With the holidays just around the corner, most people are turning their attention to turkey, presents, and long drives to visit friends and family. As a cybersecurity professional, I always see this as the Season of Spoofing, where bad guys send you convincing emails about packages left on your doorstep, and gift card balances you’ve left behind, all with the goal of stealing your credentials, like some overseas Grinch who doesn’t want you to get any presents.
So, in the spirit of giving, I’d like to kick off this holiday season by giving you three easy steps that you can take towards avoiding the Grinch this year.
Step 1: Better Passwords
I’m sure we’ve all heard the speech: Password must be 8+ characters in length, contain a letter, number, special character, and must be changed every 90 days. But did you know that even those are often easily guessed? And even worse, they’re often used on multiple accounts, creating a domino effect. If one is compromised, they’re all compromised.
So, consider using a password manager such as LastPass or RoboForm to generate secure passwords, that are unique to every website. This will make your passwords significantly more secure.
Step 2: Security Awareness Training
Now that we have better passwords, let’s make sure we keep them to ourselves! We can do that by training employees how to spot malicious emails, and what to do when they’re found. And more importantly, put that training to the test! A system that sends harmless emails to your employees to trick them into clicking a suspicious link will let you know who “gets it”, and who needs a little extra help.
Step 3: Multi-Factor Authentication (MFA)
I saved the best for last. Sometimes referred to as “two factor authentication”, MFA is a fantastic strategy for keeping your data secure. Every time there’s a login from an unexpected computer or location, you’ll be notified and prompted to either allow or deny the login, from an app on your phone (which is also protected by a passcode, right?).
If you’re using Office 365 for your email, you already have the ability to turn on MFA. It does take a little work to get up and running, but once configured, we’ve found that folks love the peace of mind that comes with this level of security.
Now, it wouldn’t be Thanksgiving if I didn’t give you something, right? So, here’s my gift for you, to help you get started with Step 1. Complete the contact form on the sidebar during the month of November and we will provide you with a Weak Password Report, for free! This will show you any weak or non-expiring passwords that are used on your network and start you on the path to better security.