Expert Voices

Three simple cyber safety suggestions!

As online learning and digital technologies are a huge part of what we do at The Mind Lab, we’re acknowledging Cyber Smart Week 2021 with three simple suggestions to help you stay safe online.

These tips can save you a lot of heartache, especially as many of us are spending more time online than ever before. We’ve chosen a smattering of cyber safety topics we cover in our Digital Skills for the Workplace micro-credential, as they often really surprise (and sometimes scare) our learners. 

When it comes to being cyber smart, it’s all about analysing a level of risk. It’s a process of assessing what we can put in place to protect ourselves, our information and the information of our businesses, customers and colleagues.

Let’s start with backups

What’s the most important thing in your digital life? Documents? Music? Family photos? (Spoiler alert: photos is the most common answer!) If this is critical, we’d highly recommend backing it up. 

When we say back up, we mean more than just backing up in the cloud. Of course this is a great place to save everything, it’s easily accessible and not tied to a single device. However, if it’s vitally important we’d recommend backing it up externally as well. The cost of external hard drives has reduced greatly, so pick up a terabyte and make a plan to regularly back everything up on it. Whether it be monthly, weekly, or even twice a year. It will give you peace of mind to know there’s a back up to your back up.

Passwords, passwords, passwords

This is a big one. First and foremost the recommendation for the safest password has changed. Rather than the random combination of letters, numbers and symbols that felt impossible to guess – it’s now recommended that you use passphrases, a combination of four random words. Cert NZ recommends this due to the time it would take to crack a password (refer to the visual below).


It’s also highly important that you use a unique password for each account you have, even though this feels impossible to remember (we’ll get to that shortly). As your email address is an identifier for most if not all of your online accounts, having the same password is very risky (even with minor changes at the end). Credential stuffing is the process of taking one hacked email/password combination and using it in a bunch of different places until they start accessing more than one of your accounts – not good! Unfortunately they have a high hit rate with this technique.

So how do you remember all of your passwords? Use a password manager. These are encrypted so are much safer than saving any passwords to your browser / computer / on a note on your phone etc. Some good recommendations are LastPass, Dashlane, 1Password, Keeper – most of the best ones have a fee associated with them but we believe it’s well worth a small investment for what it could save you.

Another safety measure to add is 2-factor authentication (2FA) or multi-factor authentication. This is when you use two methods to verify your identity, for example:

  • Something you have (token / bank card / key) 
  • Something you know (pin / security question / password) 
  • Something you are (biometrics / iris / fingerprint) 
  • Somewhere you are (IP / location / verified device). 

You can add authenticator apps onto your phone that help you with this process, such a Google Authenticator.

Spotting a scam!

Here are a few quick “flags” to help you spot a scam. Some may be obvious, however if you’re not paying attention any one of us can still get sucked in:

  • Did they ask for your password? It’s a scam. Legitimate organisations will never ask for your password, ever. 
  • Did they talk about verifying your details or account? Scam language… If so, go direct to the website to do so, don’t respond or click on any links if you’re unsure. This will help weed out the scams from the legitimate accounts.
  • Was there mention of an unusual way to pay for something e.g. iTunes card, gift cards or money transfer systems? Sounds like a scam! They use alternative ways to access funds to avoid being caught by scam radars relating to bank accounts etc.
  • Did they ask for remote access to your device? Scam! Avoid agreeing to this unless you’ve actively sought out their service (e.g. if it’s your company IT guy replying to a request from you, this is not so scammy.)
  • Are you feeling pressured to make a decision quickly? It might be a scam. Usually they use techniques where they try to make you act fast to avoid an account closure or take advantage of a good deal. End the conversation to give yourself time to think, and decide if it’s feeling like it might be a scam.
  • Did they contact you out of the blue? You guessed it… might be a scam! Even if they say they are from a legitimate organisation, this random contact could signal otherwise. Feel free to ask them to verify themselves using another form of identification.
  • Check the email address or the phone number that you were contacted on (you can do this by hovering over it in your email inbox). Compare the email address to one you may have been contacted on before. For example, if the email address was – that doesn’t look legitimate, because it isn’t!

Those are your three simple suggestions from The Mind Lab to help you feel a little bit safer online! They’re a great place to start, and you can always learn more using online tools.

Speaking of online tools… Keen to check how cyber secure you are right now? Use this tool from Cert NZ.

Spread the knowledge

Interesting in learning more?

Our Digital Skills for the Workplace Micro-credential covers online security in one of the fun, online sessions during the 7 week programme.