Image by © Tim Sandle

Jason Kent, Hacker in Residence, Cequence Security considers the winter periods as suitable as any to act as a timely reminder for organizations to revamp their security posture. In particular he thinks that employees can take a few small steps that make all the difference.

Kent singles out one of the most critical aspects of account security, and one that is invariably is overlooked: password creation.

To achieve proper password security, King recommends individuals should consider the following best practices:

Using strong, unique passwords for each account is imperative, as cybercriminals often target those with reused or weak passwords derived from a vast pool of compromised user ID/password combinations from data breaches.

Avoiding easily guessable patterns like birth years, family names, or sports teams.

Implementing password managers proves invaluable for generating and securely storing complex passwords.

Enabling Multi-Factor Authentication (MFA) or Two-Factor Authentication (2FA) adds an extra layer of security to your application and website accounts, requiring an additional authentication step beyond your password.

The above represents strong and sound advice. However, issues can still arise and it is just as important to notify employees about what they should avoid doing as much as it is nudging them towards what they should be doing.

In terms of what to avoid, King proposes:

Using a credit card is the safest way to pay online, storing your credit card details in online accounts, though convenient, pales in comparison to the potential risks of unauthorized charges. Taking the extra 30 seconds to manually input your card information during transactions can save you from these hassles.

Equally important is steering clear of “pay me with a gift card” scams, where scammers manipulate individuals through email or phone calls, convincing them to make payments for non-existent computer issues or software subscription renewals. These fraudsters exploit fear and a lack of technical knowledge to access victims’ computers, installing remote access tools and insisting on gift card payments. Tech Support, the IRS, the FBI, the County Sheriff – don’t take Steam Gift Cards as payment.

Considering the above, King notes: “With these steps in mind, bolstering your online safety becomes a manageable task. By implementing these precautions, individuals can navigate the digital landscape with confidence and enhanced security.”