Cybersecurity Awareness Month
October is Cybersecurity Awareness Month. How diligent are you in securing all of your devices? Do you change your passwords? How secure are they? Are you using multi-factor authentication for logging into your accounts? I used to give a presentation on identity theft and started with an image of a lion chasing a gazelle. I said you don’t have to be the fastest gazelle; you just have to be faster than the slowest gazelle. And while that is still mostly true, you now have to be faster than a fair number of other gazelles.
First, realize you will be compromised at some point. Even if you are 100% locked down, companies you do business with can be compromised and expose your information. So, have a plan in place. Subscribing to a credit monitoring service is one thing you could consider. When you are compromised, contacting your credit card company is step one. Other ideas include contacting the credit reporting agencies and changing passwords (especially on any sites that have your credit card information). Look at how you were exposed and take steps to fix any issues it caused. Then, do what you can to prevent future issues.
Second, work on being faster than other gazelles. Follow all of your company’s security practices on all of your devices (even if they aren’t company owned, the IT people know what they’re doing, and their advice is sound). Use a firewall, anti-virus and anti-malware software programs (and set up routine scans). And yes, this is a good time to use a belt and suspenders – just make sure they don’t interfere with one another. Use secure passwords, change them on a regular basis, and use multi-factor authentication when available. I am so glad a few of the companies I use (banking, insurance, etc.) have switched to this. Now, instead of trying to remember all those answers I’ve given to challenge questions (and the capitalization I used), I can use my cell phone to get the authorization code after I’ve typed in my password.
For passwords, I suggest using a password manager like LastPass. The program will generate secure passwords for you and store them for future use on all of your devices. Then, the only password you need to remember is the one to that account. That password should be changed regularly. I change mine when I have to change my work login password. There are plenty of ways to help you remember a complicated password. I make sure mine are at least 16 characters long. I’m sure you’ve been told to use a combination of letters, numbers, and other characters. One way I do this is by substituting numbers and characters for letters. I often use a phrase and capitalize each word. So, for those of you who want to use “password” as your password, it would look like this: “P@55w0rd P@55w0rd.” (the period is part of the password; you can’t always use a space). Easy to remember and astronomically more secure. If you’re not using a password manager and have to create your own passwords, come up with variations on this theme. You can use phrases, song titles, book titles, or anything you’re likely to remember. Then, substitute numbers and special characters for some of the letters.
See my post Protect yourself from cyber-scams for managing downloads.
Here are some resources to learn more:
Federal government’s Cybersecurity & Infrastructure Security Agency. Their tips page has plenty of ideas for the average user. And surprisingly since it’s a government article, it’s clear, concise, and thorough.
Wikipedia has an entry on Cyberattack that will tell you more than you ever wanted to know about cyberattacks (okay, more than I ever want to know – it’s just too depressing).
Just about any computer-oriented website will have more information for you. Decide how much you want to know and focus on learning to that level. The basics are the same and it just becomes a matter of how much depth you need or want to know.