By Alex Duffy
In life there are a set of rules that apply to certain scenarios. When you are driving and want to change lanes, you check your mirror, indicate, check your mirror again, safely switch lanes, and finish up by turning off the indicator. These rules are in place in order for everyone to have a safe driving experience. The same practise can be applied to your online security, which is critical considering almost everything is completed online these days. In some cases an 8-16 character password is all that’s protecting your finances – that should be reason enough to want to protect yourself.
So, how do you make sure to keep yourself safe? Follow these 10 steps:
ONE – Look for browser warnings and the green lock before entering credentials.
Whenever you access a website, your browser runs background checks to make sure that the site you are visiting is indeed who they claim to be. When the websites fail these checks, your browser will warn you. These warnings are there for a reason! So make sure to listen to those warnings and respect them.
TWO – Maintain Unique passwords for every account and website.
Too often people will use the same email and password for their bank, as they do for any odd website out there that has asked them to create an account. The issue with this is that once that website becomes compromised and your account details are stolen, threat actors will often use those same credentials against a variety of services like PayPal, large banks and more, and will be end up being successful in stealing your information.
THREE – Use Random Generated or pass phrases as your password.
Regarding passwords, you are looking for length and complexity. Complexity does not mean take your name and replace an ‘A’ with an ‘@’. Complexity means that you couldn’t break a password just by changing characters. Remembering truly random passwords is tough, so passphrases are the next best thing. Simply take a saying or a line from your favourite song, poem or book, and use that as your password, spaces and all. You could also take the first letter of each word to create a new passphrase. Generally speaking, if you add a number or two that should satisfy password complexity standards.
FOUR – Do not click links that arrive in unsolicited email.
Phishing is a scamming method that uses fear and urgency to get you to act irrationally. If you are not expecting to be contacted by the sender, and a link urges you to ‘click here’, and they are threatening that something bad will happen, like your email account getting shutdown or blocked, it is generally fake. If you are still unsure, you can hover over the link to gain more information. If Microsoft claims they sent you the email, the link should be Microsoft’s. In the end, if you are ever in doubt, then contact the company directly and see if they sent you the email.
Microsoftpasswordreset.suvlaki.co – FAKE
login.microsoftonline.com – GOOD
FIVE – Where possible enable multi-factor authentication
Multi-factor authentication is a second way of verifying your identity. This can be achieved using methods such as a text, phone call, or a generated token. This should be enabled because in the event of your password being stolen, the threat actors are still unable to access your account. When multi-factor is set up, you should always be aware that if you receive an authentication code without trying to log in, then it could mean that someone has your password and is trying to log in.
SIX – Change passwords regularly
Your job is to make stolen passwords redundant. You can do this by changing your passwords often which heavily reduces the impact of a stolen password
SEVEN – Try not to write down your passwords, if you do, do not store them in plain sight.
You should not have your passwords written down, makes it easy to gain access to your devices. But if you really insist on it, which again, please don’t. Then PLEASE, hide them – and no, NOT UNDER THE KEYBOARD!
EIGHT – Use a password manager to help you remember your unique passwords.
A strong password is one that is long and can’t be remembered. No one is asking you to remember them all, instead securely store them in a password vault. Password vaults are invaluable at keeping your everyday passwords safe, and then ensure that access to your vault is protected by a strong passphrase and multi-factor (Step three and five).
NINE – keep ALL software up to date.
Updating your operating system or antivirus is only half the battle against protecting your device. Any out of date applications, such as Adobe, Zoom etc, can allow a threat actors to gain full access to your system and everything within.
Ten – With emails, ensure that the send and the senders email address are correct.
It is incredibly easy to change your display name for an email address to appear as someone else. Your job is to make sure the person emailing you is actually the person they claim to be. You can work this out by comparing their display name to the actual email address.
John Harry <[email protected]> – BAD
John Harry <[email protected]> – GOOD
About the author
Alexander Duffy is Security Solutions Architect for emt Distribution, working in the Threat Intelligence space on a full range of emt’s cybersecurity portfolio like ThreatConnect, Flashpoint, etc. For more security updates follow him on LinkedIn