The Webteam is approached from time to time for advice on issues of securing your identity, privacy, security, safety, phishing, and spam.
Please use the following advice to improve your privacy and security practices when using email, your phone, or your computer.
Secure your device
- never share your account or login with anyone, ever
- if you are sharing a computer, create a separate standard account for every user, and a separate admin account (see more information)
- always lock your device when you are away from it
- on a mobile device ensure you have a pin, swipe, or biometric password turned on
- use automatic lock, e.g. lock the screen after a timeout
- never, ever, give user accounts administrator privileges
- create a separate admin account with administrator privileges. Use the admin account credentials when escalated privileges are required from a standard user account, e.g. to install software
- install and configure remote locking and tracing software on mobile devices
- mobile device security check
Secure your email
Your main email account is the key to your digital identity, and probably many of your assets.
- never share your passphrase (aka password), ever. This means don't tell anyone, don't email it (but you can write it down in a secure place, or use a password manager)
- always use two step authentication, e.g.
- Google 2-step verification
- Microsoft two-step verification
- Yahoo two step verification
- Apple two-step verification
- Facebook login approvals
- X login verification
- choose a strong passphrase
- use a unique passphrase for your email account, and for each other "high value" account, e.g. your bank account
- if using passphrase recovery questions do not use ones that can be discovered (e.g. mothers maiden name, first school, etc)[1][2]
- it is recommended that you do not use a work email for personal or club correspondence
Maintain your device
- use the current version of your operationg system, and keep the operating system up to date
- keep all software up to date, where possible enable automatic updates or checking for updates
- use anti-virus software, e.g. the following are free for personal use
- Windows security, recommended
- Avast
- AVG
- Avira
- always ensure the firewall is on
Phishing
There have been Phishing emails sent to club members purporting to be from the President and possibly other club officers. These emails can seem quite plausible, and may require some effort to distinguish them from genuine emails. These suggestions may help:
- Emails from the tramping club have email addresses that are in the form "givenname.familyname@ttc.org.nz" or "ttc.position.name@ttc.org.nz"
- If you have any doubt of the veracity of an email please ring the claimed sender.
- No club member or club officer will ever ask you to purchase gift cards, ITunes cards, Google Play cards, send money, etc
- Being asked to send the hidden authorisation number on a stored value card, by scraping the coating off, is a clear sign of phishing.
- Read the emails very carefully, small lapses in grammar, wording, or spelling may be a give away
- Should you be subject to Phishing please report it to Netsafe).
See more
- Own your Online (NZ Govt)
- CERT NZ guide to cyber security (NZ Govt)
- Keep it real online (NZ Govt)
- Cert NZ's Own your online (NZ Govt)
- Use the Firefox browser for additional privacy, and the Firefox Facebook container is recommended
And more
- Report online incidents (Netsafe)
- Report email and phone spam (NZ Govt)
- Data detox: Five ways to reset your relationship with your phone (Mozilla)
- Microsoft family safety
- Apple family safety
- Google family safety
- choosing secure passwords (Bruce Schneier)
- creating a strong password (Google)
- create strong passwords (Microsoft)