What’s the biggest chink in your cybersecurity armor? Is it your software? Your hardware? The cloud? Nope — it’s you. When it comes to protecting digital assets, we, the users, are our own worst enemies. Mistakes like creating easy-to-guess passwords, not encrypting your important data, or sending passwords over email can make a hacker’s job easy.
Build a digital wall around your accounts
Our seven-point cybersecurity assessment can help you identify vulnerabilities, but if you’re looking for lower-hanging fruit that you can act on more quickly, follow these best practices.Passwords
In the future, we probably won’t need passwords at all, but for now, long, complex, hard-to-guess passwords are the way to go.
Passwords should be:
- Alphanumeric (repl4ce l3tt3rs w1th vi5ually 5imilar numb3rs) and include special characters.
- At least eight characters long — and at least 14 characters long for admin accounts.
- Changed at least every three months — and every 30 days for admin accounts. (Admin accounts affect all related users, so extra precautions are necessary.)
- Hard to guess. (Going from Passw0rd1! to Passw0rd2! after three months won’t cut it.)
The problem with creating complex, unique passwords for every account is that they’re hard to remember, so people tend to put their accounts at risk by writing them down on paper or on their digital properties (like in the notes app or a Google doc). But, if passwords can’t be shared, written down, reused, or used for multiple accounts, how in the world are we supposed to remember them? One solution is a super-secure password manager like Dashlane or Sticky Password.
When it comes to protecting digital assets, we, the users, are our own worst enemies.
Many password managers even allow you to enable multifactor authentication, which adds an extra layer of protection by requiring a password and one or more identifying features. For example, if you enter your password on your computer, your account might send a code via text to your phone and ask you to enter it before granting access. This type of two-factor authentication (also known as 2FA) means a hacker would have to have access to both your computer and your phone to access your account. Biometric methods are also available like using your fingerprint or a face scan.
Don’t invite hackers in by mistake
Now that we’ve covered how to keep hackers from sneaking in behind your back, we need to talk about how to protect what’s right in front of you. If your system were a house, you could put all the bars, locks, and barbed wire up that you want, but it wouldn’t protect you from letting someone disguised as a friend walk through the front door. These digital wolves in sheep’s clothing can easily access your system, if you invite them in.
Before clicking a link, hover over it, and look at the bottom-left of your browser to see where it actually goes…Malware and viruses
Malware is rogue software hackers use to compromise your systems or data. Viruses are a type of malware. To protect yourself from attacks, pay attention to these three areas:
- Websites: Avoid the sketchy ones, and never download software without verifying.
Some sites are easy to identify as unsavory, as they’re loaded with pop-up ads, promise prizes, or delve into questionable subjects. But it’s not always easy to tell, and it’s very easy to trick somebody into clicking a malicious link. Before clicking a link, hover over it, and look at the bottom-left of your browser to see where it actually goes (for example: your bank).
It won’t always be as obvious as that example, but it can give you more insight into where you’re going.
Bottom line: Don’t download anything without verifying. You could unwittingly give a hacker access to your entire system.
- Email: Be cautious with all emails, even if they appear to come from somebody you know. Phishing scams are increasingly sophisticated, so be careful when opening any email. Hackers can make an email look like it comes from a legitimate source, but there are a few red flags to look out for, including:
- Threatening or time-sensitive language.
- Email addresses you don’t recognize, or uncharacteristic emails from known senders. (Don’t hesitate to send a text or make a quick call to verify.)
- Requests for money, your passwords, or any other sensitive data.
- Software: Keep it up to date. Updating your software can be a pain — and tempting to put off — but updates often include improved safety measures. Stay current on all your devices, and be sure to keep your anti-virus and email spam-fighting software up to date. If your computer is acting up, investigate. Slow performance could be a sign of an attack.
If you implement even one of the above best practices for protecting your data, you’ll be taking a big step toward strengthened cybersecurity. But don’t think that just because you’ve made moves today that you can forget about it. As cybersecurity measures improve, hackers come up with new ways to get around them, so staying vigilant is key.
Don’t think you can handle it alone? Invest in a cybersecurity partner — risking your data and that of your staff and clients just isn’t worth it.