• Help keep computers, data, and networks secure with strong passwords, multifactor authentication, and effective policies like avoiding password reuse or sharing.
• Two-factor and multifactor authentication are extremely effective against phishing attacks and breaches, especially when combined with strong passwords. Restricting permissions and access to data prevents unauthorized viewing, copying, and modification of data. Monitoring server logs and other data can alert IT staff to unusual or suspicious activity and provide helpful forensics when a breach occurs.
• Applications and operating systems should always be kept up-to-date and patched. Disabling unused services, ports, and default usernames and passwords in devices and software can help eliminate intrusion and exploitation. Firewalls can block unauthorized connections to devices. VPN software and encryption prevent others from capturing usable information from secured and unsecured networks.
• Software, drivers, patches, and firmware updates should always come from reliable sources like the original manufacturer’s websites. Avoid third-party websites advertising drivers for the latest devices. Uninstall unwanted or unused software so they can’t be exploited.
• Data that isn’t encrypted is called plain text. Encrypted data is called ciphertext. Data that resides on storage devices is called data at rest. Email and data traveling over a network is called data in motion. Data can be encrypted locally on a storage device or during transit over a network connection.
• Use folders to organize your Inbox and take advantage of built-in email rules to help manage email and junk mail. Be wary of phishing emails that try to trick you into giving up your personal information or login credentials. Suspicious emails typically contain typos, and bad grammar, and try to use intimidation or fear to get you to act on them. Links embedded in suspicious emails are likely to install malware on your device.