PwC Herald Talks: Security expert's tricks for better cyber safety

One of the biggest cyber-security problems is people using the same password for different services - so as soon as one gets hacked, everything in their online life, from their bank account to their private social media messages, is vulnerable.

But the problem, of course, is that anyone bar Rain Man finds it impossible to remember dozens of different logons.

And to make things worse, experts say the longer the password, the harder it will be crack.

Colin James, Head of Cyber Security at Vodafone Group for the Africa, Middle East and Asia Pacific, says a password manager or "vault" can help - that's a bit of software that remembers and autofills all your logons. All you have to remember is one master password.

But while a password manager can work seamlessly on a PC, they can come unstuck in today's gadget-heavy world where we're often logging on a service via a phone, tablet or even watch.

Luckily, James has a couple of tricks. One will make your passwords safer, the other will make you a lot more secure.

One is to stop thinking "passwords" and start thinking "passphrases," the Vodafone expert says.

He suggests using a line from your favourite song as your passphrase. It'll be easy for you to remember, but impossible for hacker bots to guess.

His other trick: use "two-factor authentication" or "2FA" in IT-speak. That means you don't just type in a password. You also have to enter a second "factor" - mostly commonly a numerical code texted to your cellphone.

2FA can be a hassle, but many services have an option to only enable for devices outside your home or office.

James says if your device supports fingerprint or facial scan logon, that can be considered a second factor, too - because it requires you to be physically present.

In terms of dealing with broader cyber security threats, James says you need to practice "good hygiene."

Hackers probe your network for vulnerabilities, and most vulnerabilities are present because of out-of-date software. Make sure all of your software - not just your security software - is always set to auto-update.

And in an era of BYOD (bring your own device), James says you have to assume that phones or tablets or other gadgets are going to get lost at some point.

The key is to have a data-loss prevention policy, he says. Think beyond your network or individual devices and focus on protecting your data, wherever it sits. That could mean encrypting your files, so if they're hacked or left on a phone on a bar stool, they can't be read by people outside your organisation.

Colin James will headline PwC Herald Talks – Cyber Security in Auckland on April 11.