NDISAC Best Practices: Password Security

Dec 2, 2019 | ND-ISAC Blog

NDISAC Best Practices: Password Security

NDISAC Best Practices: Password Security

As National Cybersecurity Awareness Month (NCSAM) winds down, I’ve been thinking of what a typical user can do to help their company secure their data. Cybersecurity is a team sport, even if your company doesn’t have a dedicated security team there are many steps you can take to help secure your company’s data. And most of those steps will help protect your personal data at home too! The best tool in any security program’s toolbox is an educated user.

What are some basic, easy steps you can take to improve your corporate and personal security?

Mentality – it’s easy to think that you won’t be a target. After all, if your project were vital, your company would take extra steps to protect it right? This is a critical misunderstanding many users have – attackers will seize any opportunity to gain a foothold in your company’s network or even just to take advantage of a vulnerable user or system. Attackers are constantly scanning for security gaps to exploit and will take advantage of any they find. Be mindful of your activities online and consider what you may be doing to put yourself at risk.

The first big way to protect yourself is something I know you’ve heard about before – passwords. Talk to anyone within IT and they’ll tell you that passwords are crucial for data protection. If you’re like me however, you have dozens of logins to keep track of – from your company email to your Amazon shopping account to your kid’s school. How are you supposed to keep track of all of these passwords, let alone make sure they’re complex and regularly updated? Personally, I recommend a tool like LastPass.  LastPass is a password management system that stores all your passwords for you. LastPass can help you be more secure by generating complex, unique passwords for each website you log into. These passwords are encrypted by a single master password (the only password you have to remember!) and if you install the LastPass plugin into your browser – these passwords can be easily copy/pasted into the needed field. LastPass does store the encrypted passwords for you (and has no way to decrypt them without someone stealing your master password) but if that makes you nervous – there are great solutions that store passwords locally also. Keepass is a great example.

Having a defensive mentality and secure passwords are some of the best first steps you can take to being smarter online. In future blog posts, I will address other things you can do:

  • Physical device security – know where your device is and lock it up (physically or virtually) when it’s not in use!
  • Network connections – pay attention to what networks you connect to, it may not be as secure as you think
  • Phishing and social engineering – is that email from your great aunt or an attacker?
  • Suspicious websites – key things to look for to identify fraudulent or spoofed websites attempting to steal your information
  • Antivirus and updates – is it worth the time to download and install all those Windows updates?

Further Reading:

https://resources.infosecinstitute.com/10-crucial-end-user-security-tips/#gref
https://umbrella.cisco.com/blog/2013/10/08/top-ten-important-cyber-security-tips-users/

Resources:

https://lastpass.com/
https://keepass.info/

Submit a Comment