Considering the recent cyber-attack on the HSE it is important to note that cybercrime is a risk for all of us to be aware of, both in our roles in the GAA and in our personal lives. Here are some simple pointers to help keep you, and your club, safe on-line.
Password Best Practices
· Use passwords or phrases that are easy to remember but hard to guess.
· The best defense is to make it as long as possible, at least 12 characters.
· Use a mix of lower- and upper-case letters, numbers and symbols.
· If possible, use a leading password manager to generate long random passwords.
· Never share passwords with others.
· Never write down your passwords
· Use different passwords for each of your accounts. If one system is hacked they won’t be able to access other systems.
· Don’t base it on personal information or easily guessable information about you i.e. your club or county.
· Don’t reuse old passwords or just change the number.
· Be careful when entering passwords in public spaces
· Use 2 factor authentication where possible.
Passphrases are ‘stronger’ than passwords as they can be longer but easy to remember. Here are two methods to use to create a passphrase:
You can take the first two letters of every word in a song lyric (avoid popular lyrics):
“The winter it has passed and the summer’s come at last” becomes:
(4 billion years to hack!)
Alternatively take four or more random words (avoid very common short words). A bit of Gaeilge can help here too!
(76 billion years to hack)
How to Spot Suspicious Emails
|[External] in email subject
If you have a GAA email address, all emails from outside of the GAA have [External] added to the email subject. Be extra vigilant of any emails with this in the subject.
Email domain does not match the display name.
Hover over the email address to see their email address.
Never open unexpected attachments. Especially if they are HTML or EXE files.
Unfamiliar greetings or signatures
If it is from someone you know but they use “Dear sir or madam” or they use your email address display name “Dear Secretary St Patricks Kerry”. The signature may be incorrect also such as using the wrong name “Regards, Pete” or using “Gaa” instead of “GAA”
|Urgent call to action or threats
Be suspicious of emails that claim you must click, call, or open an attachment immediately. GAA IT or Microsoft will never send you a notification with a link to reset your password via email.
Spelling and bad grammar
This might be the result of a bad translation from a foreign language or deliberate misspelling to avoid spam filters.
Don’t trust the address in the link text. Watch out for typos in the address too (E.g., www.faceb00k.com). Hover your mouse over the link to see the real address. On a mobile long press on the link to see the real address.
Unexpected password prompts
If you have just opened an attachment or clicked on a link and you are prompted for your username and password DO NOT ENTER IT.
If you make payments on behalf of your club it is critical that you check that everything is correct before you transfer any money to anyone
- Validate one-off or unusual on-line payments by phoning the company in question first (Use details that you previously had, not those in the email).
- Never make a transfer to a different Bank Account than normal without checking.
- Verify that emails requesting payments actually came from the real person (email addresses can easily be copied).
- Be especially careful if being asked to do anything ‘urgently’.
If you Suspect you Have Been Compromised
If you suspect that your password has been compromised or opened a suspicious link/attachment please follow these steps:
- Reset your password in line with the guidance above. If you use the same or a similar username and password combination on other systems reset it there too.
- Ensure your device operating system (e.g., Windows) is fully updated.
- Ensure your antivirus is fully updated and run a virus scan.
- Be vigilant for any related attacks. Inform colleagues to be vigilant too.
- If you have a GAA account, contact email@example.com.