Skip to main content

Protect yourself and keep your organization’s information safe.

National Cyber Security Awareness Month is a collaborative effort between the government and various industries to educate users about cybersecurity threats and how people and businesses can protect themselves.

Let’s review some key methods to own, protect and secure IT so you can keep you, your family and your organization’s information safe this October, and the whole year through.

Passwords are a daily part of life. We need them to log in to email, social media accounts, work computers, bank accounts, and just about everything online. Many of us have a favorite password we reuse across a number of these accounts. But that’s incredibly risky! Creating a unique password for each account is key to personal and company security.

Your password or passphrase should be at least 12 characters in length to minimize the risk of a cyber-criminal cracking your password. The longer your password is, the more complex. And using unique passwords for each account makes it more difficult, time consuming and costly for cyber-criminals to target you as a victim.

Strong passwords require both Length and Complexity.

    1. Complexity is using a combination of Uppercase, Lowercase, Numbers and Special Characters in your passwords.
    2. Longer passwords are stronger and more difficult to crack.

You can have the strongest password in the world, but if it is part of an organization breach and your credentials are leaked, then your password is out there.  The way you can protect yourself from that is to change your passwords regularly.

An average user has 40 accounts. With so many passwords to remember, a password manager will help you out in several ways beyond saving your memory and reducing cyber fatigue. A password manager securely stores your credentials and passwords, automatically creates unique, new strong passwords, and allows you to update passwords when needed.

*Don’t save passwords in documents or text files which are not encrypted and put all your accounts at risk.

How can you further secure important accounts? Multi-factor authentication provides an additional layer of security and is available with many online systems, applications, and websites. Multi-factor authentication (MFA) requires two or more independent factors to gain access; typically, this takes the form of your regular password and a One-Time-Password (OTP) that is sent to your phone via text or an app on your phone. MFA ensures that even if a bad actor has your credentials, they still can’t access your account.

When users adhere to the password hygiene tips (mentioned above), their accounts are much more secure than those who do not.  One of the primary weaknesses of passwords is that they rarely change or are static.  Even if you change your passwords regularly, for example every 90 days, that means that your password remains the same for 90 days and could fall into the wrong hands. The way to protect a static password is to add an element that changes regularly.  Enter MFA!

Now that your passwords are long and complex, are secured by multi-factor authentication, and are stored in an encrypted password manager, you’re all set, right? Wrong!  We still see frequent attempts to get you to provide your credentials to an unauthorized party through phishing. And even those with elevated cyber security awareness have been known to slip up when it comes to this trick.

Phishing is a cyber-crime where you are contacted via email, messenger apps, social media, telephone, or text message by someone posing as a legitimate contact or institution. The idea is to lure you into providing sensitive data, such as personal identifiable information (PII), banking and credit card details, passwords, or clicking on an attachment with malware.  Since the COVID pandemic began Phishing attacks have increased significantly and now more than ever, it is important to always be suspicious and think before you click.

To help prevent yourself from becoming a phishing victim, do these things:

  • Check for spelling and grammatical errors
  • Ensure the “from” address matches the actual sender email address
  • Hover over any links before clicking, look closely to ensure they are taking you where they should be
  • If an email seems suspicious, reach out to that person via a separate communication or phone directly to confirm they sent it
  • Don’t click links or attachments in emails unless you’ve confirmed they’re legitimate

Remember, if an email seems unusual, always check its authenticity BEFORE acting on anything the email is asking you to do.

Learn more about Cybersecurity Awareness Month and how to keep your digital life secure at: https://www.cisa.gov/national-cyber-security-awareness-month

Some information in this post has been sourced from Thycotic, a cybersecurity software company.

TC123521(1021)1