Today is NationalPasswordDay 2018 – May 3, 2018
The following is a list of good practices designed to keep individuals and their data safe online.
- Avoid opening emails, downloading attachments, or clicking on suspicious links sent from unknown or untrusted sources.
- Verify unexpected attachments or links from known senders by contacting them via another method of communication.
- Avoid providing your email address, phone number, or other personal information to unknown sources.
- Avoid providing sensitive information to anyone via email. If you must, be sure to encrypt it before sending.
- Be skeptical of emails written with a sense of urgency and requesting an immediate response, such as those stating your account will be closed if you do not click on an embedded link or provide the sender with sensitive information.
- Beware of emails with poor design, grammar, or spelling.
- Ensure an email’s “sender name” corresponds to the correct email address to identify common email spoofing tactics.
- Never open spam emails; report them as spam, and/or delete them. Do not respond to spam emails or use included “Unsubscribe” links as this only confirms to the spammer that your email address is active and may exacerbate the problem
Passwords and Multi-Factor Authentication
Use strong passwords on all of your accounts.
- Long, complex passwords make you less susceptible to brute-force attacks.
- Use a combination of upper and lowercase letters, numbers, and special characters.
- Avoid easy-to-guess elements like pets’ names, children’s names, birthdays, etc.
To reduce the risk of account compromise, account holders should:
- Avoid using the same password across multiple accounts or platforms.
- Never share their password with anyone, leave passwords out in the open for others to read, or store them in an unsecured, plaintext file on computers or mobile devices.
- Consider using long acronyms or passphrases to increase the length of your password.
- Enable two-factor authentication (2FA) or multi-factor authentication (MFA) on all accounts that offer it. This will help prevent unauthorized access in the event of a credential compromise.
On the Web
- Ensure any websites requesting the insertion of account credentials and those used to conduct transactions online are encrypted with a valid digital certificate to ensure your data is secure. These website addresses will have a green padlock displayed in the URL field and will begin with https.
- Avoid saving account information, such as passwords or credit card information, in web browsers or browser extensions.
- Avoid using public computers and public Wi-Fi connections to log into accounts and access sensitive information.
- Consider using ad-blocking, script-blocking, and coin-blocking browser extensions, to protect systems against malicious advertising attacks and scripts designed to launch malware or mine cryptocurrency. Example: PiHole
- Sign out of accounts and shut down computers and mobile devices when not in use. Program systems and devices to automatically lock the active session after a set period of inactivity.
- Keep all hardware and software updated with the latest, patched version.
- Run reputable antivirus or anti-malware applications on all devices and keep them updated with the latest version.
- Create multiple, redundant backups of all critical and sensitive data and keep them stored off the network in the event of a ransomware infection or other destructive malware incident. This will allow you to recover lost files if needed.