This years National Cybersecurity Awareness Month is focused on encouraging personal accountability and proactive behavior in security best practices and digital privacy. The 2019 theme is "Own IT. Secure IT. Protect IT." and this week we are focusing on best practices to secure your business data and personal information with these 5 cybersecurity tips.
Create a Strong Unique Passphrase
Your login information is the first line of defense against hackers and cyber criminals, which is why having a secure passphrase is so important. Now, why are we talking about passphrases over passwords? Short answer, passphrases are longer, contain spaces, and are extremely difficult to crack because of the length and composition. It's recommended that your passphrase be longer than 14 characters to ensure the highest security. So think of a longer quote, or sentence, that you'll remember and go with that! It will definitely be more secure than your first pet's name or the dreaded "P@ssw0rd1!".
Other tips to help secure your login include:
- Using a password manager to keep track of all your passphrases and encourage the use of unique logins for every account.
- Not reusing passwords. Even if it's a password you haven't used in the last three years, don't try to bring it back. There's always a chance it was breached, published online, and could give hackers and easy way in.
- Avoid using obvious personal information. If you tend to post about your kids, pets, birthdays, anniversaries, or school/team allegiances online, don't include those things in your passwords.
- Make your passphrase long. The longer it is, the harder it is to crack.
If you're curious about other password best practices check out the NIST 800-63 guidelines. And if you're worried about using compromised passwords, check out Google's Password Extension to see if that could be of help in determining which passwords you may need to change.
Use Multi-Factor Authentication Everywhere
We recently posted a 2-part series detailing exactly what multi-factor authentication is and what it protects you from, but essentially MFA is an approach to securing accounts by requiring multiple forms of identification from a user to verify their login credentials.
Multi-factor authentication combines any two of three possible forms of identification:
- Something the user knows
- Usernames and Passwords
- Something the user has
- One time passwords & authentication applications - these are typically software based and require the user to have access to their phone or email. OTPs are automatically generated and most are a short, unique numerical code that expires after a set period of time.
- Something the user is
- Biometric authentication - this relies on the biological characteristics of the user as a secondary factor to log them into their account.
Multi-factor authentication is already being used in so many different industries and businesses. To see which services you use that have MFA available check out twofactorauth.org. If you're interested to see what security risks MFA is protecting you from check out Part 2 in our MFA series, and head to Part 1 for more overall information on multi-factor authentication.
Protect your Information Online
Let's face it, the majority of us do a lot of our shopping online. Many of us also give out out personal information while making work purchases, signing up for events like webinars or conferences, and when downloading necessary content. So what can you do to protect your information online?
- Research, research, research. If you're doing business with a new vendor or website make sure that they are reputable, and look at their reviews to see what experiences others have had.
- Only give out necessary information. Only fill out the required fields, and be aware of what information they are trying to collect. Don't be afraid to question why they need something.
- Limit public wifi use. Be aware of what accounts you're logging into over a public wifi connection, especially for things like email and banking.
- Be extra cautious. Always be alert when it comes to emails, texts, or posts. If it seems suspicious, trash it. If it is really important and legitimate the sender will find another way to contact you.
Understand and Avoid Phishing Attacks
Phishing is a cyber crime in which a target is contacted via phone, email, or text by someone posing as a legitimate contact, company, or vendor to lure individuals into providing sensitive data. Along with phishing you may also hear about spear phishing, whaling, or smishing, which are all common phishing attack forms.
The FBI recently released an article detailing how to build a digital defense against phishing and spear phishing attacks. This article gives some helpful tips on what the warning signs are, like:
- Making the message look as legitimate as possible. It's easy to spoof a logo, and scammers will often make their messages look like they are from a trusted source.
- Asking you to click a link or download an attachment.
- Asking for you to login to an account or provide your passwords, bank account numbers, or other personal information.
- Attempting to make you act quickly and will use threatening language to pressure you.
And what do you do if you're unsure whether it's a phishing attempt or not?
- Contact the sender
- If the message looks like it's coming from someone you know or have done business with, it doesn't hurt to give them a quick call to verify the request
- Go to the website directly to take the action required
- For example, if you receive a message that looks like it's from your bank asking you to reset your password, don't click the link provided in the email, head directly to the bank website to change your password.
Plan for the Worst
Our final tip? Plan, plan, plan.
Always make sure you're backing up your data, that you have a full understanding of the risks your business faces, what impact those risks may have, and how you can get your business back up and running should you face disaster.
While cybersecurity often seems like a daunting task for small businesses, it's vital to the longevity of the business, and the security of your personal information as well. Share these tups with your coworkers, family, and friends to make sure everyone is doing all they can to keep their personal and company information safe from cyber criminals.
Keep following along with us the rest of National Cybersecurity Awareness Month for more cybersecurity tips and best practices for your home life, and your work life.