Security Best Practices for the Everyday Joe

Security Best Practices for the Everyday Joe

Security is convoluted. Security tips should not be.

To be an expert takes many years of training. It takes countless hours of experience to ensure that you take into account and understand everything that can go wrong.

But for the Everyday Joe, that amount of time and commitment is an unrealistic expectation. That’s why we're bringing you three simple security tips that everyone should follow.

1: Use Multi-factor Authentication

Multi-factor authentication is a security practice in which a user is granted access to a website or application only after successfully presenting two or more pieces of evidence (factors) to an authentication mechanism.

When MFA (also known as 2FA) is enabled on a website or application, the user logs in with their username and password as the first type of authentication (something you know) and then they’re prompted for a second form of identification (something you have).

Typically, this second form of identification is a randomly generated key that is presented on either a mobile app (like Cisco Duo, Google Authenticator, Authy, etc.) or a physical hardware token, such as an RSA SecurID token.

MFA makes all of your logins monumentally harder to hack, keeping your data safe.

2: Create Strong Passwords

Passwords are often the only barrier between you and your personal information. There are several programs attackers can use to help guess or "crack" passwords. However, choosing strong passwords and keeping them confidential can make it more difficult for others to access your information.

Password reuse is a big problem. One stolen password often means the attacker can access a slew of different accounts. When creating a strong password, you will want to create a password using a combination of words, numbers, symbols, and both upper and lower-case letters. You also do not want to choose passwords based upon details that may not be as confidential as you would expect such as your birth date, your social security or phone number, or names of family members.

The easiest way to maintain strong passwords and use a different password for every site is to use a password manager. A password manager allows you to randomly generate and store different passwords for every site you log in to. There are several different password managers out there like 1Password, Bitwarden, Dashlane, Keeper, and LastPass.

3: Just Hang Up

There has been an increase in phone scams over the past few years. I’m sure you’ve received the dreaded “We’ve been trying to reach you about your car’s warranty…” calls at all hours of the night, or the friendly Microsoft engineer calling you about a technical issue with your computer, or even the refund scam.

These types of scams look to take advantage of the elderly and other unsuspecting users. Regardless of which “company” is call you, do not give any personal information or access to your computer. Once a “technician” has access to your computer, they tend to steal your information, browse your bank accounts, and install backdoors so they can connect to your computer again later.

The easiest way to protect yourself from these types of scams is to just hang up.

This post was contributed by Eric Grimm, our Service Operations Manager. Eric is a Certified Ethical Hacker, holds a Masters Degree in Cybersecurity, and has multiple Cisco Security certifications.