Cyber safety is not just for CISOs or techies anymore. Technology touches all of us nearly every single day, from baby nurseries to nursing homes. It is so important that everyone understands the basics of safe cyber activity. October is Cybersecurity Awareness Month and FireMon is here to provide tips in an easy-to-understand format for even the youngest of readers. So, please share with your friends and family and stay safe out there!
As kids, most of us innately understood the importance of passwords. Want to get into my club? What’s the password? Want to sit with me? What’s the password? Young kids often use their favorite animal or color: easy to guess. But as children get older, the passwords become more obscure and change often. Stronger passwords equal more exclusivity. Unfortunately, as we get even older, stronger passwords seem to require too much effort.
According to Verizon’s Data Breach Investigations Report (DBIR) 2022, poor password practices have been one of the leading causes of data breaches since 2009. You may find it annoying – constantly signing into different accounts separately – but if you do nothing else, please make your passwords strong.
Massive corporate incidents often make headlines, like the TJ Maxx, Target, Marriott, and Equifax breaches. However, the many smaller attacks on individuals resulting in stolen credit card data, identity theft, or social media hacks rarely reach the masses. Bad guys love to take advantage of the low hanging fruit, which is often the average consumer. Their easiest target: passwords. Stolen credentials (aka stolen passwords/login information) accounted for 80% of breaches in 2021.
It is tempting to use the same simple password for all of your logins. It is painless and easy to remember. “Forgot my password” can be a frustrating time-suck. I get it. REALLY. But for the sake of your card data, social media access, and personal identity, please do not be the low hanging fruit.
Five Tips to help you Minimize your Credential Exposure
- Beef up your passwords. They should be both strong and unique. You’ve heard it before: at least 12 characters and have a combination of upper and lowercase letters, numbers and special characters such as #, $, &, and %. The most secure sites MAKE you make your passwords strong. Try to incorporate those rules everywhere.
- Don’t ever reuse passwords. Especially across your personal and business applications. Once the threat is in one account, they are sure to try to access more. Let’s say the attacker hacks into your email. Once in, they will have access to links to your bank, credit cards, and other important sites. Do not make it easy for them by having the same password for all.
- Don’t ever give out your passwords. This sounds simple enough, but hackers find ways to entice you into sharing your information. Phishing is a popular method. The attacker tricks you into thinking they are from a legitimate person or organization but are only capturing your data. Always double check that you are on the correct URL before providing any sensitive information.
- Use a password manager. They create and store unique passwords for each site and often auto populate the password on saved devices. Password managers tend to make life easier because you don’t have to remember them! Tools like 1Password and Google Password Manager are popular options.
- Set up multi-factor authentication (MFA). MFA inherently enhances the security of your credentials by adding 2+ layers of protection. MFA is not always practical but is one of the best ways to ensure your credentials are not hacked. Without the additional verification, even a correct user ID and password will not allow access to your accounts. MFA requires at least 2 of the following for logging in:
- Something you know – a password
- Something you have – a token, authenticator app, smartphone or laptop
- Something you are – biometric data, like faceID or fingerprint
The Internet is an incredible place. Enjoy and scroll responsibly!