have to go through with your physical keys of changing the locks.
 

Next Steps

 
I hope this has helped you to feel more confident about your ability to manage your online keys (passwords) and that you recognise that you have the knowledge from your physical world that you can use in the online world.
 
If you do nothing else today, I would strongly encourage you to visit Troy's site and find out if your details have ever been involved in a data breach. At least then you are empowered with the knowledge and can do something about it if you choose to - specifically to change those keys (passwords) if they were involved in a data breach and any other sites using that same key (password).
 
If you are lucky enough to find that your details haven't been involved in a breach so far, it is best to assume that they will be at some point and ensure you take the opportunity to do a quick audit today:

- do my passwords meet those recommended standards? (3 random words that are nothing to do with my pet, children, favourite football team, where I live or anything someone could know about me via social media)
- Are any of my passwords on the list of bad passwords shared above like 123456, liverpool etc (or similar to those on the list)
- are they being reused at all across different online accounts e.g. email, social media?
 
Once you have done that, maybe take some time to consider the current state of your online key (password) cutting, storage and protection processes and have a think about what you could put into practice to improve them in the future. For example, turning on that alarm code and notification feature (Two Factor Authentication) for your online accounts or using a password manager to help you more easily create and manage strong keys (passwords).
 
Remember, just like guidance from the police, on how best to protect yourself from the crime happening in your area, guidance can and will likely change when it comes to best practice for your online security. Make sure you follow a trusted source of information on best practice - I follow the UK's NCSC on LinkedIn and Twitter. In Australia Stay Smart Online has a Facebook page you can follow and if you are reading this outside of the UK or Australia you will likely have an equivalent service in your country.
 

All the best,
 
LV
 
Disclaimer: I’ve used the term ‘key’ when describing passwords as this analogy best aligns to the function of a password when comparing this to an equivalent in our physical lives. There is such a concept in the online world of a ‘cryptographic key’ but this relates to something that is used by software and is not generally readable by humans (unlike passwords). This is quite an advanced area of cybersecurity called cryptography which can be covered in future blogs if the demand is there!
 
 
 

image of a wodden table on which a set of antique keys on a ring sit

Guest Post - Shelly Mills - World Backup Day

What’s your personal back up plan? Tuesday 31 March is World Backup Day 

We’ve all heard stores of (or experienced) losing an important document due to the blue screen of death, losing precious photos due to a device dying, or even losing all files after falling victim to malware or ransomware. 

The only way to protect yourself against valuable data loss in situations like this (which could happen to anyone – even IT professionals!) is through regular backups.  


This World Backup Day (31st March), we encourage you to consider your personal backup plan, and backup any files that need to be.  

When considering your personal backup plan, think about all your devices – your laptop, mobile phone, etc.  

Now think about the different files these devices hold. How important are the files? How often are these files added to (e.g. work files that are updated regularly, versus old photos).  

Based on these considerations: 
  • Determine how often files should be backed up. Daily, weekly, monthly, yearly?  
  • Decide where files should be backed up. This could include an online backup (e.g. OneDrive, Google Drive, iCloud, Dropbox), and an offline backup (e.g. external hard drive). Online backups are good in situations where the files need to be backed up regularly, however an offline backup is valuable as it will help ensure a ‘hard’ copy. 

Some types of files may be set to back up automatically – e.g. photos on your smartphone may automatically sync to iCloud or Google Photos. You’ll need to identify what is being automatically backed up (and is this backup alone enough?), what isn’t being automatically backed up, where you can set up automatic backups, where you need to consider manually backing up, how often you want to do an offline backup, and so on. 

You can find more information on backups at Stay Smart Online’s Backups webpage