Cybersecurity Awareness Month is dedicated to raising awareness of the importance of and promoting good practices to protect individuals and organizations. Since 2004, Congress and the President of the United States made the Cybersecurity and Infrastructure Security Agency (better known as CISA) and its partner, the National Cybersecurity Alliance (NCA). Together, they provide resources to best navigate the unfortunate pitfalls of living life and doing business in cyberspace. Over the course of this month, we’ll be outlining CISA’s steps for staying safe online, which is a must for any business owner or working professional.
Step #1: Always Use Strong Passwords
One of the best deterrents to getting hacked is strong, unique passwords for all your logins. What constitutes a strong password? According to CISA, these passwords are long and always random, with four different types of characters, including numbers and symbols mixed with uppercase and lowercase letters.
Never use passwords anyone can guess, such as important dates, names of pets, or names of loved ones. The more random your passwords, the better. Don’t keep your password collection on a single paper location or store them in an unsecured file on your digital devices like mobile device notes or a spreadsheet. These formats create vulnerabilities for losing a paper record or theft from unauthorized access to your device.
Be sure to also have different passwords across all your logins (we know this suggestion is a real pain in the a**, but it’s necessary to keep digital pirates at bay), which will keep your information safe wherever you log in. This is where password managers become invaluable for storing (and remembering) your passwords.
Various password managers, such as LastPass, 1Password, or Bitwarden, include generator tools to create unique options, notify you of duplicates, and store them for you. Sharing features eliminate the need to routinely share login info. Of all the password managers available today, our favorite is LastPass.
Step #2: Turn on Multi-Factor Authentication
Multi-Factor Authentication (MFA), also known as Two-Factor Authentication (2FA), requires a user to authenticate their login by using two methods. The first method is often the normal user ID and password. Step two requires a unique one-time code. Who remembers carrying an RSA Secured ID key fob back in the 90’s? More modern versions of 2FA are sent via text messages or authentication apps, such as Google Authenticator, Microsoft, Athy (which offers cross-platform Microsoft-Apple-Android authentication), or LastPass Authenticator.
While text messages are quite common in MFA, they are less secure than an authentication app, and these apps will work without needing cell coverage. If you’re interested in an authentication app and wonder which one is right for you, check out this article from the NY Times with reviews of available apps. Step up your cybersecurity by transitioning to an app option for 2FA codes.
MFA comes in particularly handy if you need to login onto another device or computer that isn’t recognized by the website. Is it really you trying to login? The unique code sent via text or authenticator app proves that it is. MFA combats others trying to piggyback onto your logins to take advantage of your subscriptions, such as a child who tries to log into your Amazon or your hungry spouse who tries to login to your UberEats account.
Eager to learn more about CISA’s Cybersecurity Best Practices, visit their article on cisa.gov, and stay tuned to our upcoming posts as we continue to discuss best practices.
At Organized Instincts, our team of daily money managers will help you implement a password manager tool that’s right for you and your family. Schedule a no-obligation conversation today and learn how our team takes cybersecurity seriously.