As Cybersecurity Awareness Month wraps up, we know that promoting a secure digital world never ends. We also know that cybersecurity is not just about buying the right software or firewall protection. Having a well-trained and diligent organization is just as critical, and just as much work!
To help your users stay safe all year long, we wanted to share a list of best practices. Send this to your faculty, staff, students, and their families! Because as you know – your cybersecurity posture is only as strong as the users in your organization.
Strong Passwords
Creating, storing and remembering passwords can be a huge pain in the you-know-what. The second you have one memorized – poof! EXPIRED!
The reality is that passwords are your first line of defense against cybercriminals and data breaches. Annoying as they may be, it’s time to take them more seriously.
Some tips to keep in mind:
1. Make your password LONG. We’re talking at least 12 characters long!
2. Be unique. Don’t be that person that has the same password for every single platform. If your passwords are all the same, you just made it easier for the hacker who got into your Facebook account to now get into your Google Drive, your bank account, your school laptop, your…
3. Never reuse passwords! And that includes changing the 1 at the end of your password to a 2, then to a 3… You think hackers don’t have that figured out by now?!?
4. Make it complex by using a combination of numbers, letters, upper case, lower case, special characters, you name it. Be more creative than the cybercriminals!
5. Avoid the obvious. Is your adorable cat named Missy your entire world? Great! Is the name Missy in every single password you have? NOT GREAT! In fact, avoid words meaningful to you all together. The more generic, the better.
6. Follow numbers 1-5 above so you don’t have to change it all the time! The NIST now says you don’t have to change your passwords every few months IF your passwords are each long, unique and complex.
7. Don’t write your passwords down on a post-it note, a word doc on your desktop, or anywhere free and easy to access. You’re smart enough to know why this one is listed!
8. Sharing is NOT caring. The one time you shouldn’t share!! No matter how much easier it would be to give that password to your colleague.
9. Utilize a free password manager to help you create AND remember them all. With the number of passwords needed in today’s online world, there’s no way to remember every single one without help. By using the latest tools, you’ll only have to remember the one magic password that unlocks your password vault!
Two-Factor (2FA) and Multi Factor Authentication (MFA)
Sometimes the strongest of passwords just isn’t enough. Enabling 2FA or MFA makes you significantly less likely to get hacked with email and online accounts.
Two-Factor Authentication (2FA) is an additional layer of security that requires you to either input a code or a physical key after logging in with a password. It requires that you know both the password for the account AND add a second factor like a one-time password or SMS code.
Multi-Factor Authentication (MFA) requires at least 2 steps to identify a user and can include facial recognition, a secret question, a software token, a fingerprint scan, and more. MFA is especially important for cloud-based systems that can be accessed from anywhere at any time.
As an organization, you can turn on 2FA and MFA for many products and services. If you can’t, encourage your staff and students to do it for themselves to add an extra layer of protection against intruders. The extra step may add a few seconds to their day, but I promise it’s way less inconvenient than being hacked!
Recognize and Report Phishing
Have you ever gotten that random email from your boss’s boss saying they need help with something right away, but the email didn’t come from the email address you know?Or how about the one that looks like it’s from someone you do business with and includes a so-called past due invoice?
Does the email have an unreasonable sense of urgency and lots of spelling or grammatical errors?
Phishing is when hackers use fake emails to try to lure you into clicking on something, downloading a malicious attachment, or provide your personal information. These emails are getting more sophisticated, and the signs can be subtle, but once you recognize a phishing attempt you can avoid taking the bait!
Be cautious! Don’t open the email, open any attachments, or click on any links in the email. Report the email to your IT department, report the phish via your email provider if able, and hit DELETE.
One bad email can compromise an entire institution!
I hope these tips and tricks help. Stay safe out there everyone!
Nicole Prevenas
Sales & Marketing Coordinator
Comentários