Lock the Doors and Windows of Your Cybersecurity House

Joel CaskeyWritten by: 

Joel Caskey 
Cybersecurity Manager & Partner 
NET Xperts LLC


Greetings, Cybersecurity Superheroes!

As I mentioned in my previous blog, throughout this Cybersecurity Awareness Month, we are going to talk about building, maintaining, and securing your Cybersecurity House. There are many comparisons of things you already do at home or for your business that are similar to the Cybersecurity you should be doing on your network. I’m going to give you some things to think about to up your game and take your cybersecurity approach to a new level. 

I’m going to start with one of the first founding principles in physical security – if you don’t want someone to get in, lock the door. This is something that I was taught at an early age (thanks Mom!). Keeping the doors locked and secured is your first line of defense in keeping the bad guys out. This seems like a basic concept, but how does that relate to Cybersecurity?

The topic I am bringing up first will probably make you cringe because I’m going to call out some behaviors that a good chunk of the human population does… but let’s talk about passwords. Your passwords are the locks on the doors of your Cybersecurity House. Passwords and Password Management is the first line of defense in keeping the bad guys out. See what I did there?

Pay attention because these standards have changed a little bit in the past few years. Remember back in the day when everyone used to tell you that you should change your password every 60 or 90 days, and that a shorter password was sufficient? Well, there are new standards. It’s been found that forcing password changes on a regular basis doesn’t really do much other than annoy your users because everyone generally only changes the number at the end, making this predictable. Humans? Predictable? I never would have fathomed…

Here is what you want in a good password:

  • Your password (or passphrase) should be at least 14 characters long.
    • Note that I said “passphrase” – You can (and should) use a phrase instead of only a word. It can be a 2- or 3-word phrase (or more if you’re feeling adventurous).
  • Your password should still be a strong, complex password.
    • This means that you should still follow the complex rules of using numbers, capital letters, lowercase letters, and special characters.
  • Your password should NEVER include your name or the names of any loved ones.
    • This includes your dogs and cats, especially if you always post pictures of them on social media or talk about them all the time, like most pet owners do (and should!).
  • You should change your password on a regular basis, but when you do, change it to something completely different.
    • “Regular basis” meaning once or twice a year will suffice. This can be done at irregular intervals to shake things up (variety is the spice of life, right?)

 

But wait…. There’s more!  You also want to pair this with Multi-Factor Authentication (MFA). This means pairing something that you KNOW (your password) with something that you HAVE (either a token with a number on it or a cell phone). This is like having a lock on your door as well as a deadbolt but having 2 different keys. If you lose one (or one becomes compromised), the other one helps to keep the bad guys out.

I know that may sound complicated, but you all have seen this before. Do you know the sites that send you a 6- or 8-digit code when you log in, perhaps with your bank? That’s Multi-Factor Authentication! It’s an extra step for everyone, but the world is at the point where this is a necessary step for any critical or sensitive applications. This is also a requirement for most Cybersecurity Insurance policies, as well as for most compliance standards.

Now, you may be saying: “How in the world do I implement this?” Well, don’t worry – I know a guy. NET Xperts can help with this!

We can assist you with getting a good password regimen put into place, as well as getting Multi-Factor Authentication implemented for your organization. Give our team a call and we can work with you to evaluate what can be done to strengthen your organization’s security foundation and get those doors locked up tight!

 

Until next time, Cybersecurity Superheroes – Be safe out there!