The “Cybersecurity Talk” That Every Texan Needs to Hear

Ladies and gentlemen, we have a growing problem on our hands, and I don’t think anyone (ourselves included) have been taking the right approach to solving it.

I’m talking about cybersecurity, more specifically, the cybersecurity hygiene of an individual.

We can talk and talk and preach and scream from the rooftops about the importance of this stuff, but I think there is such a fatigue for it, and such a “well what are the odds that it will happen to me” kind of attitude that most people dismiss it.

If you feel either of those ways, this is the article for you. If you read one cybersecurity article and take it to heart, this is the one, and we really, truly hope this sticks for you.

Why Individual Cybersecurity Hygiene is So Important for Businesses

You know what? Let’s forget about the business for a minute.

Let’s just talk about YOU.

Mileage is going to vary, but as an individual, you probably have some varying level of an online identity. You probably have a bank account. You probably have utility bills. You probably do some shopping online. You might have a Facebook or a LinkedIn. You almost certainly have an email account, a smartphone, a phone number that you get text messages… you get the idea.

Everything you do on the Internet, every purchase you make, every bill you pay, every website you have an account with, is all tied to either your email address, your phone number, or in some situations, some other master account like a Google, Facebook, or Microsoft account (for sites that let you sign in using these alternative accounts—although lets face it, these accounts are ultimately tied to an email address or phone number themselves).

My goal here isn’t to make you stumble through the complexities of cybersecurity either, nor do I want to be overly dramatic and just talk about the doom and gloom. The best way to be consistently safe and secure is to break everything down to its simplest parts.

So you’ve got two master keys that govern every little thing you do on the Internet—your email address, and your cell phone number. It’s worth noting that for 80-90 percent of your accounts, it’s probably going to be your email address.

If someone can gain access to your email address or your phone, they can have the keys to the castle. They can look through your emails to see what accounts you are connected to. They can reset any password on any account, and login and assign that account to some other email address you don’t control. They can forward all of your mail somewhere else. They can reach out to your phone carrier and forward your number or make literally any change to your life they want.

It’s easy to think about email as the messages we send to friends, colleagues, and family. Nobody is worried about a cybercriminal intercepting their dinner plans, but that’s not what your email address really is. You might use it for that sort of correspondence, and that’s more than fine, but ultimately, your email address is the gateway to the rest of your online identity. It’s your resume, it’s your bank key, it’s every bill and insurance policy, it’s everything you’ve ever bought and subscribed to.

How Does That Affect Business?

While there is hopefully some natural separation between your business life and your personal life, we’ve discovered that this isn’t the case for a lot of people. So many professionals use their work email for personal use, or have accounts that are connected between both work and personal. Social media accounts, for example, are pretty common. Many people might have both their work email and personal email tied into their LinkedIn profile.

This connection isn’t necessarily a risk factor on its own, but it compounds with bad cybersecurity hygiene.

On top of that, many people use a personal smartphone, or other personal computing devices to check email, open documents, take notes, and access sensitive work information. This gives threats the opportunity to cross-pollinate all of the time, and because everyone just assumes it won’t happen to them, it’s easy to not realize just how many cracks there are across every single system.

In other words, your personal life online can totally affect your professional life, and vice versa, and this goes for every single person within your organization. 

The Most Critical Steps to Take Right Now to Protect Yourself from Cyber Threats

Change Your Email Passwords.

Here’s what I’d like you to do. You’ve made it this far, so you obviously care enough about protecting your personal information and the sensitive information your business holds to take action.

You likely have at least two email addresses (a work one and a personal one). I’d like you to log into them, and change the passwords. If you have a dozen emails, then take the time to do this for all of them.

For each account, you are going to use a completely unique password using a complex passphrase. Here’s how you’ll do it.

Open up https://randomwordgenerator.com/ in a new tab in your browser.

Have it generate 3 or 4 random words. If it gives you smaller words, click the Generate button a couple of times until you get words that are generally larger.

For example, I got “accordion sensitive machinery” but you’ll use whatever words it gives you.
Now I’m going to make these words a little more secure by making some letters capitalized. I am going to do this in a way where it’s not too complicated to memorize the password if I have to, and it’s easy enough to type out, but it is absolutely impossible to make sense of. You can make it easy for yourself and try to group most of the capital letters near each other. This makes it a little easier to type into a mobile device while still keeping things secure.

