Use different passwords on different systems and accounts.
Use the longest password or passphrase permissible by each password system.
Develop mnemonics to remember complex passwords.
Consider using a password manager program like LastPass to keep track of your passwords.
Do not use passwords that are based on personal information that can be easily accessed or guessed.
#2 Spot the Phish
Phishing is a cyberattack where “targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords.”
Here’s how to protect yourself:
Use a second form of communication to verify the authenticity of an email that looks suspicious (call or text the sender—don’t respond to the email for verification).
Never click on an unknown link or download any content without knowing the origin of the file.
When in doubt, delete it. If a communication is legitimate and important, the sender will contact you again.
#3 I Spy a Security Violation
There are simple things you can do when you’re at the office or even working remotely to protect your organization’s assets. For example:
Lock your screen when you leave your desk, even when you’re working from home.
Don’t allow someone to follow you into a badge-secured location.
Report suspicious behavior of coworkers, partners, or vendors. If you see something, say something.
#4 Avoid a Costly Breach
There are lots of actions you can take to keep your data safe, regardless of what app or website you’re using. For example:
Never reveal your current location on social media.
Avoid public Wi-Fi whenever possible.
Don’t use mobile banking apps in public.
Back up your data and make sure those backups aren’t connected to your home network. You can copy your computer files to an external hard drive or cloud storage. Back up the data on your phone, too.
#5 Identify the Insider
Know what an insider threat is, and the signs to watch for. For example, some early warning signs of a potential insider threat include someone who begins working odd hours, makes abnormal data access requests, or escalates their user privileges.
If you witness any suspicious or inappropriate behavior by others, it’s your responsibility to report it to your manager or your HR team.
#6 Beware of Social Engineering
Does that news article or photo on Facebook seem … fake? Well, it probably is. When you’re consuming content on social media, don’t take it at face value. Always do your own research to determine whether what you’re reading is fact or fiction.
Trust but verify. Did your friend post a GoFundMe page for her sister’s friend’s family? Double-check the post with the person who shared it before taking action.
Never share your location when posting pictures on social media.
Avoid sharing any information that you wouldn’t want a random stranger knowing.
#7 Change Dangerous Default Credentials
Did a new website you’re using assign you a password? Or did the IT team set up your new account and assign you an ID and password? Change it!
Always change your default credentials as soon as possible when they’re assigned to you by an IT professional or company.
Change your passwords frequently. We recommend doing so every 60 days.
Cyberattacks happen often, and crafty attackers are constantly finding new ways to infiltrate the digital platforms we use every day. While it’s not a reason to panic, it is an important reminder that you need to remain vigilant and take steps to protect yourself and your data.
Get the latest information on cybersecurity events & games.