Nine Ways To Protect Personal Information & Passwords
To make sure every American has the resources they need to stay safe and secure online while increasing the counter-attack on cyber threats, government organizations partner with public industries every October for National Cyber Security Awareness Month.
Throughout the month, William from our IT team will share helpful and practical information to help you stay safe online. Cyber criminals are very good at getting personal information from unsuspecting victims, and the methods are getting more sophisticated as technology evolves.
Protect yourself against cyber threats with these nine tips, and by learning about security features available on the equipment and software you use.
Use a long passphrase. According to National Institute of Standards and Technology (NIST) guidance, you should consider using the longest password or passphrase permissible. For example, you can use a passphrase such as a news headline or even the title of the last book you read. Then add in some punctuation and capitalization.
Don’t make passwords easy to guess. Do not include personal information in your password such as your name or pets’ names. This information is often easy to find on social media, making it easier for cybercriminals to hack your accounts.
Get creative. Use phonetic replacements, such as “PH” instead of “F”. Or make deliberate, but obvious misspellings, such as “enjin” instead of “engine.”
Unique account, unique password. Having different passwords for various accounts helps prevent cyber criminals from gaining access to these accounts and protect you in the event of a breach. It’s important to mix things up—find easy-to-remember ways to customize your standard password for different sites.
Social media is part of the fraud tool set. By searching Google and scanning your organization’s social media sites, cyber criminals can gather information about your partners and vendors, as well as human resources and financial departments. Employees should avoid oversharing on social media and should not conduct official business, exchange payment, or share PII on social media platforms.
It only takes one time. Data breaches do not typically happen when a cybercriminal has hacked into an organization’s infrastructure. Many data breaches can be traced back to a single security vulnerability, phishing attempt, or instance of accidental exposure. Be wary of unusual sources, do not click on unknown links, and delete suspicious messages immediately.
Think before you act. Be wary of communications that implore you to act immediately. Many phishing emails attempt to create a sense of urgency, causing the recipient to fear their account or information is in jeopardy. If you receive a suspicious email that appears to be from someone you know, reach out to that person directly on a separate secure platform. If the email comes from an organization but still looks “phishy,” reach out to them via customer service to verify the communication.
Be wary of hyperlinks. Avoid clicking on hyperlinks in emails and hover over links to verify authenticity. Also ensure that URLs begin with “https.” The “s” indicates encryption is enabled to protect users’ information.
Protect your personal information. If people contacting you have key details from your life—your job title, multiple email addresses, full name, and more that you may have published online somewhere—they can attempt a direct spear-phishing attack on you. Cyber criminals can also use social engineering with these details to try to manipulate you into skipping normal security protocols.