In case you were not aware, we are in the midst of National Cyber Security Month. And, given all of the seemingly daily disclosures of security breaches it is hard to under estimate that term “awareness.” It is not just the organizations we work for that need to be on constant guard, but all of us need to do our part in keeping our personal information secure and our devices protected.

It is for this reason that I’d like to draw attention to the top 10 security tips list that has been provided by the good folks at Siber Systems providers of the popular RoboForm product portfolio of security solutions.   

Top 10 Security Tips

1. When using a debit card, run it as a credit card: Not only will you not need to enter your PIN, you’ll get more anti-fraud protection should you later have problem with a purchase or if the card number is stolen.  In addition, there are times where you should use a credit card instead of a debit card, such as if you're shopping online, if you're making large purchases and if you're traveling on vacation.
2. Don't click the “unsubscribe” link on your spam emails: Often, clicking the unsubscribe link just alerts the spammers that you are a "live" email address and results in your receiving even more spam.
3. Use a different password for each secure site and change it every 30-60 days: When a data breach occurs, cyber criminals often sell the information to third parties before the theft is detected. If you change your password regularly, you’ll have a better chance of ensuring that a new login protocol is in effect when the third-party buyer tries to use your password.
4. Strengthen your password: The best strategy for protecting your information is to use a strong password that contains upper and lowercase letters as well as numbers and symbols. Consider using numbers and symbols that resemble letters to strengthen your password while keeping it easy to recall, e.g., “B@seb@11” instead of “baseball.”
5. Don’t leave desktops or laptops unattended in the office with a browser open: It only takes a few seconds for someone to use an open browser to collect login information and copy passwords, so make sure to shut down the browser or lock your screen if you’re going to be away from your computer, even for just a minute or two.
6. Password-protect mobile phones and tablets: Many people these days use their personal devices for work, and if the device is lost or stolen, cyber thieves may be able to log in and collect sensitive company data – as well as personal account information. Use a strong password on all of your devices to keep information safer.
7. Don’t fall for phishing scams: So-called “phishing” scams occur when a cyber thief calls or emails while posing as a banking or merchant account official and attempts to collect login information. A sophisticated scammer can create a website that looks very much like a legitimate site. Never give out sensitive account information via email or over the phone. Instead, call the company directly.
8. Consider a password management system: Passwords are the first line of defense, but creating strong passwords, changing them every 30-60 days and using unique passwords for every site can be a hassle. Password management software automatically handles password creation and changes and only requires users to remember one password.
9. Make sure employees know how to keep company information safe: In the “bring your own device” (BYOD) era, it’s more important than ever to make sure team members understand how to operate safely online using their own devices or company equipment. Provide employees with the training and resources they need to operate devices safely.
10. Regularly update software to eliminate security weaknesses: Windows, Macs and virtually all browsers regularly provide free software updates. Take advantage of this to close security loopholes!

While most of this list falls into the category of common sense best practices, the first two items from a consumer protection standpoint are worth thinking about and doing something about as well.  Indeed, the first one in particular falls into the category of “who knew,” and is something I have already put into practice.  While I have gotten in the habit of giving my debit card a rest in most instances, running it through when I do use it as a credit card is terrific advice.

This is also true for the second item about “unsubscribe.” The problem is just deleting all of the spam is time I cannot recover. 

The third item about using a different password is also sage advice or those of us who visit multiple websites frequently doing this can be problematic.  Fortunately, through things like the FIDO Alliance passwords will hopefully become obsolete.

Since we are less than half way through National Cyber Security Month, you still have plenty of time to look through the tips and see where you and/or your organization may not be employing best practices. This really is a case where an ounce of prevention is worth more than a pound of cure.