Best Practice for Account Security

By - Smarthills Corporate Solutions Ltd
04.04.22 11:04 AM

Best Practice for Account Security

In today's digital age, safeguarding your online accounts is more crucial than ever. By adopting best practices for account security, you can protect your personal information and ensure a safer digital experience. Refer below tips to enhance digital security and keep your account and data secure!

Password

Always Use Strong Password

What is Strong Password? A strong password is one that is difficult for others to guess or crack. Here are some key characteristics of a strong password:

 

  • Length: At least 12 characters long.
  • Complexity: Includes a mix of uppercase and lowercase letters, numbers, and special characters (e.g., !, @, #, $).
  • Unpredictability: Avoids common words, phrases, or easily guessable information like birthdays or names.
  • Uniqueness: Different from passwords used for other accounts.

 

Make passwords that are hard to guess but easy to remember.

  • To make passwords easier to remember, use multiple phrases that are not your names or related to you. For example, “breadandbutteryum” or “FoamGreenpaper”.
  • Avoid single words, or a word preceded or followed by a single number (e.g. Password1). Hackers will use dictionaries of words and commonly used passwords to guess your password.
  • Don’t use information in your password that others might know about you or that’s in your social media (e.g. birthdays, children’s or pet’s names, car model, etc.). Bad actors often deploy social engineering techniques to research and gather information about their targets.

Complexity still counts. To increase complexity, include upper and lower case letters, numbers, and special characters. A password should use at least 3 of these choices. To make the previous example more secure: “Bread & butter YUM!” or “Fo@mgrEEnpaper99”


However, don't make the password overly complex; make sure it is easily remembered.


Don't reveal your Password to Anyone

Never share or disclose your password to your family, friends or colleagues. Nobody needs to know them but you—not even the IT department. If someone is asking for your password, it’s always a scam.


Use different Passwords on different Accounts

Use different passwords for different accounts or websites. That way, if one account is compromised, at least the others won’t be at risk. Always use Unique Password for your Online Banking Account and Email Account and do not use this password for any other account or websites.


Keep your Password Safe

Do not write your passwords on paper or in notepads. Keep your password in a safe location if you really need to write it down.


2FA/MFA Authentication

Set up 2FA or MFA method

Use multi-factor authentication (MFA). Even the best passwords have limits. Multi-Factor Authentication adds another layer of protection in addition to your username and password. Generally, the additional factor is a token or a mobile phone app that you would use to confirm that you really are trying to log in. 


Public/Shared Devices or Networks

Public/Shared Devices

When using public or shared devices, it's essential to take extra precautions to protect your account security. Here are some best practices to keep in mind:

  1. Avoid Logging into Sensitive Accounts: If possible, avoid accessing sensitive accounts such as banking or email on public devices.
  2. Use Private Browsing Mode: Enable private or incognito mode to prevent the browser from saving your history, cookies, and other data.
  3. Log Out Completely: Always log out of your accounts and close the browser window when you're done.
  4. Don't Save Passwords: Never save passwords or allow the browser to remember your login details on public devices.
  5. Be Wary of Keyloggers: Public devices can be compromised with keyloggers. Use virtual keyboards or password managers with auto-fill features to minimize the risk.
  6. Clear Browsing Data: Clear the browser's cache, cookies, and history after your session.

Public Networks

Using public networks/WIFI can expose your accounts to various security risks. Here are some best practices to help protect your account security:

  1. Use a VPN: A Virtual Private Network (VPN) encrypts your internet connection, making it harder for attackers to intercept your data.
  2. Avoid Accessing Sensitive Information: Try not to log into sensitive accounts, such as banking or email, when on a public network.
  3. Enable Two-Factor Authentication (2FA): This adds an extra layer of security by requiring a second form of verification.
  4. Verify Network Authenticity: Ensure you are connecting to a legitimate network. Avoid networks with generic names like "Free Wi-Fi."
  5. Keep Software Updated: Ensure your device's operating system, browser, and security software are up to date to protect against vulnerabilities.
  6. Use HTTPS Websites: Look for "https://" in the URL, indicating that the website uses encryption to protect your data.

Phishing Emails

Be aware and careful of Phishing attempts

Phishing is a method attackers employ to gain access to your personal information, your credentials, or to your account in general. An attacker will send phishing emails to a large number of recipients, hoping that some of the recipients will be deceived. The phishing email may cite a critical emergency and urge you to provide your personal information, or ask you to access a link to a malicious web page, or download a malicious attachment.

Even if you have secured your account with multi-factor authentication, the attacker can gain access to your account through these phishing web pages using sophisticated techniques. For example, using the "Adversary-in-the-middle" method, the attacker can steal the session cookies from your browser and gain access to your account bypassing MFA.

How to identify a Phishing Emails

Identifying phishing emails can help you avoid falling victim to scams. Here are some key signs to look out for:

  1. Suspicious Sender: Check the sender's email address. Phishing emails often come from addresses that look similar to legitimate ones but have slight variations.
  2. Generic Greetings: Be wary of emails that use generic greetings like "Dear Customer" instead of your name.
  3. Urgent or Threatening Language: Phishing emails often create a sense of urgency or fear, urging you to act quickly to avoid negative consequences.
  4. Unusual Requests: Legitimate companies will never ask for sensitive information like passwords, Social Security numbers, or credit card details via email.
  5. Poor Grammar and Spelling: Many phishing emails contain noticeable spelling and grammatical errors.
  6. Suspicious Links or Attachments: Hover over links to see the actual URL before clicking. Be cautious of unexpected attachments, especially if they have unusual file types.
  7. Too Good to Be True Offers: Be skeptical of emails offering large sums of money, prizes, or other rewards that seem too good to be true.
  8. Mismatched URLs: Ensure that the URL in the email matches the website it claims to be from. Phishing emails often use URLs that look similar but are slightly different.



Ending

For business and corporate user, it is important to deploy and implement robust cybersecurity protection systems like Trend Micro Worry-Free Business Security System and utilizing business-grade software such as Microsoft 365 and Google Workspace which comes with Advanced Protection Features. These tools provide comprehensive protection against threats, ensure data integrity, and facilitate secure collaboration. Let's take proactive steps to safeguard our digital assets and create a secure working environment for everyone. 

Learn more about Google Workspace.
Learn more


We are Authorized Reseller and Partner for Cisco, Google, Microsoft, Trend Micro and many more.

Get in touch with us now.
Contact Us

Smarthills Corporate Solutions Ltd

Categories -
Cybersecurity
Tags -