Best Practices & Keeping You Safe

Passwords

• Complexity

  • Measure of how difficult a password is to guess in relation to any number of guessing or cracking methods.

  • Uppercase letters, lowercase letters, base 10 digits (0 through 9), special characters (~!@#$%^&*_)

  • Nonsensical, non-dictionary-based, and has not been used previously.

  • Passwords should have at least 12 characters.

• Rotation

  • If you use the same password for all your accounts, if one gets hacked, you should assume the others will be as well.

  • Regularly updating your passwords means that even if someone finds an old or saved password, it will no longer be useful, and your data will be secure

  • As annoying and time consuming as this is, it will save you! Personally, I recommend changing your passwords AT LEAST every six months.

Two-Factor Authentication (2FA)

• Providing two different authentication factors to verify yourself.

  • A password/PIN + code sent to your phone.

  • A password/PIN + form of biometrics (face scan, finger print, or retina scan).

Social Engineering

• At its root, social engineering is a range of malicious activities accomplished through human interactions. It uses psychological manipulation to trick users into making security mistakes or giving away sensitive information.

• Recognizing types of social engineering:

  • Phishing - sending fraudulent communications that appear to come from a reputable source.

  • Pretexting - asking certain information, stating that it is needed to confirm the victim's identity.

  • Baiting - using false promises to lure a victim into a trap which may steal personal information.

  • Quid Pro Quo - characterized by a “give and take” exchange. It means something for something.

  • Tailgating - closely following an authorized person into a restricted access area.