Data security - Secure Your Data
How to set strong passwords, examples of strong passwords, and the common passwords. How can you recognize malicious links in your email? Read on the important of setting up multi-factor authentication.
Credit: Adobe Stock
As we end the month of October, it is important to note that it is Cybersecurity Awareness month. The Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA) have made it their mission to lead a collaborative effort between the government and cyber stakeholders to raise IT security awareness, locally and internationally. This year, the theme is See Yourself in Cyber.
If you are not familiar with Information Technology (IT), the term Cybersecurity may sound like a new frontier. However, by getting to know the concept, you will learn it is simple and easy to comprehend. Furthermore, you are encouraged to be part of the cyber awareness campaign and ensure that you are cyber-safe.
Being online exposes us to cyber criminals whose primary intent is to commit fraud, identify theft, and even harass others. As we connect to the internet, at any location, using any device, we must take steps to ensure that our presence and data are secure online.
But what actions can you take to be safe online?
1. Strong Passwords
We have multiple passwords for the many accounts on our devices and various websites and applications that we access. A password helps prevent unauthorized users from accessing your devices and even your data. However, a password, despite being secret, can be guessed (or cracked using software tools), which puts your devices and data at risk.
a) Use Stronger Passwords
A solution is to use stronger passwords. What is a strong password? Most accounts require us to set our very own passwords using letters, numbers, and special characters. To set a strong combination of these characters to create a strong password. Also, ensure that your password has at least 8 characters.
Look at the passwords below:
jacksonville - Weak password
jack5onv1ll3 - Good password
JACk5onv1Ll3 - Strong password
JACk5@Nv1Ll3# - A Very strong password
Examples of Strong Passwords
Here are more examples of strong passwords:
@JULius99##
ANGelA##25@@
##BeNArD8925
BE.TH##8921nelLY
b) Avoid Common Names and Passwords
Although the temptation is high, avoid using your information as passwords for your accounts. This information includes your identification number, official names and nicknames, birthday, pet names, birth town, and year of birth. Also, avoid common numbers and words as your passwords. Some common passwords are password (yes, the very same name), qwerty, abc123, 0000, 1234567, password123, password1 among others.
Common Passwords
password
qwerty
qwerty123
abc123
0000
1234567
111111
password123
password1
c) Avoid Re-using Passwords
We all have many accounts, however, avoid re-using your passwords. Creating one strong password and re-using it to log in to your bank portal, social media account (s), community website, and school portal beats the purpose of a strong password. If you have many accounts, use a password manager which can help encrypt and store the passwords for you.
d) Change Passwords Often
Further, have a habit of periodically changing your passwords after a certain time, or when you suspect that a password has been compromised. When changing your password, avoid recycling old passwords. You can use online password generators to generate strong passwords.
e) Avoid Writing Passwords
Avoid writing down your password. We understand that cyber security experts put too much trust in us, without the thought that we have tens of accounts to consider. What do we do to make it easy, especially in a work environment? We come up with a strong password, scribble it on a sticky note, and put it away on our desks. There is only one problem with that action. Anyone can see your password, making it far worse than the weakest of passwords.
2. Don't Click Suspicious Links
You receive that email informing you that your account with ABZ Bank has been debited $399 for a service or product you did not order. The email instructs you to click a link to cancel the order. You quickly think to yourself, “I definitely need to cancel this order” But wait… Observe the email and its content a little longer and look for signs that it might be a fake might actually be a phishing email. There are small tell-tale signs that can indicate a red flag in that email:
The email is sent from a public domain such as Gmail, Yahoo, and such. Legitimate organizations usually send emails from their own domains and email accounts such as support@abzbank.com and not abzbank@gmail.com.
Email address does not match the content of the email. For instance, you are sent the message above about the debit. On observing the source of the email, you see it as yerky.65calment7@gmail.com, then that email is most probably a phishing email.
The domain name in the source email address is misspelled. In this case, the email might be support@abzsbank.com. The domain abzsbank.com is not legitimate if your bank's domain is abzbank.com
There are consistent mistakes in the body of the email. Phishing emails are sent to hundreds if not thousands of email addresses with malicious intent. Grammar is not a priority for malicious actors. We do not state that any emails with grammatical errors are phishing emails; however, you should take extra care when engaging with those emails.
It has already been flagged by your email service provider. Email service providers such as Gmail have employed sophisticated tools to help scan your emails for malicious intent. Once an email is flagged, it is placed in the spam folder. However, we have seen cases where legitimate emails have been flagged as Spam and suspicious emails have not been flagged. In this case, it is your responsibility to determine the legitimacy of the email before engaging with it.
The email has a sense of urgency and suggests immediate action. Malicious actors know that the longer you think of something, the clearer it will become. Phishing emails often have the 'act-now-or-else' tone. At that moment that you are panicking, that is when you will click a link that will execute other instructions and not cancel the non-existent order,for it was all a fake. Clicking harmful links may direct you to prohibited web pages, install malware, adware, and ransomware on your devices, or capture sensitive information. This action will be the start of a painful journey characterized by identity theft, fraud, spying, and blackmail, among others.
Please note that we do not imply or purport that all emails that have the above features are phishing emails, however, exercise extra caution when interacting with such emails. If you are unsure about an email, retrieve the contacts of the legitimate business and seek further information. At all costs, avoid using the contacts provided in the email, as most probably, the malicious actors are targeting just that.
3. Update Software and Applications
The software applications we use often send notifications concerning available updates. When that notification is shown, act promptly. Better yet, you can enable automatic updates on the software applications. Common applications such as Microsoft Windows 10, Google Chrome, Mozilla Firefox, and others can be manually checked for available updates. Fundamentally., if you are a heavy internet user, ensure that your browsers such as Google Chrome on the web and applications on mobile are always updated to the latest available version.
4. Enable Multi-Factor Authentication (MFA)
Whereas passwords serve as a protection layer to your accounts, adding a multi-factor authentication (MFA) option to your accounts adds a significant layer of protection to those accounts. Multi-factor authentication (MFA) allows one or more authentication pieces are presented during login in addition to the password. The most common MFA are an authentication email, fingerprint, facial recognition, or a short text to your phone number. A more complex MFA is where a hardware device is used as a secondary authentication factor. With the additional MFA, a malicious actor will have to possess all authentication factors to successfully hack into your account or device.
5. Enable Notifications
Notification and alerts are important online security features. Different applications send alerts when certain events are triggered. For instance, for your banking account, you can set an alert when a debit or credit is made to the account. Further, an alert can be sent to you if a login is made. Google's Gmail sends an alert to an official email when a login is made from an unfamiliar device.
There are many reasons your information might be compromised. It is your responsibility to ensure that your information is safe from malicious actors. It is always a good idea to identify your most sensitive accounts and take extra precautions when interacting with them.
... In conclusion
In a nutshell, remember to set strong passwords for your accounts, pay extra attention to emails to avoid phishing attempts, update your software, enable multi-factor authentication (MFA), and enable notifications if they are available in your accounts.
