At CyberScale it’s important for us to be able to share what we know and also what we believe we should all be doing within our businesses, work roles and in our personal lives when it comes to being cyber secure. To this end there are a few key things we should all being doing relating to password management, multi-factor authentication, safe email use and physical security.
Password re-use is possibly the worst habit we have trained ourselves to do over the last few decades. Fortunately, there are solutions to help us with this! Using a password manager to store all your online passwords in one secure place ensures that not only do you not need to remember all your passwords (they even create them for you!), but also that they are kept encrypted so that the actual detail of them is not available to others. To add to this, it is also really important to steer away from the common pitfalls when it comes to actually creating your passwords should you need to do this. Advice from the National Cyber Security Centre focuses on using 3 random memorable words (no home addresses or pet’s names!) to create your passwords and also ensure that they are both strong and memorable, but hard for computers to guess.
Beyond using passwords to protect yourself and enhance your online safety, it’s increasingly important to need multiple layers of authentication to verify that it is indeed you accessing your personal or business data. Typically two types of factors are used which has led to the term “2FA” or “MFA” with the M referring to Multi. There will be a combination of two things from different groups required such as what you know (a password or PIN), what you have access to (phone, hardware key, pin machine), what you are (a fingerprint, facial ID) and where you are (location services or IP address). Taking this approach adds a valuable layer of protection as it can compensate in the case of a data breach involving passwords. It’s important to highlight that the 2 factors need to be from different categories of things otherwise the level of protection isn’t enhanced, and also a common mistake is switching to a fingerprint instead of a password, this is not 2FA!
Email is just a part of what we do in all parts of our lives, but this shouldn’t mean we are complacent about the risks associated with using email when it comes to our online safety. Phishing emails are still the main cause of data and information breaches, therefore we all need to remain vigilant when it comes to what we are opening in our inboxes. Some simple tips are to check the sender, query whether you were expecting this email, look at formatting and spelling and question the sense of urgency phishing emails are often sent to us with.
Physical security remains ever important for all of us, keeping our devices and the sensitive information stored on them or accessible via them secure is a continuous task. The risk of a lost or stolen device, it being tampered with or files being stolen is something we all need to vigilant of, especially when we are out in the world. There are a multitude of ways you can protect yourself here such as:
- Backing up data
- Encrypting your devices
- Always have your devices on your person
- Avoid public WiFi
- Use a VPN
- Conceal your tech when travelling
- Enable device tracking
We also firmly believe that one of the most effective methods is to lock your devices (Windows: Win+L, MacOS: Ctrl+Cmd+Q), always!
If you want to know more about how to become more cyber resilient at work or at home then please do get in touch to see how we might be able to support you.