October is National Cyber Security Awareness Month (NCSAM), which you can follow on Twitter using the hashtag #CyberAware. We’re excited to be a 2019 Champion! As we mentioned in our previous post about owning your digital profile, 2019’s theme is “Own it. Secure it. Protect it.” In this blog post, we’ll talk about how to secure your digital profile by taking simple steps that anyone can follow.
First steps
“Secure it,” according to NCSAM, means adding additional layers of security to all of your Internet-connected devices.
The first thing to do before you go online is to stop and ensure that basic security measures are in place. Are you running an anti-virus program on your laptop? Are all of your programs and applications up-to-date? Do you use a Virtual Private Network (VPN)?
Another area to consider is passwords. They are the veritable keys to the kingdom, yet many people still use passwords that are easy to crack. Some of the most commonly used passwords are (still) “123456,” and of course, “password.” A few people think they’re clever and use “qwerty” without realizing it’s very common too. Also, don’t use duplicate passwords, or you’re more likely to get hacked.
Password Security
On the bright side, here are some relatively simple things you can do to help make your passwords and your accounts more secure.
- Create Your Core Credential. Create a random sequence of words, an acronym, or phrase that is unique to you. Let’s use HoneyBadgerInPajamas as an example.
- Develop a Padding Pattern. Like the approach you would take for creating a standard password, your padding pattern should include uppercase and lowercase letters, numbers, symbols, and/or special characters. For example, creating the padding pattern +1No- -oN1+ and combining it with my previous core credential would create the password: +No-HoneyBadgerInPajamas-oN1+ which would take a computer years to crack.
- Use Different Passwords for Each Account. The average person has an average of 23 online accounts that require a password, but on average only use 13 unique passwords for those accounts, making the management of passwords an overwhelming task. That’s why password padding comes in handy. It allows you to create unique passwords that are easier to remember but difficult to crack. Let’s say the previous example is for my email. I can make a secure password for my bank with $Mo+ThisIsWhyICantHaveNiceThings+oM$, and so on.
- Regularly Change Your Passwords. While the security team at work frequently gives this recommendation, 35 percent of people never change their passwords, unless they have a reason to do so. Most experts recommend changing your password every three to six months.
- Consider a Password Manager. Password managers have had their share of detractors and advocates over the years. If you have dozens of passwords to keep track of though, you can use them to generate strong, unique passwords and easily keep track of hundreds of websites. Most offer a mobile application as well to help you manage your passwords when you’re on your phone.
Enable Two-Factor Authentication (2FA)
Imagine this scenario: you attempt to log into Facebook but you’re locked out. After finally recovering your account and logging back in, you find that all your photos and memories were wiped clean. This could have been avoided with two-factor authentication (2FA), also known as multi-factor authentication.
While improving password strength is a simple first step to securing your online accounts, adding 2FA will help to ensure no one can easily hijack your accounts.
What is 2FA? It is an extra layer of security that not only requires your initial password but also a piece of information that you have, such as a physical token or your mobile device.
How does 2FA work? The most common type of 2FA sends a unique code to your mobile phone that you must enter before the site allows you to fully log in. The only drawback to setting up 2FA on is that you must have access to the device where the code is being sent. If you’ve set up 2FA to send a code to your phone, and you don’t have cell coverage, you may be temporarily locked out of the account.
Here are some tutorials on how to activate 2FA for many popular sites.
Increase Your Wi-Fi Awareness and Security
Free Wi-Fi has become a staple in coffee shops, hotels, and other public spaces. Even though Wi-Fi offers convenient Internet access it also presents information security risks. Accessing hotspots without practicing proper security hygiene can be almost as bad as handing over your passwords to a complete stranger. A threat actor can monitor all the traffic on a public Wi-Fi hotspot by using sniffing programs and tools.
Here are some steps to show you how to secure your digital profile.
- Verify the Wi-Fi Hotspot is Legitimate. It’s far too easy for someone to set up a Wi-Fi hotspot and name it in a way that makes you think it is associated with a legitimate business (i.e., Starbucks). Before accessing the hotspot, be sure you have asked which network to connect to from an employee.
- Access Secure Sites Only. Make sure that the website you are browsing is using HTTPS to encrypt the data being transmitted, particularly when you’re transmitting data such as forms, passwords, etc.
- Invest in a Virtual Private Network (VPN). One of the best ways to learn how to secure your digital profile is by using a VPN. A VPN encrypts the data from your device to the VPN server, making it even more difficult for someone to intercept the data. Many companies provide a corporate VPN on company laptops for work use, but for personal use, you can set up your own. Luckily, there are several companies that offer VPN services that are relatively easy to set up and that offer very inexpensive monthly subscriptions.
- Log Out of Every Session. This is another extremely easy step to follow, but one that is often overlooked. Session hijacking is a way that a threat actor can access and hijack your account. Depending on the website, closing out the browser may not end the active session that you are logged into. The bottom line is, always take the extra time to log out of any active session.
- Don’t Access Financial Information or PII. This should go without saying, but don’t use an unsecured Wi-Fi network to access any sensitive personal information, like personally identifiable information, or PII. Also, stay away from any financial transactions; even just logging into your bank account to check your balance.
Summary
While this is by no means an exhaustive list of how to secure your digital profile, the steps listed above are some basic steps you can take to make your connected devices more secure. The first step to being secure online is improving the strength of your passwords. Second, 2FA will help ensure your accounts can’t get hijacked by a hacker. When it comes to Wi-Fi, exercise caution with public, free, or unsecured Wi-Fi. Don’t use it to access any personally identifiable information, or your bank account. If you follow these steps, you’ll be well on your way to “securing it.”