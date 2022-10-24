Developing good habits plays a significant role when it comes to protecting oneself against cybersecurity threats. Andrew Kramer, assistant professor in the Beacom College of Computer and Cyber Sciences at Dakota State University, compares it to putting on a seat belt when in a motor vehicle.
“We can apply those same measures to cybersecurity,” he said. It’s about taking action to stay safe and reduce the risk.
Since 2004, when Congress and former President George W. Bush declared October to be Cybersecurity Awareness Month, a campaign has been launched annually to raise awareness of cybersecurity issue” – seeks to address the workforce shortage but also encourages staying safe online.
In a recent interview, Kramer suggested measures that individuals can take.
“Password strength is really important,” he said.
Unfortunately, past guidance regarding eight characters, lower case, upper case, number and symbol proved to be misguided.
“That led to people creating passwords that are weaker,” Kramer said.
Penetration testing showed that using that protocol, many people selected easily predictable passwords. Now, cybersecurity experts are recommending the use of a passphrase or even a sentence.
“That’s significantly harder to guess,” Kramer indicated. “The important thing is the password length.”
In addition to being easy to remember, when a passphrase or sentence is used, the password doesn’t have to be changed as often.
Kramer also recommends two-factor authentication. Because usernames are often easy to guess and passwords may be weak or leaked, two-factor authentication adds another layer of protection.
This may involve a text message with a verification number, or an email message which has a confirmation button. Two-factor authentication tokens are also available which generate a number that is entered with the username and password.
“You should look for it and turn it on for everything that allows it,” Kramer said of two-factor authentication.
He encourages installing all updates on software programs and applications. Updates includes vulnerability patches and help to keep systems more secure.
Kramer said the industry is moving toward automatic updates, but currently uses notifications. He does warn that scammers try to use urgent update messages to trick users into providing personal information.
“A normal, healthy update should be predictable and not get in your way,” he indicated.
Kramer said the best way to thwart ransomware threats is to keep regular backups. In the early days of personal computers, creating backups was recommended because the floppy disks used to store data were notoriously vulnerable.
As computers and storage devices have become more reliable, people have moved away from creating backups. Kramer said that’s a habit which people should maintain.
“Have your files saved somewhere else,” he stated.
He said it doesn’t so much matter where the files are stored – on a separate hard drive or with a cloud service – as that a backup is stored somewhere. Then, if something bad happens, the data remains available.
“We have backups, we don’t have to deal with those people,” ransomware targets can say.
To thwart bad actors, Kramer also suggests confirming any suspicious instructions by checking with the party who allegedly sent them. He calls this “out-of-band” verification.
He used the example of payroll receiving a new routing number and account number via email for an employee. In the incident he described, the individual who received the message didn’t think the tone of the message sounded like the sender. With a simple phone call, payroll determined the message had not originated with that individual.
“Reach back out via a different communication channel and verify that it was a legitimate message,” he explained. Contact information provided in the suspicious message should not be used to do this.
Finally, Kramer recommends a credit freeze for those who aren’t planning to use their credit. This is a safeguard against identity theft.
In a press release earlier this month, the state Bureau of Information and Telecommunication recommended monitoring online account activity and connecting devices safely to the internet.
“I urge you to learn more and make sure you are secure online,” Jeff Clines, BIT commissioner, said in the press release.