How to Keep Your Data and Devices Safe

May 2025 | 10-minute read

What's in this article

• Ways you could improve your data security
• How to help reduce the impact of a potential cyber-attack
• What you can do if your personal details have been compromised

Now that personal information is increasingly shared and stored online, protecting your data and devices is crucial. When you share personal details online without safeguards, you’re at risk of becoming a target of cybercrime, identity theft or various other forms of scams or fraud.

We’re working around the clock to keep your data secure, but it’s important that you know what good security habits look like. From the actions you take, the devices you use, to the websites and apps you access, you too can help reduce the impact of a cyber-attack.

Tips on what you can do

1. Use strong, unique passwords

Always use strong, unique passwords - they’re your first line of defence against cybercrime. Common passwords like "123456" or "admin" make it easy for attackers to gain access.

Use a passphrase that’s meaningful to you but hard to guess, and strengthen it by adding numbers or special characters, for example, “Duck$Wat3rmeLon”. Incorporate private, personal elements such as meaningful words, phrases, memories, or inside jokes to make your password easier to remember - but harder for someone else to guess.

Never reuse passwords across accounts. If one is compromised, others could be too. If you choose to use a password manager, we do not recommend storing info such as your banking details in it. Instead, check out our App and our simple sign-in features.

2. Enable multi-factor authentication

Multi-factor authentication (MFA) provides a way of 'double-checking' that you're really the person you’re claiming to be. This is normally a combination of something you know, like user ID and password, something you have such as a code sent via SMS or an authenticator app and something you are, like your biometrics (fingerprint or facial recognition). Most websites and apps offer at least two of these forms.

Enable multi-factor authentication (MFA) wherever it's offered especially for online banking, social media, email, and other apps. If your sign-in credentials are compromised, MFA can help prevent unauthorised access to your account. If a criminal gains access to a site with valid credentials, they might use it to target you or impersonate someone from a reputable business to gain your trust.

3. Always use a secure network when accessing the internet

Public Wi-Fi networks may be convenient, but it doesn't mean they're secure.

When you're accessing your bank accounts or logging into websites that need sensitive information, like user credentials, it's best to use your home, mobile, or other trusted networks instead of untrusted, unsecure Wi-Fi. Public networks such as those in cafes or airports may not be secure, making it easy for cybercriminals to intercept your data. Cybercriminals might even set up fake Wi-Fi networks with similar names to trick you into connecting to them instead of the real public Wi-Fi.

Don't trust a 'http' website with your personal information, instead, look for 'https' and the padlock icon in the address bar as additional ways of checking the security of the website. However, keep in mind that cybercriminals can also create websites that display a padlock symbol, so don't trust these elements in isolation.

4. Log out and close sessions

It’s really easy to close an app or browser and presume you’ve logged out of the site you were on.

Always sign out after you’ve finished using Online Banking services, or any account. Logging out and closing your app or browser session ensures that no one else can access your accounts after you’ve used a device.

Where possible, don’t share devices. But if you do need to, ensure your passwords aren’t being stored on the device. This will help prevent others accidentally accessing apps with your credentials.

5. Complete a credit report through Equifax

Regularly checking your credit report helps you stay on top of your financial health and may show unusual activity that may indicate fraud or ID theft. Platforms like Equifax provides Australian bank users with a free credit report once a year. You can also set up a credit freeze to stop new credit or loans if you spot any discrepancy to prevent any further damage to your account.

Tips on what to avoid

1. Delaying reporting unusual activity

If you notice anything unusual with your bank account, such as transactions you don’t recognise or unfamiliar sign-ins, report it to us immediately. You can even report transactions via your App and Online Banking.

The longer you wait, the more time scammers have to move funds around, making it harder to recover them. Acting quickly can significantly reduce the damage to your account.

2. Signing up to newsletters to get discounts

Offers and discounts from newsletters can be tempting, but they often require you to share personal information like your email, name or birthday.

Think twice before signing up for a newsletter. Leaked information can be sold to criminals to use for targeted attacks against you. It's a good idea to read the terms and conditions to check if your data is shared with third parties. To better manage your exposure, consider creating a separate email address specifically for newsletters, subscriptions, and promotions. If possible, use a different email for sensitive accounts like online banking to reduce the risk if one email address is compromised. It can be helpful to understand what personal information may have already been compromised in a known data breach through external websites such as Have I Been Pwned and DataBreach.com.

3. Oversharing on social media

Sharing personal details or sensitive information on social media can make you a target for cybercriminals, who will often look for clues to try to hack into your accounts. Avoid using information you've shared online as your password, for example pets' names or favourite sports teams.

Stay mindful of what you post online and review your privacy settings regularly. If you allow the app to share your information publicly, you may be at risk of having your profile impersonated.

4. Ignoring account access permissions

Many apps and websites request permission for personal data or device access. Always read through these requests carefully and only grant access if it’s necessary.

If you receive an email, SMS, or any notification indicating that your account may have been accessed or compromised, the best way to check is through genuine access points. For example, if you get a message from MyGov about a refund, avoid clicking any links in the phishing email or SMS. Instead, go directly to your account by opening the official app or typing the website’s domain name into your web browser. Once logged in, check for any notifications. If you don’t find anything, it’s likely that the message is a scam.

Remember, we would never ask you to sign in to your account from a link sent in an email or SMS. If you get a message directing you to enter your account details or other sensitive information on a separate page, this could be a phishing attempt that may compromise your credentials.

5. Sharing your location

Be aware of who you're sharing your location with, especially if it’s in real time. Consider who can see where you are. Are you sharing publicly or with apps that don’t require it?

Limit location sharing to only essential situations, such as navigation or local services. For instance, we use your location to help protect you. If a sign-in attempt or transaction is made from an unexpected location, we may send an alert or prompt you for additional Security Code requests to confirm the activity is genuine.

How to respond to potential data breaches

We’ve compiled a Data Breach Checklist (PDF 123KB) to help guide you if you’ve been advised that your information was affected by a cyber-attack. The checklist provides instructions on how to secure your accounts and the immediate actions you can take.

If you need to alert us of any unusual transactions or activities, you can contact us immediately using the steps listed on our How to report page.

While we investigate your report, you can temporarily lock your card. SafeBlock will also allow you to instantly block your accounts and card. It’s coming soon to the Westpac App and Online Banking.

Remember, everyone plays a part in keeping your data safe, from the companies who store it, to who you share it with. Follow these tips to help lower the impact of a potential cyber-attack.