About the Act Now, Stay Secure National Campaign
At VisAbility, we support the Act Now, Stay Secure campaign and its goal of empowering people to navigate the digital world with confidence. By taking simple, practical steps, everyone can reduce their risk online and protect what matters most.
This page brings together key cyber security information and resources from the Act Now, Stay Secure initiative, along with guidance tailored for people who are blind or have low vision. Vision-specific strategies and tips are provided below to support safe and accessible online experiences.
Cyber security tips for clients
The following cyber security tips are extracted from VisAbility’s “Act Now Stay Secure” client workshop. Some additional tips have been added from workshop attendee’s feedback.
Each tip is aligned against the core cyber safe actions outlines in the Act Now Stay Secure campaign.
Multifactor authentication (MFA)
- Multifactor authentication is another layer of security for all your online accounts: if provided as an option use it!
- MFA should always be used with a unique passphrase: see further tips on this below.
- Most MFA code generators only give you 30 seconds to copy the code to the web page or app you are trying to authenticate. Consider the following:
- If generating an MFA code on the same device consider setting up the option of “Screen Capture”. Using this feature allows you to enter the MFA code automatically instead of having to copy and paste it from one app to another.
- If generating an MFA code on a different device consider setting up a feature like Microsoft Windows Phone Link. This allows you to have alerts in your authenticator app appear on your PC directly making it quicker and easier to copy the code to where it is required within the right timeframe.
Passphrases
- Use a method that is quick and effective for you to use e.g. biometrics like fingerprint recognition, facial recognition etc.
- Use a unique passphrase rather than a password. Strong passphrases should include:
- Four or more random words (spaces are generally OK as well)
- More than 15 characters in total.
- Include symbols, Capital Letters and numbers.
- Contain no personal identifiable information. your name, suburb, street etc.
- Be unique for every account you have.
- Change your passphrases every 3~4 months.
- Consider using a reputable password manager that is accessible to you.
- Be aware of everywhere you need to use a password and apply the same principle. For example each of the following devices comes with a default password that should be changed to make you more secure:
- Home Wi-Fi access and the actual router.
- Smart devices.
- Security cameras.
- Personal hotspot on your mobile devices.
- Bluetooth connections.
Check out resources like the Password Strength Meter to see how easy a passphrase can be guessed or “cracked”.
Updating software
- Update your software including apps regularly and when prompted. This includes the operating system on your device.
- Set up automatic security updates on your devices and schedule them to occur when the device is less likely to be used e.g. overnight.
- Consider getting a “Service Maintenance Agreement” (SMA) with any software you purchase to ensure it is kept up to date.
- Use a dedicated app store that can verify an app and provide you more protection if installing and using it.
Privacy & location settings
- Consider what personal identifiable information you post online in forums and social media platforms. This information can often be used in crimes involving identity fraud.
- Set your social media profiles to only be available to trusted friends and family.
- When finding out about a new app review the following information provided by the developer before you consider installing it:
- What data is shared and why.
- What data is collected and why.
- Whether it requires access to your physical location (“geolocation”) and camera. If it does question why.
- If an app is “free” consider this: if you didn’t pay for the app what are you selling to use the app? Often the answer to this is your data.
Wi-Fi (data access)
- Consider what data your devices need to access and Does it need to be on constantly or only when required? There are different way of access data:
- WiFi
- Hotspotting
- Bluetooth
- Near Field Communication (NFC)
- Review options to disconnect from your data access points when not in use. For example Bluetooth can be turned off automatically if none of your paired devices are in range.
- Use a unique name for each of your data access points that cannot be easily guessed i.e. don’t include your name or the model of the device in its name.
- If you have concerns about the amount of data you need to access to use your assistive technology consider options that process data on the device itself rather than in the Cloud.
Sharing devices
- Households often share devices amongst family members. Discuss with everyone the importance of secure online and have this discussion regularly.
- Regularly review all the devices you have that can access the web including:
- Laptops / PCs
- Gaming consoles.
- Security cameras.
- Internet of Things (IoT) devices.
Identifying scams
- Scams can come in different forms: be aware of these by reviewing sites like Scamwatch and the Little Book of Scams to learn about the different types. Scams generally presented themselves in several ways:
- There is a degree of pressure involved that is time limited.
- The offer is perhaps too good to be true.
- There is some financial
- There are links to follow or attachments to open.
- There is a call for help.
- Keep yourself safe by following these basic steps:
- Stop: don’t act quickly, take the time to review what you’ve been sent.
- Check: use an alternate means to check whether a person or organisation contacting you if legitimate.
- Protect: act quickly if something feels wrong. If you’re in personal danger call 000. If you’ve had money stolen contact your bank immediately.
- The most common scams received via email and SMS have a visual element that can alert you something is not right:
- Spelling / grammatical errors.
- Suspect sender email addresses e.g. info@rnycomany.com (the “r” and “n” together visually appear to be a “m”) and not info@mycompany.com.
- Links to a website.
- Attachments of any type.
- Use your in-built magnifier and/or screen reader to check any suspect message and check for issues like spelling / grammar and links to websites with unusual domains.
- Set up any in-built software options on your devices to flag potential scam SMS, emails or fraudulent websites.
- Consider purchasing third-party security software that can automatically check for any issues on your devices and provide you advice on any issues found.
What are you risking online?
Reporting
- If you think you’ve come across a cyber security issue or scam report it via ReportCyber. Consider the following:
- Is there an immediate threat to life or risk of harm call 000.
- If any financial details have been shared contact your bank immediately.
- Federal Police do not automatically investigate every incident reported however they prioritise reports of child exploitation.
- If you think that you have been a victim of a cyber crime access the interactive tool on the ReportCyber website: So you think you’ve been hacked.
How to report cybercrime?