By Joe Howland, chief information security officer, VC3
Many cybersecurity best practices and tips often fall to an IT resource to implement. Even basic tools such as antivirus, antispam, or software patching should be overseen by IT professionals.
But let’s strip all that away for now. What are some tips that you can do today? Here are a few that will make a huge impact, even if they don’t seem like a big deal on the surface.
1. Change your password.
Simply changing your password to a passphrase (a very long phrase that’s easy for you to remember but nearly impossible for hackers to guess) or a complex password (a long password full of letters, numbers, and special characters) can improve your cybersecurity and decrease the risk of a hack.
2. Turn on multi-factor authentication whenever possible.
Many common applications now offer the option of setting up multi-factor authentication (MFA), the process of adding another layer of protection to your security in addition to a username and password. For example, MFA may require you to first enter your username and password as normal. Then, you will get a code to your phone and input that code into a field that appears after you log in.
3. Clean off your desk.
What does desk cleanliness have to do with cybersecurity? An often-overlooked way that an attacker can steal a password is by seeing it on a desk. A disgruntled employee or unescorted guest wandering through your building could take a phone picture of your sticky notes and use the password later to break into your systems. Find another way to remember your passwords other than publicly viewable sticky notes on your desk.
4. Be skeptical about suspicious emails, links and attachments.
95% of successful attacks during the past two years began in an email — a person clicking on a malicious link or attachment. If you are too trusting, you must become more skeptical. Be aware of
- the sender’s email address,
- the links,
- the spelling and grammar,
- the urgency, and
- the context.
5. Do not download software and apps that are not trusted or authorized by your organization.
Innocent-seeming apps such as music players, barcode scanners, flashlights, games, voice recorders, timers, and “cleaners” (that say they will clean junk off your computer or phone) are sometimes bundled with malware or adware. Stick to default software and applications on your computer, use software and applications provided by your organization, and only use additional software or applications if they are 100% trusted (like Google, Amazon or other major brands).
Joe Howland is the chief information security officer at VC3, the Municipal Association’s technology partner.