The recent online hacking by Islamic State (IS) should serve as a lesson in password and username safety for individuals and employers, a Charles Sturt University (CSU) cyber security expert says.

News of the hacking broke via Twitter on Wednesday 12 August. IS hacked the personal information of Australian Defence Force employees and their relatives, a Victorian MP and several public servants, and urged home-grown terrorists to attack them.

Associate Professor Tanveer Zia from CSU's School of Computing and Mathematics believes the hacking emphasises online personal safety.

"If we examine the list released by Islamic State closely, none of the work email accounts of these victims were hacked; most of the passwords listed were of personal email accounts," Associate Professor Zia said.

"This ultimately put emphasises on the need for stronger passwords and being cautious how and where we access our online information.

"We as individuals have the primary responsibility of hardening access to our personal, financial and confidential data."

Associate Professor Zia also believes that government organisations that work with sensitive information or place employees at cyber risk also have a responsibility to ensure their employees are safe online.

"Cyber war is getting more organised every day and I believe the worst is yet to come but cyber war targets would be government agencies rather than individual members of public,"

"However, if individuals are associated with sensitive government organisations such as defence or law enforcement agencies, they have greater responsibilities of ensuring their access to online services is secure and more protected. This indirectly puts more responsibility on their employers to educate them about cyber threats and facilitating countermeasures."

Associate Professor Zia believe this hacking should motivate people to review their own cyber security, even on their smart phones.

"People should take this as an opportunity to review their passwords, ensuring they are complex and do not include common patterns like birthdays or anniversaries," Associate Professor Zia said.

"Given that people use their smart phones more frequently these days for online access, you should take mobile internet security seriously. Some steps to protect your data accessed through mobile phones include adding a PIN, passcode or pattern lock, logging out of applications when you are finished.

"You should also only download apps from reliable sources, keep the operating system current with recent updates, avoid using same passwords for websites and apps, and always apply maximum privacy settings when accessing online social networks."