The need for cybersecurity awareness is ever apparent in our technology-driven world. With the internet of things and interconnected devices, being aware of your surroundings and your data in the digital realm is important for us all. Based on a Google online security survey in February 2019, 65% of people re-use passwords for multiple accounts. In addition, the Verizon 2019 Data Breach Investigations report found that 80% of hacking-related breaches leveraged weak and compromised passwords. So, how do we protect ourselves, our data and our accounts in cyberspace? There are three important factors to be vigilant in protecting yourself in cyberspace, which is: the use of a password manager and multifactor authentication, identifying phishing attacks and changing default passwords. These three actions can help reduce and mitigate risk in cyberspace.
First, if you are like me and have 100 plus logins, there is no way to remember all 100 plus unique passwords. Therefore, we have two options: 1) repeat previously used passwords or 2) use a password manager to store all 100 plus unique passwords and credentials. Before selecting a password manager, use a trusted online password checker such as https://nordpass.com/secure-password/ to identify how strong of a password you typically use. This online resource will tell you how long it takes for a computer to brute force the password. Always follow best practices when creating a password, such as making sure the length is longer than eight characters, includes upper case, lower case, special characters and numbers. Avoid common words like “love” or using information that could be found on social media, such as names of relatives, birthdates, siblings and children. Another example would be to change a commonly used word like “love” to “admire." Next, always sign up for multifactor authentication for logins and accounts. Adding two-factor authentications to accounts when possible should always be initiated and is as simple as adding a cell phone number to an account. Two-factor authentication adds to the principle of defense in depth where there is no single point of compromise.
Secondly, we need to be vigilant in identifying phishing attacks, which we know are going to occur at some point, if not often. There are three guarantees for this day and age: death, taxes and phishing attacks. In general, if you have any suspicion about an email, make sure to look at it on a desktop or laptop computer so you can hover over the link to verify where it will actually take you. Never click on links in an email that you are unsure about. Also, watch out for urgent requests to call numbers provided in the email. Instead, call your banking institution directly or the company directly from their contact information online. If you receive an email stating you have been charged for x amount of dollars, call your institution and verify this has occurred. These phishing attempts use scare tactics to force the urgency of the matter at hand and for you to disclose information to them. Using your phone primarily for email communication is quite common in today’s age; however, you cannot obtain as much information via smartphone as you would looking at it from a desktop or laptop. Always keep your systems updated, whether it is your cell phone, iPad, laptop or desktop. Applying the most recent patches will mitigate vulnerabilities that were discovered previously. Also, keep backups of important documents on a flash drive offline.
Lastly, always change default credentials for any device given. Never, never, never keep the default credentials that can be easily searched online. For example, always change your home router default login credentials. These are easily found online with one Google search.
Overall, cyberspace is an exciting place that connects us all and our devices. As a technology-driven society, we need to be vigilant to protect ourselves and our data in cyberspace by creating awareness for best practices that can be applied in our daily lives.
This article was written by Justin Arias as a part of a series for the month of October for National Cyber Security Awareness Month. Justin Arias is a cybersecurity analyst at The National Information Assurance Training and Education Center at Idaho State University.