October is Cybersecurity Awareness Month, but this shouldn’t be the only time you think about your online security. Ensuring your digital security is a year-round job; start small to make good security a habit. Learn about the three most important habits to start with from Oakland County Chief Information Security Officer, T.J. Fields.
Multi-factor authentication (sometimes called Two-Factor Authentication, 2FA, MFA, etc.) is a way to protect your online accounts by requiring additional information with each login – often a six digit code texted to you or a notification on your phone. It protects your accounts against hackers because even if your password is leaked or hacked, the hacker still can’t get into your accounts without that second “factor.” While it is very hard to convert all your existing accounts to MFA, we recommend enabling them in the priority order:
- Email accounts (Gmail, Yahoo, Outlook, etc.) – this is most important because this is typically the account that all other accounts will send “password reset” emails to, and thus is possibly the most important account to protect.
- Financial accounts (online banking, credit cards, retirement accounts, tax preparation accounts, etc.) – any account which has money a hacker could steal.
- Social Media (Facebook, Instagram, etc.) – social media accounts have copious amounts of your personal information, and a hacker could impersonate you to all your contacts.
- Retail / Shopping accounts (Amazon, DoorDash, etc.) – any account that has a credit card stored that a hacker could order from and have your cards charged
As you create new accounts online, check and see if you can use MFA from the start! For more information on MFA, please visit https://www.cisa.gov/mfa.
All electronic devices (computers, phones, even smart thermostats and the like) have flaws discovered in them that require they be updated (“patched”) on a regular basis. Depending on the amount of electronic devices in your house, keeping them all updated could be nearly a full-time job! How can you possibly keep up?
Enable automatic updates wherever possible – most modern devices have a setting that will allow them to be automatically patched/updated, with (at most) a prompt for you to restart the device when it is done, and convenient for you. Computers, electronic devices, and software can manage this mess for you, if you just enable them to do so on your behalf.
Good Password Practices
This wouldn’t be a security article without some advice about passwords, and this one is no different. The advice may sound familiar – a password should be a long complex series of letters, numbers, and punctuation that only you know, shouldn’t be written down anywhere, and should be changed occasionally.
In addition, you should have a different password for every website or service you use, for the following reason: if a password is leaked from one site (as happens more often than any of us would like), then that password will not work in another other site. The first step many hackers take with a leaked password list is to see if any other common accounts for that user use the same password. If you don’t use different passwords, the hackers can get into any of your accounts with just one leaked password.
However, it is simply impossible to memorize, long, complex password for every single website or service you have – so what should you do? Use a password manager to generate and store these long, unique passwords. There are free and paid options that take the burden of creating, changing, and remembering complicated passwords for all your accounts.
These three tips can help get you started down the path of developing good digital security habits. This list is by no means an exhaustive list of all you can do for your digital security, but it’s a good start! Develop these strong habits and stay tuned for more security tips.
Chief Information Security Officer T.J. Fields is responsible for managing Oakland County’s IT Security Program, including maintaining and validating an Information Risk Management Program to ensure that information assets are adequately protected. He is also responsible for identifying, evaluating, and reporting on information security risks in a manner that meets compliance and regulatory requirements.
Learn more about Oakland County’s Information Security Office at https://www.oakgov.com/it/security. Visit their Citizen Cyber Training portal for online education and online Cyber Security resources to help understand risks and be better prepared for a more secure online experience.