Digital Hygiene Series: Must-Have Practices for Stronger Online Security
So far in our Digital Hygiene Series, we have focused on keeping your systems neat and orderly. However, the most important component of digital hygiene includes practices for stronger online security. A security vulnerability can quickly wipe out all the benefits of good digital hygiene. In this last article of our series, you will learn five vital practices that you can leverage to better secure your systems and accounts and protect your data and identity.
1. Enable MFA on All Accounts
If you only take away one thing from this entire article, make it this: MFA is the single most important security feature you need. MFA (multi-factor authentication) is a second layer of authentication you set up on your accounts so that after you supply your username and password, you supply another form of authentication. This can be a code sent to you in a text message or a push notification to your mobile device. This way, if a hacker does get their hands on your password, they are still unable to log into your account because they don’t have this second layer of authentication. Many services, like banks and insurance companies, require MFA when you establish your account. As someone who cares about your security, you should not only set up MFA on those accounts where it is required, but you should also seek out MFA on new accounts you create even when they don’t require it.
2. Use Strong Passwords
Simple passwords are easier to crack, so if you use passwords that are short and contain all lowercase letters, you run a high risk of having your accounts compromised. Complex passwords generally contain a combination of lowercase, uppercase, numbers, and symbols, and adhere to a minimum number of characters. Different sources give different recommendations for minimum password length. I recommend at least 16 characters, but the longer the better. You should also avoid using words or phrases that are easy to guess, such as your initials, the current year, or your birthday.
3. Use Unique Passwords
In addition to making sure all your passwords are complex enough, you should also never repeat the same password on more than one account. The simple reason is that if your password is compromised once, the attacker now has access to all your accounts that use that password. Ideally, your passwords would not even be similar, like adding an exclamation point, or using the same word or phrase but using all lowercase in one password and all uppercase in another. Minor differences are still easy for an attacker to guess.
4. Use a Password Manager
Using passwords that are both complex enough and entirely unique from one another is a huge challenge. A password manager program, such as LastPass or RoboForm, can help tremendously. These programs allow you to store your passwords for all your different accounts so that you don’t necessarily have to remember them. Then, the password manager can input your passwords and log in to your accounts when you need them. Additionally, some password managers offer other features, like health checks that scan all your passwords and alert you on things like repeated passwords or passwords that have not been changed for a long time. Keep in mind: you MUST ensure your password manager is protected by a highly complex password as well as multi-factor authentication.
5. Monitor the Dark Web
The dark web is a part of the Internet that is not indexed by search engines and can generally only be accessed by special programs or browsers. The dark web is most infamous for the criminal activity that takes place there. One form of criminal activity is the resale of compromised data, which means that if your data (including passwords) somehow get breached, they may be available to bad actors on the dark web. There are services you can use to run scans on the dark web to find out if your email address or username is associated with any data breaches. Then, you should immediately change your password or take whatever measure is appropriate to secure your data. Some services can run scans for you automatically and alert you when a threat is found. If you are part of an organization, your administrator or IT provider should be running these dark web scans for you.
Incorporating these practices will go a long way in strengthening your digital hygiene. They will serve as an important first line of defense against new and changing digital threats like malicious emails, social engineering, phishing, and more. Most data breaches are caused by human error, so it’s important to have good security practices in place and remain vigilant in order to protect ourselves as much as possible.
Could your organization benefit from a thorough review of your security practices? If so, please don’t hesitate to reach out to us to schedule an initial conversation. We would welcome the opportunity to learn more about your business and how we can help.