ACCORDionsensitivEMachinery

Next, add a couple of numbers into the mix. Don’t just put them at the end, and don’t use numbers that represent your birthday, the year you were born, your phone number, etc. If you want to make it a little easier to remember, you can replace the letter I with a 1, the letter E with a 3, and so forth, or you can group the numbers together somewhere in the middle of a word so it is easier to type out.

ACCORDions3nsitivEMach149inery

Finally, add a few special characters. I recommend using characters that are easy to find on mobile keyboards, and some accounts might be picky about what special characters you use, so you might need to adjust accordingly. The most common are !, ?, @, #, $, %, ^, &, *, (, and ).

$ACCORDion#s3nsitivEMach149iner!y

We didn’t have to use any creative thinking, we didn’t have to try to come up with something clever, we just followed a few steps to create an extremely complex, yet relatively easy to store/document/type password. 

Here’s the thing, you don’t need to memorize your passwords. If you use a password manager like LastPass, Keeper, or 1Pass, you can securely store all of your passwords, and only need a single master password to access them all. Give us a call at (512) 882-2242 if you want help setting that up for yourself or your business. Don’t write the password down in a Word document or spreadsheet, and definitely don’t store it on some cloud account like Google Drive or email it to yourself. If you don’t have a secure way to store passwords right now, write it down clearly, with the email that it is associated with, and store it in a safe or somewhere else that’s equally secure. 

Rinse and repeat for your other email addresses. Plan on doing the same for your bank account, and any other important accounts that handle sensitive information. Don’t ever use the same password twice.

Set up Two-Factor/Multi-Factor Authentication

While you are logged into these accounts, check to make sure two-factor or multi-factor authentication is on. Most online accounts utilize this technology so users can add a second layer of security to the account. 

Two-factor/Multi-factor authentication, also known as 2FA and MFA, essentially requires you to prove your identity even if you know your password. This means if your password gets stolen, there is still an additional level of security that will keep bad guys from getting into your account.

Most social networking sites, eCommerce sites, banking sites, and email platforms should have this as an option, usually under account information or security settings.

There are a handful of 2FA/MFA methods, but the most secure is using an Authenticator app. These apps include Duo Authenticator, Microsoft Authenticator, LastPass Authenticator, and Google Authenticator. They are apps you can get on iPhone and Android devices. Most accounts will generate a scannable QR code that you scan into the app, and the app will generate a 6-digit pin that refreshes every 30 seconds. You’ll use that pin to authenticate yourself when logging into the account.

The other method is using SMS for authentication. This is slightly less secure, as it is possible that someone could intercept your text messages, and scammers will try to trick users into letting them see the authentication pins, but it’s still better than nothing.

You’ll want to keep 2FA and MFA in mind whenever you log into a new account, and always check to see if it is available to turn on. Yes, it’s a small inconvenience, but you will be so thankful that you have it if something goes wrong and your password is breached. 

Rinse and Repeat for the Following Accounts:

We covered your email accounts, which is a huge step in the right direction, but you should schedule some time to do this for all of your accounts. Here are some really important places to start:

• Domain registrars and hosting accounts like GoDaddy, Bluehost, Dreamhost, Siteground, Register.com, Whois.com, and anywhere else that manages DNS/Domain/Hosting accounts.
• Accounts that are linked to your devices like Microsoft, Google, and Apple.
• Bank and credit card accounts, lenders, mortgage companies, tax companies, and anywhere that has you pay a bill.
• Social media accounts like Facebook, Twitter, Discord, Slack, and LinkedIn.
• Sites that you make purchases from, like Amazon, Walmart, Steam, BestBuy, eBay, and virtually any online store.
• Vendor portals, business directory listing sites, forums, and any other online communities you are in.

You’ll be shocked when you sit down and realize just how spread out you are on the Internet. I recommend making a big bowl of popcorn and pouring yourself a large drink, because it’s going to take a while for most people. 

It’s worth it though.

Having that password manager set up will make it so much easier for you too.

If You’ve Done All That, You’ve Made HUGE Progress, But Cybersecurity Doesn’t Stop There

We talk about cybersecurity a lot, and we’ve covered a lot of important things that businesses need to do to protect themselves. Security isn’t a luxury anymore—cybercrime is affecting small businesses at an incredible rate and while there is no magic bullet to totally protect yourself from all threats, it seriously pays to defend yourself as best as possible. 

We recommend sharing this post with your colleagues, employees, employer, and anyone else you do business with. If you found it helpful, or want to learn more about how we can help protect your business and train your staff to be safer online, give us a call at (512) 343-8891.