Cyber Security Challenge Level 4: Always enable multi-factor authentication

Welcome to the level up your cyber security in October program courtesy of integrity first Corporation. 

We’re on level four, the final week, which is enabling multi-factor authentication, or you might know it as two factor authentication. 

Now in computer security an authentication factor is anything you use to authenticate yourself with a system. Using a password is the most common type of authentication. With multi factor authentication, MFA, or two factor authentication 2FA, you use two or more different factors to log in. 

One example is a password and a verification code sent to your smartphone. This is something that’s really common whenever you sign into banks. This is an extra layer of security. So even if one of your factors is stolen, like your password, the hacker doesn’t have access to the other authentication factor like your phone. 

This stops them from accessing your account. As more and more organizations implement multi-factor authentication to strengthen their security practices, you might encounter different types of authentication factors. 

There are three different types you might be asked to provide. So something you know, which are passwords and security questions. Something you have, such as a verification code on your phone or a key card or something you are such as biometrics, like your fingerprint or a scan of your face. The more factors you use, the better your security. 

Having a combination of authentication factors is an even better way to keep your data protected. 

If you have any questions about any of these levels, please contact integrity first Corporation for help.

Cyber Security Challenge Level 3: Update Often

Welcome to level up your cybersecurity in October program from integrity first Corporation. It’s week three, and we’re going to talk about updating your software and the importance of it. 

Hackers can exploit vulnerabilities in unpatched software. When new software updates come out to the public, it allows everyone, especially hackers, to learn about the weaknesses that were there and take advantage of them. 

Public Knowledge of those holes leave you and your organization as easy prey. So what should you do? You should update or patch your software. That makes you less vulnerable to security risks. If an update becomes available on your device, update it properly. Better yet, enable your phone, desktop, laptop to auto update, which will automatically install anything security wise that you might need automatically as soon as it’s available to you. 

In the case of a Red Cross breach as an example, they did not install an update fast enough and gave hackers access to over 50,000 people’s data. This is just one example of many malicious software attacks that happen every day and a perfect reason why you should update your software.

Join us next week for level four!

Cyber Security Challenge Level 2: Passwords – Long, Unique and Complex

Welcome to integrity first Corporation, cybersecurity in October program. In week two, we are going to discuss using strong passwords and perhaps a password manager. 

To create a strong password, there are a few tips and tricks to remember. The reason that you want a strong password is it’ll help you keep your data secure. In fact, according to IDtheftcenter.org studies have found that a passwords guessability by hacking software decreases exponentially with every additional character. 

Creating something that’s easy to remember, but hard to guess is key to a successful password. 

Perhaps you’ll want to incorporate a favorite song, a favorite quote, your favorite sports player into a password and it becomes more complex and difficult to guess. You’ll want to make sure that it’s at least 12 characters long, has uppercase and lowercase letters in it, has at least two numbers, and it has at least one symbol in it. 

One thing that I commonly suggest is use the lyrics to one of your favorite songs like flymetothemoon!12 or something along those lines. You want to make sure that it’s something that might be a little bit more difficult for someone to perhaps put in, guess, or even have machine learning guess. 

The other thing is, you’ll want to have a unique password for each account. 

The average American has over 90 passwords. So one thing that you’ll want to do or look into is a password manager app that can help you remember your passwords. A password manager is basically a secure vault for all of your passwords. Basically like a glorified post-it note that sticks on your computer, but a lot more secure. 

You only have to remember the one password to get into your Password Manager app, which will allow you and your computer to access the rest of your passwords for all of your logins. 

Typically, depending upon the application that you purchase, you can access these passwords on your phone, tablet, laptop or desktop. This also means you can and should create different passwords for every single online account that you have. This should keep you ahead of any hackers.

Let INF know if you have any questions and join us next week for Level Three.

Cyber Security Challenge Level 1: How To Spot A Phishing Email

Welcome to integrity first corporations cyber security in October program. Week one, we’re going to talk about recognizing and reporting phishing. 

A few quick facts: cybercriminals sent over 3.3 billion phishing emails last year. This caused over 4000 data breaches then exposed over 22 billion personal records. 

But it’s not enough to know that phishing emails are out there. You also need to be able to recognize them and report them. 

So today, we’re just going to quickly review a few of the highly used phishing email types and tactics. 

The first type is a reward or a free gift message. Free things are really enticing, but they can also be dangerous. If you get an email saying you won a free TV or click here to enter a prize drawing, you need to be on high alert. Hackers are definitely trying to bait you into clicking a malicious link. 

The second type is a login or password message. Another type of phishing email will ask you to verify your account by logging into a fake web page or updating your credentials on this fake web page. These emails will collect your username and password which gives a hacker instant access to your account. 

A third phishing email type is an urgent message. An urgent message email is designed to get you to act fast. It might tell you that your account was hacked or it’ll be deactivated; click here to restore it. Fear makes people do things without thinking, so slow down and make sure that this urgent message is from who you think it’s from. 

The final type of common message is internal messages. This type of phishing is also called spoofing. Hackers will try to impersonate or spoof people at your company, like your HR rep, somebody in your IT department, or maybe even a co-worker. An internal phishing message email might ask you to click on a link to read and sign a policy, read a new document about company wide updates, or even handover sensitive information via purchase. 

If you think you’ve encountered a phishing email, you need to follow your company’s procedures for recording it. Once the right people are notified, they can help you to determine if it’s a phishing email. Whatever you do, do not click on the links, don’t reply to the email and don’t send it to anyone else.

We’ll see you next week for Level Two.