Enable Multi-Factor Authentication
Also known as two-factor authentication and two-step verification. Multi-factor authentication, or MFA, is a security measure that requires anyone logging into an account to navigate a two-step process to prove their identity. It makes it twice as hard for criminals to access an online account.
By adding one more simple step when logging into an account, multi-factor authentication greatly increases the security of your account. Just like logging into your account, the first step is giving your password or passphrase. The second step is to provide an extra way of proving that you’re you, like entering a PIN code or texting/emailing a code to your mobile device, or accessing an authenticator app.
MFA can include:
- An extra PIN (personal identification number)
- The answer to an extra security question like, “What’s your favorite pet’s name?”
- An additional code either emailed to an account or texted to a mobile number
- A biometric identifier like facial recognition or a fingerprint
- A unique number generated by an “Authenticator App”
- A secure token, which is a separate piece of hardware (like a key fob that holds information) that verifies a person’s identity with a database or system
Not every account offers MFA, but it’s becoming more popular every day. It’s seen on many accounts that usually hold either valuable financial or personal information like banks, financial institutions, online stores, or social media platforms. Any place online that is storing your personal information (especially financial information), or any account that can be compromised and used to trick or defraud someone else should be protected with MFA.
View the Multi-Factor Authentication Tip Sheet for more information.
Use Strong Passwords
Creating, storing and remembering passwords can be a pain for all of us online, but the truth is that passwords are your first line of defense against cybercriminals and data breaches. With a few moments of forethought today, you can stay safe online for years to come.
No matter what accounts they protect, all passwords should be created with these three guiding principles in mind:
- Long – Every one of your passwords should be at least 12 characters long.
- Unique – Each account needs to be protected with its own unique password. Never reuse passwords. This way, if one of your accounts is compromised, your other accounts remain secured. We’re talking really unique, not just changing one character or adding a “2” at the end. None of your passwords should look alike.
- Complex – Each unique password should be a combination of upper-case letters, lower-case letters, numbers and special characters.
Update Software
One of the easiest ways to keep your information secure is to keep your software and apps updated. These updates fix general software problems and provide new security patches where criminals might get in. You can be sure the bad guys are always looking for new ways to get to your data through software, so updating your software is an easy way to stay a step ahead.
When downloading a software update, only get it from the company that created it. Never use a hacked, pirated or unlicensed version of software. These often contain malware and cause more problems than they solve.
Software from legitimate companies usually provide an option to update your software automatically. When there’s an update available, it gives a reminder so you can easily start the process. If you can’t automatically update it, remind yourself to check quarterly if an update is available.
Recognize and Report Phishing
Phishing is when criminals use fake emails, social media posts or direct messages with the goal of luring you to click on a bad link or download a malicious attachment. If you click on a phishing link or file, you can hand over your personal information to the cybercriminals. A phishing scheme can also install malware onto your device.
Fortunately, it’s easy to avoid a scam email, but only once you know what to look for. The signs can be subtle, but once you recognize a phishing attempt you can avoid falling for it. Before clicking any links or downloading attachments, take a few seconds and ensure the email looks legitimate.
Here are some quick tips on how to clearly spot a phishing email:
- Does it contain an offer that’s too good to be true?
- Does it include language that’s urgent, alarming, or threatening?
- Is it poorly crafted writing riddled with misspellings and bad grammar?
- Is the greeting ambiguous or very generic?
- Does it include requests to send personal information?
- Does it stress an urgency to click on an unfamiliar hyperlinks or attachment?
- Is it a strange or abrupt business request?
- Does the sender’s e-mail address match the company it’s coming from? Look for little misspellings like pavpal.com or anazon.com.
If you see a phishing email at the office and the email came to your work email address, report it to your IT manager or security officer as quickly as possible.
View the Phishing Tip Sheet for more information.
At Mauser Packaging Solutions, our IT Security team provides the framework for a cybersecure company through trainings, protocols and monitoring but the diligence of every employee is required to protect against cyber threats. During the month of October, take time to evaluate your cyber activity to ensure you are doing your part to keep yourself and our company safe. Cybersecurity is the responsibility of everyone.