This year, Cybersecurity Awareness Month is all about owning, securing, and protecting your personal and business information. Our first post in this series discussed how to “Own IT” and become more aware of online threats. Next, we’ll show you how to “Secure IT” and reduce the risk of data breach, theft, or fraud.
Create complex, memorable passwords
Using a strong password is essential to protecting yourself online. The National Institute of Standards and Technology (NIST) advises that you choose the longest most complex password permissible on a website or application. It’s a tired joke, but don’t use the word PASSWORD as your password (and for that matter, don’t use common words). Instead, make your password more complex—but still memorable for you—by substituting @ for the letter “a,” or an exclamation point in place of the letter “l” or “I.” Avoid using the same login and password for multiple accounts. That way, if one account is compromised, the others may remain secure.
Use multi-factor authentication
The national cybersecurity site, NICCS, recommends the use of multi-factor authentication (MFA) to ensure that the only person who has access to your account is you. MFA requires two of three types of credentials to authenticate your identity. These credentials can be something you know (a password or pin), something you have (a security hardware token, a code delivered by phone or by text), or a unique aspect of who you are (a fingerprint, voice recognition or facial recognition).
When offered the MFA option for email, banking, social media, and any other service, use it!
Be cyber secure at work
Businesses collect, process, and store large amounts of personal and proprietary data. In addition to trade secrets and company credit accounts, it also includes employees’ personally identifiable information (PII) in the form of tax and payroll information. If you’re in charge of employee information at your company, control access to PII to only those employees with a valid need, and be sure all employees are trained to be vigilant for data security threats.
Avoid oversharing company information on social media. Never conduct official business, exchange payment, or share PII on social media platforms.
Thwart phishing attacks
A phishing attack delivers malware or ransomware via email. Criminals attempt to lure users to click on a link or open an attachment that infects their computers, creating vulnerability to attacks. Phishing emails strive to come across as genuine and trustworthy, and often appear to come from a real financial institution, e-commerce site, business partner, or known individual. The email may request personal information such as account numbers, passwords, or Social Security numbers. When users respond with the information or click on a link, attackers use it to access users’ accounts.
For information, see our article “The Growing Threat of Ransomware” in Legal Technology Today and our recent blog post “Phishing Attacks Are Getting Smarter – Here’s How to Avoid Them.”
Keep an eye on your messaging app
Phishing attempts aren’t limited to email. Attacks via messaging apps have more than doubled in the last two years. The term ‘smishing’ has emerged, referring to phishing scams that are sent over SMS text messages.
Be cautious when making online payments
When you shop or register for events online, sites often require you to provide personally identifiable information (PII) such as your name, date of birth, account numbers, passwords, and location information. E-skimming captures credit card data as the end user enters it in real time, by exploiting a commercial e-commerce platform, or embedding malicious scripting to capture personal and financial data. Hackers then sell the data or use it to make fraudulent purchases. Be extra vigilant when sharing personal information online, and be sure you trust the organization you're supporting has strong e-commerce practices in place, such as encrypting data to make it unreadable by hackers.