Take one look at the news today and you're bound to see several articles about companies who have been hacked, or how one of the largest providers of Internet accounts has suffered a major data breach and millions of account passwords were leaked - including yours!
It seems inevitable that your account is going to get compromised sooner or later, and there will be plenty of blame to go around. Some of it may even fall on your shoulders. Truth is, you can take the steps necessary to protect yourself from the worst of it. The good news is, it's easy to do.
As New York City IT Consultants, Techromatic often works with companies who call us because of problems with IT Security, including Internet fraud, network security, endpoint security, and more. In fact, just last month a company we know narrowly escaped a serious case of CEO fraud where a perpetrator attempted to authorize a wire transfer and almost succeeded.
Implementing at least a minimum level of protection is common sense for both businesses and individuals.
TIP # 1 - Use unique passwords EVERYWHERE!
You must use unique passwords for each site you keep an online account with. This sounds impossibly difficult to track, so most people dismiss it as impractical. And it is not ok to employ the horrendous practice of using a variant of a single password and thinking that's good enough. It’s not.
Sure, if you use unique passwords for everything you won't be able to remember each password for each site. That’s sort of the point. And you don't have to!
Fortunately, there are a variety of great password management tools out there to choose from. Some are free, some cost $$. Some are for companies and teams, others are for individual use. Two of our favorites are 1Password and LastPass.
Using a password manager means you only need to remember 1 password. (so it better be strong and you better not lose it!). Email us and we'll be happy to help you select one that is right for you.
Quick sidebar about how Password Managers work:
Frontend: You install an app on your phone and your computer. A big part of this is installing the browser extensions for the web browsers you use. This adds a button for the program right next to your address bar.
When you visit a website you want to log onto, you simply click the button and it automatically fills in your username and password for you. Easy-peasy. And way better than lifting up your mattress to get that paper password sheet you keep hidden away.
Backend: Password managers store little encrypted databases of your credentials that are secured with your 1 master password. You set up the master password when installing the software on your computer. You can use a cloud service like Dropbox or iCloud to store this ‘vault’ so that it can be accessed by your phone and computer at the same time, thus enabling the vault to exist in sync on both devices.
TIP # 2 - Enable Multi-Factor Authentication on all sites that allow it
How else can you protect yourself if your password still gets stolen? Well, that's where Multi-factor authentication comes in. Imagine if each time you log onto a website you have to enter a code you get from your phone. I bet you're already familiar with this. Well, this added step will certainly keep out everybody who doesn't have access to your cell phone, even if they do have your account password.
You can usually find the settings to turn on this feature (sometimes called 2-Factor Authentication or 2FA) in the settings for your account. Here are 3 links to get to the 2FA settings pages for some common services. If you use these service, please turn 2FA on now! If not, search for “2fa” and the name of the website and you should find how to enable it for that site.
Gmail Dropbox Evernote
There are also a number of phone apps that can centralize authentication for a better 2FA experience, but we'll save that for another article. For now it’s sufficient to set things up to just send a text message to your phone, which is the most basic way to enable multi-factor authentication.
So, I hope you see how the first tip prevents the damage to your identity from spreading if/when a single site’s password gets stolen. The second tip protects you even if a bad guy gets that password.
You can’t stop your bank from being hacked. But between these 2 tips, you do your part in maximizing your protection.
And remember, if you are responsible for Information Technology at a company, these steps are even more important! Enable and enforce them for your entire team!
Bottom line, it's dangerous out there.
Employ these 2 simple tactics to easily protect yourself and your business!
We're here to help: 212-335-0044
Please click here and sign up for our newsletter