-
Enable Multi-Factor Authentication – Enable multiple-factor authentication (sometimes called two factor authentication) across all accounts that support it. This single step is one of the best ways to reduce the risk of an account being hacked. Start with your highest priority accounts such as email, banking, health, password managers, and social media profiles. Not all accounts do, but if an account or service offers this option, enable it.
Here’s how it works. Just like logging into your account, the first step is giving your password or passphrase. The second step is to provide an extra way of proving that you’re you, like entering a PIN code or texting/emailing a code to your mobile device, or accessing an authenticator application. - Use Strong Unique Passwords on all accounts and a Password Manager – Longer passwords are stronger passwords. You can try using a passphrase or combination of words to make it memorable. Complex passwords utilize letters, capitalization, numbers, and characters to make them harder to compromise. Use a unique password on all your accounts, these multiple long complex passwords can be easily created and managed by a password manager that you protect with multi-Factor authentication.
- Update Your Software – Always keep your software updated when updates become available and don’t delay. These updates fix general software problems and provide new security patches where criminals might get in. You can be sure the bad guys are always looking for new ways to get to your data through software, so updating your software is an easy way to stay a step ahead.
When downloading a software update, only get it from the company that created it. Never use a hacked, pirated, or unlicensed version of software (even if your friend gave it to you). These often contain malware and cause more problems than they solve.
Software from legitimate companies usually provides an option to update your software automatically. When there’s an update available, it gives a reminder so you can easily start the process. If you can’t automatically update it, remind yourself to check quarterly if an update is available. Maybe you’ve seen these pop-up windows when visiting a website or opening software that urgently asks you to download something or fill out a form? These are always fake and should not be followed. A browser will only warn you not to move forward or stay on a specific web address because it might not be secured, or it could contain malware. -
Recognize and Report Phishing - Phishing is when criminals use fake emails to lure you into clicking on them and handing over your personal information or installing malware on your device. It’s easy to avoid a scam email, but only once you know what to look for. Here are some quick tips on how to clearly spot a fake phishing email:
- Contains an offer too good to be true
- Language that is urgent, alarming or threatening
- Poorly crafted writing with misspellings or bad grammar.
- Greetings that are ambiguous or very generic.
- Requests to send personal information.
- Urgency to click on an unfamiliar hyperlink or attachment.
- Strange or abrupt business requests.
- Sending e-mail address does not match the company it is coming from.
What do I do?
Don’t worry, you’ve already done the hard part which is recognizing that an email is fake and part of a criminal’s phishing expedition.
If you’re at the office and the email came to your work email address, report it to your IT manager or security officer as quickly as possible.
If you’re at home and the email came to your personal email address. Do not click on any links (even the unsubscribe link) or reply back to the email and JUST DELETE IT. You can take your protection a step further and block the sending address from your email program, too.
Some email platforms let you report phishing attempts. If you suspect an email is phishing for your information, it’s best to report it quickly.