CYBERSECURITY BEST PRACTICES

There are simple security tips when put into practice can help us keep our computers, mobile devices, personal information, and online accounts safe when we’re browsing the internet. The following is a list of best practices used and recommended by cybersecurity professionals across the globe.

Passwords

Use long, complex passwords for all online accounts. Incorporate upper and lowercase letters, numbers, and special characters and avoid using any words that can be found in a dictionary. Also, refrain from using commonly known information such as birthdays, anniversaries, pets’ names, and children’s names. Do not reuse the same passwords for different accounts and never share your accounts’ login credentials with others. Consider using a reputable password manager to create and store lengthy, secure passwords for your accounts.

Two-Factor Authentication (2FA)

2FA, also known as two-step authentication (2SA) or multi-factor authentication (MFA), is an added layer of security requiring an additional piece of information beyond a username and password to verify someone’s identity or grant access to an account. Be sure to enable 2FA on every online account that offers it to protect against account compromise due to stolen login credentials.

Email Security:

Never download attachments or click on links embedded in emails sent from unknown or untrusted sources. If you receive an unexpected email from a known and trusted sender containing a link, attachment, or specific call to action, verify its legitimacy by contacting the sender directly using another method of communication, such as a phone call. Never provide sensitive information, such as Social Security numbers, login credentials, or bank account information, via unencrypted email. Also, maintain a healthy dose of skepticism toward any emails that are written in an urgent tone, request immediate action, or threaten the recipient with dire consequences if the sender’s demands are not met as these are likely scams designed to steal your money or sensitive information.

Surfing Security:

Make sure that any website that requires the input of sensitive information and login credentials is secure by looking for the green padlock symbol and HTTPS before the website address in the URL field of the web browser. Avoid saving data such as passwords and payment card numbers in web browsers or browser extensions as these are easy targets for hackers looking to steal your information. Do not use public computers to log into personal and sensitive accounts as they could be infected with data-stealing malware. If connecting your personal device to an unsecured public Wi-Fi hotspot, be sure to use a Virtual Private Network, or VPN, before logging into any of your any accounts. Consider using a reputable ad-blocking and script-blocking browser extension to protect your computer against malicious advertisements and other potentially malicious website components. Be sure to thoroughly research browser extensions prior to installation to help prevent downloading malicious versions of popular legitimate extensions.

Device Security:

Make sure all internet-connected devices are updated with the latest software versions and security patches. Install and run reputable antivirus or anti-malware software on desktops and laptops and keep them updated with the latest virus definitions. Create several backups of all important data and keep them stored offline and in a secure area. Be sure to change default passwords for all Internet-of-Things (IoT) devices such as security cameras, baby monitors, DVRs, internet-connected thermostats, and Wi-Fi routers immediately upon installation to prevent unauthorized access, network compromise, or malware infections.

CYBER CENTER RESOURCES

CYBERSECURITY

RESOURCES

Explore various resources provided by the NTIC Cyber Center.

ONLINE CYBERSECURITY TRAINING

Take an online course in cybersecurity.

CYBERSECURITY

INCIDENTS

Read about recent cybersecurity incidents.

The NTIC is governed by a privacy, civil rights, and civil liberties protection policy to promote conduct that complies with applicable federal, state, and local laws. The NTIC does not seek or retain any information about individuals or organizations solely on the basis of their religious, political or social views or activities; their participation in a particular noncriminal organization or lawful event; or their race, ethnicities, citizenships, places of origin, ages, disabilities, genders, or sexual orientations. No information is gathered or collected by the NTIC in violation of federal or state laws or regulations.