I am often asked how individuals can better protect themselves from cyber attacks. Here are my top ideas on what anyone can do to make it more difficult for bad actors:
- Employ a defensive mindset. The Internet truly is the Wild Wild West. Nearly anything goes since bad actors can easily hide their location and get away with a lot of activity. Consider what it feels like to walk down a dark street or take a stroll through the woods at night. Your senses are heightened, you become keenly aware of your surroundings, and you are actively scanning to identify any potential threats. The same applies to a computer or whatever device you are using. Be suspicious of email with any strange wording. If you suspect a link may be malicious, try to access it a different way by going directly to the website in question. Question everything!
- Use unique and strong passwords for each account. There are many guidelines for passwords, but keep it simple and employ your own rule that you apply to every account. Either utilize a password generator or smash keys on the keyboard while pressing and releasing the shift key. Example: dF)(Sfj89D83jlk23a$
- Use a password manager. Now, if you have 100 different passwords that look like the above, there is no way to remember them. This is where a password manager comes in. There are many out there. Conduct a trial of each until you find one with an interface and app you like. Here are a some to look into: LastPass, 1Password, Bitwarden.
- Enable Multi-Factor Authentication (MFA). This may be referenced as two-factor authentication (2FA) or 2-step verification, however they mean similar things. A password by itself does no good if a bad actor has stolen it. Think of your username and password as your first factor (something that you know); a second factor is something that you have (in your possession). This increases your ability to prove that ‘you’ (meaning the session that is currently authenticating) truly are you since you log in with your username, password, and your second factor. In days past, physical tokens were often issued to end users, and they displayed a rotating code that would be required after entering your username and password. Nowadays, since almost everyone has a smartphone, authenticator apps have come into favor. I like Authy, however there are options from Microsoft and Google, and others. Simply open your phone’s app store, and search for your authenticator app of choice. Many software-as-a-service (SaaS) applications have built-in support for enabling MFA via these apps. Typically, in your account settings for a particular SaaS app, you will find security settings, and the ability to enable MFA. Open your authenticator app on your smartphone, scan the QR code, and you are off and running. Each time you log in, you will need to enter your username and password, as well as the code from your authenticator app.