High-profile data breaches at companies like British Airways and Marriott get a lot of media coverage, but cybercriminals are increasingly going after community groups, schools, small businesses and municipal governments.
Just in the Midwest, hospitals, libraries, voter registration systems and police departments have fallen victim to one type of digital hijacking or another. Cybercrime is not just a concern for corporate technology departments. Schools, scout troops, Rotary clubs and religious organizations need to know what to look for and how to handle it.
As the academic director of a new cybersecurity clinic at Indiana University, I’ll be helping to lead students and faculty members in teaching local, county and state government agencies, not-for-profit organizations and small businesses how to improve their cyber hygiene. They’ll learn how to better manage digital systems, protect their intellectual property and improve consumer privacy.
Everyone should know the basics for how to protect themselves and the groups or organizations they’re part of. Here is a brief look at some of the cybersecurity best practices we’ll be teaching members of our communities to keep in mind as they go online for work, play or volunteering.
1. Keep everything up to date
Many breaches, including the 2017 one at the Equifax credit bureau that exposed the financial information of almost every American adult, boil down to someone leaving out-of-date software running. Most major computer companies issue regular updates to protect against newly emerging vulnerabilities.
Keep your software and operating systems updated. To make it easy, turn on automatic updates when possible. Also, be sure to install software to scan your system for viruses and malware, to catch anything that might get through. Some of that protection is free, like Avast, which Consumer Reports rates highly.
2. Use strong, unique passwords
Remembering passwords, especially complicated ones, isn’t fun, which is why so much work is going into finding better alternatives. For the time being, though, it’s important to use unique passwords that are different for each site, and not easy-to-hack things like “123456” or “password.”
Choose ones that are at least 14 characters long. Consider starting with a favorite sentence, and then just using the first letter of each word. Add numbers, punctuation or symbols for complexity if you want, but length is more important. Make sure to change any default passwords set in a factory, like those that come with your Wi-Fi router or home security devices.
A password manager program can help you create and remember complex, secure passwords.
3. Enable multi-factor authentication
In many situations, websites are requiring users not only to provide a strong password but also to type in a separate code from an app, text message or email message when logging in. It is an extra step, and it’s not perfect, but multi-factor authentication makes it much harder for a hacker to break into your accounts.
Whenever you have the option, enable multi-factor authentication, particularly for crucial log-ins like bank and credit card accounts. You could also consider getting a physical digital key that can connect with your computer or smartphone as an even more advanced level of protection.