This month is Cybersecurity Awareness Month, and this month is focused on YOU—what you personally can do to impact cybersecurity at your organization.
We write many blog posts and articles about cybersecurity best practices and tips that often fall to an IT resource to implement. Even basic tools such as antivirus, antispam, or software patching should really be overseen by IT professionals.
But let’s strip all that away for now. What are literally some tips that you can do today? Here are a few that will make a huge impact, even if they don’t seem like a big deal on the surface.
1. Change your password.
You may have a password that is simple and easy to remember. That’s convenient for you but also convenient to cyberattackers who use automated tools to hack into computers. If you use short, easy-to-guess passwords, then you are increasing the risk of a cyberattack.
Simply changing your password to a passphrase (a very long phrase that’s easy for you to remember but nearly impossible for hackers to guess) or a complex password (a long password full of letters, numbers, and special characters) can improve your cybersecurity and decrease the risk of a hack.
2. Turn on multi-factor authentication whenever possible.
Many common applications now offer the option of setting up multi-factor authentication (MFA), the process of adding another layer of protection to your security in addition to a username and password. For example, MFA may require you to first enter your username and password as normal. Then, you will get a code to your phone and input that code into a field that appears after you log in. In other words, you’ve added another “factor” of authentication that makes it more difficult for hackers. Even if a hacker gets your username and password, they must still have your phone in order to break into your application.
3. Clean off your desk.
What does desk cleanliness have to do with cybersecurity? An often-overlooked way that an attacker can steal a password is by seeing it on a desk. A disgruntled employee or unescorted guest wandering through your building could take a phone picture of your sticky notes and use the password later to break into your systems. Find another way to remember your passwords other than publicly viewable sticky notes on your desk.
4. Be skeptical about suspicious emails, links, and attachments.
95 percent of successful attacks over the past two years began in an email—a person clicking on a malicious link or attachment. If you are too trusting, you must become more skeptical. We will talk more about phishing emails next week, but be aware of:
- The sender’s email address: Sometimes, the name may look correct but the email address is clearly wrong.
- The links: Hover over the links with your cursor (but don’t click them!). In the lower part of your screen, you can see what the URL looks like. Does it look legitimate (such as www.google.com or www.vc3.com)? Or does it look wrong or mismatched against what you would expect? If in doubt, don’t click! You can also just go to the legitimate site directly on the internet instead of clicking a potentially dangerous link.
- The spelling and grammar: Many spammers sent emails with lots of spelling and grammatical mistakes. Professional companies do not send emails riddled with typos.
- The urgency: Does the person want you to do something NOW? Is it strangely urgent? Question an email if you must act on it right now.
- The context: Many spam emails will ask you to do something you’ve never done before. Has Google ever asked you to click on a link to get a quarantined email? Has Amazon ever wanted you to update credit card information for an incorrect order? Has a vendor ever asked you by email to switch your invoicing process after years of doing it a certain way?
5. Do not download software and apps that are not trusted or authorized by your organization.
It’s tempting to download online software and apps that seem to meet your needs. Innocent-seeming apps such as music players, barcode scanners, flashlights, games, voice recorders, timers, and “cleaners” (that say they will clean junk off your computer or phone) are sometimes bundled with malware or adware. You could easily let a virus into your organization’s systems by downloading untrusted software. Stick to default software and applications on your computer, use software and applications provided by your organization, and only use additional software or applications if they are 100 percent trusted (like Google, Amazon, or other major brands).
Without needing an IT professional, you can implement these best practices today and make an impact at your organization. Next week, we will continue our Cybersecurity Awareness Month posts by delving into the red flags of a phishing email and pointing out signs that are easy to overlook.
If you want to talk more about cybersecurity, fill out the form below.