Each year the government recognizes October as the month for which we need to renew our efforts at understanding what our online footprint is, and how to keep it safe. The theme for 2019 is Own It–Secure It–Protect It.
Today, we take an inside look at the part 2 of this theme – Secure It.
Secure It is an online way of life. How we engage ourselves online, and the processes we implement to keep ourselves safe makes for a better online experience. A user who works secured is less likely to become victim to digital crimes. The 5 main areas of Secure It that are featured this year repeat in many cases what we learned in the Own It blog. Remember, education is not effective unless it leads to behavior change and repeating the same sets of processes whenever we move in our digital footprint gives us better protection.
Let’s dive into the topics of Secure It!
Creating a Password
Passwords are compromised by algorithms, phishing attacks, and malware. This translates to hacking, voluntary giving, and theft. Creating strong password is not an easy task, especially when you have multiple passwords across multiple sites. Here are the tips and tricks to know and use:
- Go long! We suggest using the longest password possible or permissible. Sentences or compound phrases are very effective password uses.
- Be sneaky. Keep your own information to yourself. Avoid using any personal identifiers in your password. Your personal information can be found on social media and other places and can be used to try to crack your password.
- Set yourself apart. Avoid uses of common words in your phrases and change certain letters into numbers or characters that only you understand.
- Creativity kills the catfish. Use phonetic phrases for letters, such as PH instead of F, or deliberate changes to words, such as “pasghetti” instead of “spaghetti”.
- Down-low is the way to go. Your information is your own. Do not share it with anyone ever unless such action was first initiated by you for a specific purpose. Never do so in response to an email or call you receive. If you do not initiate, then you do not participate.
- Unique boutique. Find a way to standardize but customize your passwords across all sites to make it easier for you to remember a unique password specific to each unique site.
- MFA is always the way. Having multiple layers of identification or protection when working online is the best practice. Use the tips we discuss below in the MFA theme.
- Hire a manager. Using a password manager to store all of your online passwords is effectively a combination toolbox and safe. Consider adding this into your security arsenal.
Multi Factor Authentication (MFA)
You have probably seen it before and have probably been asked to do it. But you may not know what it is called and why it is done. A TWO-STEP verification process to confirm your identity when logging in to a specific site (usually banking or financial) is known as Multi Factor Authentication, or MFA for short. This requirement to enter your password and also to confirm via a code sent by call, text or email to your known contact information is very effective in mitigating potential breaches of your information, accounts, and property. The government goes through a few elements of MFA to help users understand its value:
- What it is. MFA is the security process that requires more than one method of authentication from independent sources to verify the user’s identity (as described in the example above).
- How it works. In order to gain access, your credentials must confirm from at least 2 different categories. It works using the following three credential system:
- Something you know- Password, PassPhrase, Pin #
- Something you have- Security Token or App, Verification Text/Call/Email, Smart Card
- Something you are- Fingerprint, Facial Recognition, Voice Recognition
- When should it be used. It should be used in all sites wherever enhanced security is desirable due to the sensitivity of the information being used. It should especially be considered whenever your financial or healthcare information is being access or used.
Cyber Security in the Workplace
Employees at every level of the ladder are the army in the battle against Cyber criminals. They are also the top cause of events and are responsible for 100% of all successful phishing attacks. Employees should know and adhere to these 5 rules of the road when driving in cyberspace:
- Own your work. When online at work, treat your work product as your own property. Be vigilant in your effort and always suspicious and alert.
- IT is not your problem. Technology today is extensive in its detection and prevention capabilities. Many cloud provider and IT supports systems have excellent processes in place for keeping you secure. However, all of these preventive measures will only work if your employees work to keep the bad guys out. It is like having a strong security system but not locking the doors. Criminals use employees as the means of gaining unauthorized access to the systems or data.
- Keep it up! As we discussed during the Own It blog, keeping up to date is extremely important and a certain part of your IT support’s processes. All machines and software should be updated as required, and these should be automated rather than manual whenever possible.
- Keep social media social. As is the case with your personal social media accounts, minimize how much information about your customers, employees, and vendors is shared online. This information can be used to launch sophisticated phishing scams against those customers, employees and vendors, amongst other things.
- 1 shot and you’re out! Hacking of a network or the infrastructure of a computer system is infrequent. It is often a single vulnerability within the security perimeter, and as previously noted, often cause by an employee. It only takes one door to be opened for the entire organization to fall.
Phishing
Phishing is a form of social engineering, and just one of many. However, its effectiveness and relative ease of execution makes it the most frequent of them to be used. Most phishing attacks come in the form of emails, and others as malicious websites. These tools are used to gain unauthorized access to or use of your systems to steal personal or corporate confidential information, and more importantly, steal money. A few tips to remember to not be “hooked”:
- Play hard to get. Always be suspicious. Anything online can be other than what it seems to be, especially emails and online posts with hyperlink or attachments. When you are not expecting such a link, did not ask for one, or are in any way unsure of its source, do not click on the link or attachment.
- Don’t be a jiminy clickit. Urgency in an email requiring immediate action is suspect. Pay attention. Use the PUTP defense in these cases – Pick Up The Phone. Do not respond to these kinds of emails without first picking up the phone to call the sender at a number known to you to be certain they did send the email. Think first and click later.
- Secure what is yours. Your professional online profile contains a lot of your personal information. Be sure to limit this only to what is needed and be aware that if your customer can see the information and use it to do business with you, Cyber Criminals can use it to do their business against you.
- Be hypersensitive. Hyperlinks in emails are doorways to hell. For a Cyber Criminal, its their black hole to your stuff. Always hover over hyperlinks and read them from right to left to verify both authenticity and destination.
- MFA is always the way. Having multiple layers of identification or protection when working online is the best practice. Use the tips we discuss below in the MFA theme.
- Shake it up.
- Keep it up! As we discussed during the Own It blog, keeping up to date is extremely important and a certain part of your IT support’s processes. All machines and software should be updated as required, and these should be automated rather than manual whenever possible.
Owning it is securing it. The best way to stay secure personally and at work is to believe you will be a victim, and to take up your defensive position. Your personal and professional life are under attack every day, and your best weapon to fight is being in the know as you go.
As always, have a safe browsing day.
Take an inside look at all three themes for 2019: Own It–Secure It–Protect It.