Online Services > Security centre

Tips to keep your data and devices safe

As our lives become increasingly digital, safeguarding your personal information has never been more important. Cybercrime, identity theft, and various forms of scams and fraud have become an increasing widespread threat, but with the proper security habits, you can play a role in safeguarding your data and devices.

We're committed to keeping your information safe, but by knowing the right things to do and mistakes to avoid, you too can help minimise the impacts of a cyber-attack. Here are some simple steps designed to protect your accounts and devices.

Best practices to follow

1. Choose strong, unique passwords

A good place to start is with a strong and unique password - it's your first line of defence against cybercrime. Simple passwords such as "123456" or "admin" make it very easy for hackers to access your accounts. Instead, try mixing a combination of words, numbers and special characters like “Lych33!Duck$”.

Another option is to go for a passphrase - a longer string of words that means something to you but is hard for others to guess. Think of a favourite memory, an inside joke, or a phrase only you would understand. It makes your password both memorable and secure.

Whatever approach you take, never reuse passwords across different accounts. If one gets compromised, the others (and the accounts they are used for) could be exposed too. If you use a password manager, avoid saving sensitive banking details in it. By using our app, you can logon with simple sign-in features such as facial recognition or fingerprints.

2. Enable Multi-Factor Authentication (MFA)

Multi-factor authentication (MFA) adds an additional step to the verification process before you can access your accounts. It works by verifying a combination of different authentication methods, such as:

• Something you know (your password)
• Something you have (a one-time code via SMS or an authenticator app)
• Something you are (fingerprint or facial recognition).

Most websites and apps will offer at least two of these, and we recommend enabling MFA especially for your banking, social media and email, if available. This way, even if someone gets hold of your password, MFA makes it harder for them to break into your account as they will still require that secondary step.

3. Use a secure network when going online

Connecting to free public Wi-Fi - like in cafés, airports or shopping centres - might seem convenient, but it can come with serious risks. These networks often lack proper security, making it easier for cybercriminals to intercept your data. Hackers can even set up fake Wi-Fi networks that have identical names to trick you into connecting to them instead of the network you were trying to connect to.

Always use trusted networks like your home Wi-Fi or mobile data when logging into your bank account or a site that holds sensitive information such as usernames or personal details. An additional way to check if a site is secure is to ensure that the website address starts with 'https' instead of 'http', and look for the padlock icon in the address bar. However, don't trust these elements on their own as your data could still be at risk if the site is malicious. 

4. Log out after banking sessions

It’s so easy to forget that when you close an app or browser, it doesn't mean that you're logged out of the site you were on. It's always a good habit to click on the "sign out" or "log out" button after you've finished with your Internet Banking activities, or on any account. This ensures that no one else can access your accounts after you’ve used a device.

If possible, avoid sharing devices. But if you need to, make sure your passwords aren't saved on the device. This will help prevent other people mistakenly accessing apps or websites with your credentials.

5. Monitor your credit report

Keeping an eye on your credit report is a useful way to stay on top of your financial health. It can help you spot any unusual activity that might lead to fraud or identity theft.

Platforms such as Equifax offer Australian bank users a free credit report once a year. If you notice any irregularities, you can also set up a credit freeze to prevent new credit or loans from being opened in your name, helping to protect your account from further issues.

Common mistakes to avoid

1. Waiting to report unusual banking activity

If you spot anything unusual in your bank account, such as transactions you don’t recognise or unfamiliar log-ons, report it to us straight away. Taking immediate action can help us in our investigation while also minimising any further harm to your account. Delaying any reporting may give scammers more time to move funds around, and this will make the recovery process more difficult.

2. Signing up to newsletters for discounts

Getting deals and discounts from newsletters can be tempting, but they often ask for personal info like your full name, date of birth and email address. While giving these out may seem harmless at first, if these details are leaked, they can be sold to cybercriminals and used for targeted attacks against you.

Always check the terms and conditions to see if your data is shared with third parties. To limit exposure of your details, use a different email address just for newsletters, subscriptions and promotions, and a separate one specifically for sensitive accounts like online banking. This way, if your email account for newsletters is compromised, the email for your banking will not be affected.

You can also check external websites such as Have I Been Pwned and DataBreach.com to see what personal details may have already been compromised in past data breaches.

3. Oversharing personal information online

Cybercriminals will often hunt around on social media for your personal details in an attempt to guess passwords to hack into your accounts. Be mindful of what you post online. If you frequently share info such as your pets' names or favourite sporting teams online, avoid using them as you password as these can become clues for attackers.

Remember also to regularly review the privacy settings of your social media accounts. If you allow your profiles to be viewed publicly, it could make you more vulnerable to impersonation and other security threats.

4. Ignoring access permissions

Always be cautious when apps or websites request access to your personal data or device features. Read these requests carefully and only allow them if the access is necessary.

If you ever receive an email, SMS, or notification claiming your account has been accessed or compromised, do not click on any links. Instead, go directly to the official website by typing the URL into your browser, or use the official app. Once logged in, check for any alerts or messages. If there’s nothing unusual, the message is likely a scam.

It’s important to remember that we'll never ask you to logon via a link sent through email or SMS. Messages that direct you to enter your account details or sensitive information on a separate page are often phishing attempts designed to steal your credentials.

5. Revealing your location

Think carefully before allowing your location to be shared, especially in real time. You should always take into consideration who can view your location, and whether it's being shared publicly or with apps that don't need it.

Limit location sharing to only essential situations, such as navigation or local services. For instance, we use your location to help protect you. If a logon attempt or transaction is made from an unexpected location, we may send an alert or prompt you for additional Secure Code requests to confirm the activity is genuine.

How to respond to potential data breaches

If you believe your data may have been compromised in a cyber-attack, our Data Breach Checklist (PDF 499KB) can help guide you through the next steps. It outlines how you can secure your accounts and what immediate actions you can take.

To report any unusual transactions or activity, contact us right away by following the steps on our How to report page. And while we investigate your report, you can temporarily lock your card for peace of mind.

Remember, everyone has a role to play in protecting your data, from the way companies handle your information to the proactive actions that you can take. By following these tips, you can help reduce the impact of a potential cyber-attack.