5 Easy Habits for Increased Cybersecurity
1. Lock Your Computer
This is by far the easiest habit to build, and no, we don’t mean physically locking your computer. No matter what size organization you work with or if you work from home, locking your computer screen every time you walk away from it is a layer of protection.
Let’s say someone social engineers their way in to your office and has physical access to computers. You walk away to attend a meeting or use the restroom without locking your screen. They now have free reign to do whatever they want while you’re away.
It’s just not worth the risk. Lock it down! Here’s a handy keyboard shortcut for locking Windows PCs:
2. Don’t Use the Same Password for More Than One Login
The desire to reuse usernames and logins is understandable; it makes things easier to remember, and it’s faster to log in to wherever you need to go. However, once one of those websites or services are breached and unencrypted credentials are stolen, every other website you’ve used that username/password combination on is at risk. Your banking website, social media accounts, Amazon login, credit card portals, and so on can be easily identified and accessed with limited information outside of the stolen credentials.
How do you get yourself organized, then? Use a password manager such as LastPass, DashLane, or Keeper to keep everything in one place. Don’t write down your credentials and leave the paper hanging on the wall next to your computer, and don’t keep them in a spreadsheet—unless you want to password protect the document then put it on an encrypted hard drive that requires you to enter that password as well just to access it. That’s just too much work.
3. Verify Email Requests for Money Transfers via a Phone Call or Face-to-Face Conversation
Do you handle the books or AR/AP for your organization? You’ve probably received bogus requests for payments or money transfers from email addresses you don’t recognize.
It’s likely that you have or will come across someone who spoofs your supervisor’s or an upper management’s email address—someone who’s likely to ask you to transfer money for real. The email will look legitimate. It’s a clever tactic that can be highly successful. They’ll include a link in an email to make the whole process super easy.
But when you call or physically walk over to the person who supposedly asked for this transfer/payment, they have no idea what you’re talking about. Always verify with a phone call or, preferably, a face-to-face conversation. Additionally, a policy should be in place for formal written requests to be submitted.
4. Never Give Your Login to Someone Else
Even if you’ve been married to that person for 23 years, don’t do it. That might sound overly paranoid, but the other person has their own habits of handling logins and cybersecurity in general, and it puts your login at risk.
If someone else should have access to an account, see if there’s a way to grant them access via their own login, and make a thoughtful decision on what level of access they should have.
5. Check All Accounts for Multi-Factor Authentication Options
If they aren’t enabled, add them! In the event that your login credentials are compromised, this additional layer of security can block the threat actor from gaining access.
Even the level of security of multi-factor authentication options is evolving. SMS verification, where you get a code sent via text message to your phone to enter on the website, isn’t as secure as it once was. However, if that’s the only available option, it’s better than nothing.
Security questions are another method that are losing security clout. Answers to security questions, like “What is your mother’s maiden name?” can be found via a Google search or through your social media profiles. Try substituting your answer with something else you’ll easily remember, if security questions are your only option.
As of this writing, we recommend an authenticator app such as Google Authenticator or Duo, if the website offers it. Each of those has a handy mobile app, and Duo can push a notification to your phone to be approved in one tap.
If multi-factor authentication isn’t offered by the service, reconsider whether you really want to use a service that doesn’t take security seriously.
Security isn’t difficult, but it requires more of our time and is similar to 6-month dentist visits. If something does go awry, it can have devastating and costly consequences, so some preventative measures go a long way. Plus, the peace of mind is worth it.