Last week, we discussed how employees and organizations can “OWN IT.” Continuing our National Cybersecurity Awareness Month series, Be Cyber Smart – Part Two focuses on the theme “Secure IT.” These cybersecurity tips stress individual accountability to help secure and safeguard your information.

OWN IT. SECURE IT. PROTECT IT.

#BeCyberSmart

Secure IT … Cybersecurity Tips to Put You on the Offensive Against Attacks.

Cybercriminals are very good at getting personal information from unsuspecting victims, and the methods are getting more sophisticated as technology evolves. Studies show that “people” are among the weakest link in the fight against cybercrime. Here are some cybersecurity tips to strengthen your individual role in ensuring tight controls are in place to prevent unauthorized access and minimize cyber risks.

Create a Strong Password

Creating a strong cybersecurity password is an essential step to protecting yourself online. Using long and complex passwords is one of the easiest ways to Be Cyber Smart and defend yourself from cybercrime.

• Don’t make passwords easy to guess. Do not include personal information in your password such as your name or company’s name. This information is often easy to find on social media, making it easier for cybercriminals to hack accounts.
• Avoid using common words in your password. Substitute letters with numbers and punctuate marks or symbols (example: replace the letter “A” with @). Use phonetic replacements, such as “PH” instead of “F.” Or make deliberate misspellings, such as “enjin” instead of “engine.”
• Unique account, unique password. It’s important to mix things up. Customize your standard password for different sites. An assortment of passwords makes your credentials more cybersecure and harder for cybercriminals to gain access to your accounts.

Apply Multi-factor Authentication

Have you noticed how often security breaches, stolen data and identity theft are consistently front-page news these days? Perhaps you, or someone you know, are a victim of cybercriminals who stole personal information, banking credentials, or more. By applying multi-factor authentication to your accounts (such as email, employee and customer data or financial credentials), you can better minimize chances of online fraud and identity theft. A good cybersecurity rule of thumb is your multi-factor authentication should include at least two of these credential elements.

• Something you know – Password and PIN number are basic two-step verification factors in confirming identity. Strong passwords should be used (see above) and your PIN should never be shared with anyone.
• Something you have – Besides your password and PIN, it’s best to have a second factor – a unique one-time code. This could be a security token or app, verification text or email, or using a smart card. An example may be a six-digit number generated by an app to your mobile phone that you can add to your log-in procedure.
• Something you are – For access to your most sensitive information, organizations are adding a third element – fingerprint, facial recognition or voice authentication. This third layer of defense makes it more difficult for unauthorized people to log-in or access information.

Know a Phish When You See It

Phishing attacks use email or malicious websites to infect your machine with malware and viruses in order to encrypt or collect business information. Cybercriminals attempt to lure users to click on a link or open an attachment that infects their computers, creating vulnerability to data breach and ransomware attacks. Be Cyber Smart by being alert to suspicious requests or urgency in acting quickly to share information.

• Be wary of hyperlinks. Avoid clicking on hyperlinks in emails and hover over links to verify authenticity. Also ensure that URLs begin with “https.” The “s” indicates encryption is enabled to protect users’ information.
• Think before you act. Be wary of communications that implore you to act immediately. Many phishing emails attempt to create a sense of urgency, causing the recipient to fear their account or information is in jeopardy. If you receive a suspicious email that appears to be from someone you know, reach out to that person directly on a separate secure platform. If the email comes from an organization but still looks “phishy,” reach out to them via customer service to verify the communication.
• Protect your work and personal information. If people contacting you have key details from your work life – your job title, multiple email addresses, customer names and more that you may have published online somewhere – they can attempt a direct spear-phishing or SIM interception attack on you. Cybercriminals can also use social engineering with these company details to try to manipulate you into skipping normal security protocols, like directing your finance department to make unauthorized wire transfers. Be Cyber Smart by proactively avoiding posting sensitive information online or over-sharing information on social media.

Every click, share, send and post employees make creates a digital trail that can be exploited by cybercriminals. To protect yourself from becoming a cybercrime victim, be proactive and use these tips to safeguard access and company data from intrusion.

Next week, we’ll look at tips to “Protect IT” in our series during National Cybersecurity Awareness Month.

Looking to battle-harden your security to boost detection and response? Get our free Managed Security and Data Backup and Recovery booklet.