As we conclude Cyber Security Awareness Month 2019, I will kickoff by writing my first article to help better educate and train our community at Patrick Henry Local Schools.
The current digital landscape in this country leaves individuals particularly vulnerable to hacking!
In many reports, phishing is still the number one cause of cyber-attacks! Phishing is the fraudulent practice of tricking an internet user into providing usernames, passwords, and/or credit card numbers.
Data breaches are also on the rise, and your personal information can be exposed. Data breaches happen when your personal information is disclosed in an unauthorized way. The scary thing about data breaches is that it has nothing to do with your ability to combat them. Data breaches happen to companies we trust.
Enough doom and gloom - there is good news! We can protect ourselves by making it more difficult on the criminals.
There are things we can do to protect ourselves against phishing, and Google produced a good 3 minutes video for education back in 2017 about the topic: Stay Safe from Phishing and Scams.
We also have the resources available to us that can alert us when our accounts have been involved in a data breach (legally, companies are also supposed to notify you). There is a website: https://haveibeenpwned.com/ that allows you to enter your email address(es) and see if it has ever been involved in a data breach, which data breach(es), and what information may have been exposed. You can sign up for future notifications too.
Personally, I believe the best thing we can do is manage our passwords better. Prosource wrote a great blog post about the topic: It’s Time to Break Your Bad Password Habits. The short article discusses weak passwords, reusing passwords, and gives great ideas on how to create stronger and more secure passwords.
It appears that every tech company wants to eliminate passwords altogether, but that day isn’t here yet. In the meantime, there are two recommendations I would like to encourage any user to do:
Two Factor Authentication (2FA) - this adds an extra layer of security, beyond just a username and password, which can be as simple as adding your cell phone number to your account(s) and turning on the two factor authentication feature. By doing this, anytime anyone tries to log into your account from a new device or location, they won’t be able to without the code that is sent to your cell phone. If someone steals your username and password and tries to use it, they won’t be able to access your accounts without the code! It isn’t full proof, but it helps.
Password Managers - password managers allow you to manage all of your passwords with one unique password. The best way to use a password manager is to create a unique and secure password that you can remember for the manager, and then allow the manager to generate unique passwords for each of your other accounts. This provides separation for all your accounts, meaning that a hacker can’t reuse your username/password on multiple accounts because the passwords aren’t the same. You should still setup two factor authentication for every account that makes it available, and the combination of the two adds some great protection.
So which password managers should you consider? I recently attended an Ohio School Boards Association Cyberlaw Training where an FBI Cyber Crimes agent and a Cyber Security Firm presented on “Preventing and Addressing Cybersecurity Threats.” In that presentation, both agents recommended password managers and promoted one of only four options: 1Password, Lastpass, Dashlane, Keypass. They all offer different features and many have different free and paid models.
Password managers have been around for awhile, and honestly, I was afraid to try one because it didn’t seem secure. Now that I share a few service accounts with family members and many of my accounts have been involved in data breaches, I felt it was time to change my habits. Personally, I chose Lastpass and I purchased the family subscription for $48/year which gives each of my 5 family members an account and allows me to easily share passwords, both of which were important features to me. I have tech friends who use 1Password and love the service on their iOS device.
I truly believe we don’t have to be afraid of technology, but we should do things to protect ourselves against known threats. There are many other actions you can take to protect yourself and your family and better password management is a
great way to start!
Dustin Ruffell, M.ED., CETL
Director of Technology, Patrick Henry Schools
[email protected]