online safety and security

Stop. Think. Connect. The Basic Steps for Online Safety and Security

October is National Cyber Security Awareness Month (NCSAM), which you can follow on Twitter using the hashtag #CyberAware, and we are excited to be a 2016 Champion! NCSAM was put together by the Department of Homeland Security and the National Cyber Security Alliance to help educate people on ways to improve their online safety and security practices.

As a participating company in this important initiative, we will post blogs throughout the month that correspond with NCSAM’s selected weekly themes.

This week’s theme is Stop. Think. Connect. The Basic Steps to Online Safety and Security. We will discuss simple steps that anyone can follow to make their online activity more secure based on the stop, think, and connect concepts.

The first thing to do before you go online is to stop and ensure that basic security measures are in place. Are you running an anti-virus program on your laptop? Are all your programs and applications up-to-date?

Another area to consider is passwords. They are the veritable keys to the kingdom, yet many people still use passwords that are easy to crack. Two of the most commonly used passwords are (still) “123456” and of course, “password.” A few people think they’re clever and use “qwerty” without realizing that it’s the fourth most commonly used password. What’s more, 73 percent of accounts use duplicate passwords. If you’re using the same password across accounts, you’re far more likely to get hacked.

On the bright side, there are some relatively simple things you can do to help make your passwords and your accounts more secure:

1. Create Your Core Credential. Create a random sequence of words, an acronym, or phrase that is unique to you. Let’s use HoneyBadgerInPajamas as an example.

2. Develop a Padding Pattern. Like the approach you would take for creating a standard password, your padding pattern should include uppercase and lowercase letters, numbers, symbols, and/or special characters. For example, creating the padding pattern +1No- -oN1+ and combining it with my previous core credential would create the password: +No-HoneyBadgerInPajamas-oN1+ which would take a computer years to crack.

3. Use Different Passwords for Each Account. The average person has more than 24 online accounts, making the management of passwords an overwhelming task. That’s why password padding comes in handy. It allows you to create unique passwords that are easier to remember but difficult to crack. Let’s say the previous example is for my email; I can make a secure password for my bank with $Mo+ThisIsWhyICantHaveNiceThings+oM$, and so on.

4. Regularly Change Your Passwords. While the security team at work frequently gives this recommendation, 47 percent of consumers use a password that hasn’t been changed in five years, and 77 percent use a password that is over a year old. Most experts recommend changing your password every 3-6 months.

5. Consider a Password Manager.
 Password managers have their had their share of detractors and advocates over the years. If you have dozens or passwords to keep track of though, you can use them to generate strong, unique passwords and easily keep track of hundreds of websites. Most offer a mobile application as well to help you manage your passwords when you’re on your phone.

Enable Two-Factor Authentication (2FA)
Imagine this scenario: you attempt to log into Facebook but you’re locked out. After finally recovering your account and logging back in, you find that all your photos and memories were wiped clean. This could have been avoided with two-factor authentication (2FA), also known as multi-factor authentication.

While improving password strength is a simple first step to securing your online accounts, adding 2FA will help to ensure no one can easily hijack your accounts.

What is 2FA? It is an extra layer of security that not only requires your initial password but also a piece of information that you have, such as a physical token or your mobile device.

How does 2FA work? The most common type of 2FA sends a unique code to a your mobile phone that you must enter before the site allows you to fully log in. The only drawback to setting up 2FA on is that you must have access to the device where the code is being sent. If you’ve set up 2FA to send a code to your phone, and you don’t have cell coverage, you may be temporarily locked out of the account.

Here are some tutorials on how to activate 2FA for many popular sites.

Increase Your Wi-Fi Awareness
Free Wi-Fi has become a staple in coffee shops, hotels, and other public spaces. Even though Wi-Fi offers convenient Internet access it also presents information security risks. Accessing hotspots without practicing proper security hygiene can be almost as bad as handing over your passwords to a complete stranger. A threat actor can monitor all the traffic on a public Wi-Fi hotspot by using sniffing programs and tools. Here are some ways to protect yourself:

1. Verify the Wi-Fi Hotspot is Legitimate. It’s far too easy for someone to setup a Wi-Fi hotspot and name it in a way that makes you think it is associated with a legitimate business (i.e., Starbucks). Before accessing the hotspot, be sure you have asked which network to connect to from an employee.

2. Access Secure Sites Only. Make sure that the website you are browsing is using HTTPS to encrypt the data being transmitted, particularly when you’re transmitting data such as forms, passwords, etc.

3. Invest in a Virtual Private Network (VPN). One of the best ways to ensure your data is secure is by using a VPN. A VPN encrypts the data from your device to the VPN server, making it even more difficult for someone to intercept the data. Many companies provide a corporate VPN on company laptops for work use, but for personal use, you can set up your own. Luckily, there are several companies that offer VPN services that are relatively easy to set up and that offer very inexpensive monthly subscriptions.

4. Log Out of Every Session. This is another extremely easy step to follow, but one that is often overlooked. Session hijacking is a way that a threat actor can access and hijack your account. Depending on the website, closing out the browser may not end the active session that you are logged into. Bottom line, always take the extra time to log out of any active session, particularly when banking online.

While this is by no means an exhaustive list of how to protect yourself online, they are basic steps you can take to make online browsing more secure.

In our next blog, we discuss factors that organizations must consider to drive better cyber security education and awareness from the break room to the board room.

Stay on top of the rest of the NCSAM schedule here, and learn how you can also get involved as a champion.