Earlier this year, the administrators of CloudGavel, Fusionstak’s solution for generating electronic warrant for our Public Safety domain, sent out a survey asking for feedback from their end users. There were a few small issues that popped up and a couple of good suggestions for future development, but the two biggest issues that were brought up on the survey were “Password Management” and “Two-factor authentication (2FA)”.
WHAT WAS THE FEEDBACK?
The disdain for Two-factor authentication (2FA) and complex security measures is widespread, particularly outside of IT. Many people desire simple logins and easy passwords to streamline application access. However, in today’s cyber landscape, prioritizing cyber security is non-negotiable. With data breaches and ransomware threats on the rise, maintaining robust security measures is paramount. While implementing and complying with stringent security protocols can be challenging, safeguarding sensitive information and protecting against potential disasters outweigh the inconvenience.
Embracing cyber security as a crucial responsibility is essential, as it safeguards not only personal and organizational data but also ensures a safer digital ecosystem for everyone involved.
THE CONSEQUENCES OF LAPSED SECURITY
THE NEXT ELEMENT: 2FA
The newest and fastest growing cyber security solution is Two-factor authentication (2FA). Like the example above, Two-factor authentication can take the form of a unique verification code that’s sent out every time you log into an application, a confirmation message sent when a new device or location is being logged into (Google and Amazon use this widely now), or the use of biometrics and facial recognition (banking websites and apps are good examples).
Another reason why Two-factor authentication is so valuable is that most people use the same password across multiple applications. If one of their application gets compromised, the same password can be used for other applications– and it usually works. Two-factor authentication brings in another step that forces users to confirm it’s them before the login.
Two-factor authentication isn’t perfect, but it’s a great leap forward in making sure your logins stay secure. You can also check to see if any of your accounts logins have been compromised by visiting https://haveibeenpwned.com/. This will let you know where you’ll need to go to change passwords or deactivate accounts.
WHAT DO WE DO NEXT?
First, you should do a quick overview of all of your accounts and make the following changes if necessary:
- Update your passwords – they should be changed every 3-6 months based on the risk
- Don’t use common or easy to guess passwords
- Don’t use the same password for everything (i.e. – the password for your email accounts shouldn’t be the same as your bank password)
- Don’t save your passwords, especially on shared or public facing computers
- DO use complex passwords – 8 or more characters, a combination of letters, number and symbols, and if you really want high security, don’t use real words or number in patterns or sequences
- Enable Two-factor authentication – have applications activate Two-factor authentication if available. It may be a big overhead, but it will save bigger risk later.
- Avoid public internet access at all times – if you can’t be at a trust location, use a VPN or your cell phone’s hotspot/data connection. This keeps others from seeing your internet traffic.
- Don’t click on emails that have come from people or businesses you don’t know or trust. There is a surprising number of systems that have been brought down by this very basic attack (called Phishing).
- Don’t provide any account information to anyone over email or phone.
If you need any help or advice on setting up or improving your cyber security, please reach out to us at email@example.com and we’ll be happy to help.