Cybersecurity Best Practices

Password Management

• Password Best Practices:
  • Use unique and complex passwords for each account
  • Avoid using easily guessable information (e.g., name, birthdate, common words)
  • Use a mix of uppercase and lowercase letters, numbers, and special characters
  • Passwords should be at least 12 characters long
• Password Storage:
  • Use a password manager to securely store and generate complex passwords
  • Avoid storing passwords in plain text or in an unsecured manner
• Password Rotation:
  • Rotate passwords every 60-90 days to minimize damage in case of a breach
  • Use a password manager to automate password rotation
• Multi-Factor Authentication (MFA):
  • Use MFA to add an extra layer of security to the authentication process
  • MFA can include methods such as biometric authentication, one-time passwords, or smart cards

Phishing Identification

• Common Phishing Techniques:
  • Deceptive phishing: using fake emails or websites to trick users into revealing sensitive information
  • Spear phishing: targeting specific individuals or groups with personalized emails
  • Whaling: targeting high-level executives or officials with sophisticated phishing attacks
• Phishing Red Flags:
  • Urgency or scarcity tactics to prompt immediate action
  • Misspelled URLs or suspicious domain names
  • Poor grammar or spelling in emails
  • Requests for sensitive information or login credentials
  • Unusual sender email addresses or names
• Phishing Prevention:
  • Be cautious with emails or messages that ask for sensitive information
  • Verify the authenticity of emails or messages by contacting the sender directly
  • Use anti-phishing software and keep it up to date
  • Educate users on how to identify and report phishing attempts