Welcome to integrity first Corporation, cybersecurity in October program. In week two, we are going to discuss using strong passwords and perhaps a password manager. 

To create a strong password, there are a few tips and tricks to remember. The reason that you want a strong password is it’ll help you keep your data secure. In fact, according to IDtheftcenter.org studies have found that a passwords guessability by hacking software decreases exponentially with every additional character. 

Creating something that’s easy to remember, but hard to guess is key to a successful password. 

Perhaps you’ll want to incorporate a favorite song, a favorite quote, your favorite sports player into a password and it becomes more complex and difficult to guess. You’ll want to make sure that it’s at least 12 characters long, has uppercase and lowercase letters in it, has at least two numbers, and it has at least one symbol in it. 

One thing that I commonly suggest is use the lyrics to one of your favorite songs like flymetothemoon!12 or something along those lines. You want to make sure that it’s something that might be a little bit more difficult for someone to perhaps put in, guess, or even have machine learning guess. 

The other thing is, you’ll want to have a unique password for each account. 

The average American has over 90 passwords. So one thing that you’ll want to do or look into is a password manager app that can help you remember your passwords. A password manager is basically a secure vault for all of your passwords. Basically like a glorified post-it note that sticks on your computer, but a lot more secure. 

You only have to remember the one password to get into your Password Manager app, which will allow you and your computer to access the rest of your passwords for all of your logins. 

Typically, depending upon the application that you purchase, you can access these passwords on your phone, tablet, laptop or desktop. This also means you can and should create different passwords for every single online account that you have. This should keep you ahead of any hackers.

Let INF know if you have any questions and join us next week for Level Three.

Welcome to integrity first corporations cyber security in October program. Week one, we’re going to talk about recognizing and reporting phishing. 

A few quick facts: cybercriminals sent over 3.3 billion phishing emails last year. This caused over 4000 data breaches then exposed over 22 billion personal records. 

But it’s not enough to know that phishing emails are out there. You also need to be able to recognize them and report them. 

So today, we’re just going to quickly review a few of the highly used phishing email types and tactics. 

The first type is a reward or a free gift message. Free things are really enticing, but they can also be dangerous. If you get an email saying you won a free TV or click here to enter a prize drawing, you need to be on high alert. Hackers are definitely trying to bait you into clicking a malicious link. 

The second type is a login or password message. Another type of phishing email will ask you to verify your account by logging into a fake web page or updating your credentials on this fake web page. These emails will collect your username and password which gives a hacker instant access to your account. 

A third phishing email type is an urgent message. An urgent message email is designed to get you to act fast. It might tell you that your account was hacked or it’ll be deactivated; click here to restore it. Fear makes people do things without thinking, so slow down and make sure that this urgent message is from who you think it’s from. 

The final type of common message is internal messages. This type of phishing is also called spoofing. Hackers will try to impersonate or spoof people at your company, like your HR rep, somebody in your IT department, or maybe even a co-worker. An internal phishing message email might ask you to click on a link to read and sign a policy, read a new document about company wide updates, or even handover sensitive information via purchase. 

If you think you’ve encountered a phishing email, you need to follow your company’s procedures for recording it. Once the right people are notified, they can help you to determine if it’s a phishing email. Whatever you do, do not click on the links, don’t reply to the email and don’t send it to anyone else.

We’ll see you next week for Level Two.

The week of June 7^th may have seen the biggest release of hacked data ever published to the dark web.  Hackers publicly released over 8 billion username and password combinations!

A 100GB list of data assumed to be stolen during various hacks was posted to a popular hacker forum.  This is now being referred to as the “RockYou2020” list.

Want To Check To See If You Were A Part Of This?

Check here to see if your data was part of this dump: https://cybernews.com/personal-data-leak-check/

To use this tool, all you must do is enter your email or phone number.  The tool can safely access the hacked username and password combinations on the dark web.  It will let you know if your data is found.

What To Do If Your Data Was A Part Of The Released Data

If the tool tells you that your data was compromised, you should start mitigation steps immediately.  Go to every account that uses the exposed username/password and change the password.  Be sure to use different passwords for each account that are considered to be “strong”.

Want to know what makes a strong password?  A rule of thumb is to create a password that has the following 6 characteristics:

1. More than 12 characters
2. Contains at least 1 uppercase character
3. Contains at least 1 lowercase character
4. Contains at least 1 number
5. Contains at least 1 symbol
6. Contains no “real” words that could be guessed via a dictionary attack (where they go through a list of words from the dictionary and try to guess your password)

In addition, you’ll want to be sure to look for any unexpected activity within the account.  Make sure that all of your personal information is correct and that no money has been transferred unexpectedly.

If given the option, turn on the “Two-Factor Authentication” (or “2FA”) option associated with the account.  This will require you to enter a code from your cell phone or email to authenticate who you are.  2FA protects your accounts from hacker dumps like this.

Yes, this is a pain.  However, it’s better to have your personal and financial data protected. 

How To Protect Your Data Easily Using Password Managers

There are ways to make tasks associated with passwords easier.  According to a study by NordPass, the average person has 100+ online passwords.  Who can remember that many passwords?

INF recommends using a password manager like KeePass or 1Password.  A password manager will help you create and remember well-formed passwords for all of your accounts.  In fact, you can copy and paste from these managers, so you don’t have to type anything going forward.

These password managers can also be installed on your phone.  This makes browsing the web a breeze when you need to access your passwords.

Is There Anything That You Can Do To Protect Your Business Further?

Yes, you can protect your business with a cyber liability policy.  These policies help protect you from the threat of hackers, data dumps, stolen passwords, ransomware attacks and more. 

It takes less than 5 minutes to fill out the application for this insurance.  Contact INF to get started at 412.563.2106.