Cumann Lúthchleas Gael Thiobraid Árann

Staying Safe On-Line

June 4th, 2021 | By Jonathan Cullen

 

 

 

 

 

 

 

 

Considering the recent cyber-attack on the HSE it is important to note that cybercrime is a risk for all of us to be aware of, both in our roles in the GAA and in our personal lives.  Here are some simple pointers to help keep you, and your club, safe on-line.

Password Best Practices

·        Use passwords or phrases that are easy to remember but hard to guess.

·        The best defense is to make it as long as possible, at least 12 characters.

·        Use a mix of lower- and upper-case letters, numbers and symbols.

·        If possible, use a leading password manager to generate long random passwords.

·        Never share passwords with others.

·        Never write down your passwords

·        Use different passwords for each of your accounts. If one system is hacked they won’t be able to access other systems.

·        Don’t base it on personal information or easily guessable information about you i.e. your club or county.

·        Don’t reuse old passwords or just change the number.

·        Be careful when entering passwords in public spaces

·        Use 2 factor authentication where possible.

Passphrases

Passphrases are ‘stronger’ than passwords as they can be longer but easy to remember. Here are two methods to use to create a passphrase:

 

You can take the first two letters of every word in a song lyric (avoid popular lyrics):

 

“The winter it has passed and the summer’s come at last” becomes:

 

thwiithapaanthsucoatla

(4 billion years to hack!)

 

Alternatively take four or more random words (avoid very common short words). A bit of Gaeilge can help here too!

 

FencesSliotarBinsBattery

(76 billion years to hack)

 

Password Examples

Password Time to hack
Password1 0 seconds
Gaelic123 4 seconds
Jack0519 53 seconds
Mayo4Sam! 18 minutes
K1ldar3! 5 hours
D0wnW1thTh4t50rt0fTh!n9! 1,000 years
%F4th3r_T3dCr1lly 1,300 years
SteakComplexVarnishSlate 3,000 years
riverB4rr0wleinster 5,400 years
FoireannRobotTinsPhone 2 billion years

 

How to Spot Suspicious Emails

[External] in email subject

If you have a GAA email address, all emails from outside of the GAA have [External] added to the email subject. Be extra vigilant of any emails with this in the subject.

Email domain does not match the display name.

Hover over the email address to see their email address.

Unexpected attachment

Never open unexpected attachments. Especially if they are HTML or EXE files.

Unfamiliar greetings or signatures

If it is from someone you know but they use “Dear sir or madam” or they use your email address display name “Dear Secretary St Patricks Kerry”. The signature may be incorrect also such as using the wrong name “Regards, Pete” or using “Gaa” instead of “GAA”

 

Urgent call to action or threats

Be suspicious of emails that claim you must click, call, or open an attachment immediately. GAA IT or Microsoft will never send you a notification with a link to reset your password via email.

Spelling and bad grammar

This might be the result of a bad translation from a foreign language or deliberate misspelling to avoid spam filters.

Suspicious links

Don’t trust the address in the link text. Watch out for typos in the address too (E.g., www.faceb00k.com). Hover your mouse over the link to see the real address. On a mobile long press on the link to see the real address.

Unexpected password prompts

If you have just opened an attachment or clicked on a link and you are prompted for your username and password DO NOT ENTER IT.

 

Payment Requests

If you make payments on behalf of your club it is critical that you check that everything is correct before you transfer any money to anyone

  • Validate one-off or unusual on-line payments by phoning the company in question first (Use details that you previously had, not those in the email).
  • Never make a transfer to a different Bank Account than normal without checking.
  • Verify that emails requesting payments actually came from the real person (email addresses can easily be copied).
  • Be especially careful if being asked to do anything ‘urgently’.

If you Suspect you Have Been Compromised

If you suspect that your password has been compromised or opened a suspicious link/attachment please follow these steps:

  • Reset your password in line with the guidance above. If you use the same or a similar username and password combination on other systems reset it there too.
  • Ensure your device operating system (e.g., Windows) is fully updated.
  • Ensure your antivirus is fully updated and run a virus scan.
  • Be vigilant for any related attacks. Inform colleagues to be vigilant too.
  • If you have a GAA account, contact support@gaa.ie.

Our Sponsors