Skip To Main Content

Cybersecurity 101

The Internet is a powerful and useful tool that allows us to do everything from reading about what happened on The Walking Dead, playing an online game with our friends on the other side of the planet, and

Red keyboard key with words safety first written on the key

watching a cat play a piano, to learning a foreign language, developing a life-changing computer program, and making friends with people we might not have ever met. These things, and so much more, are possible because of the Internet and technology. However, with all that technology can and does do for us, it isn’t without some risk and, just as you shouldn’t drive your car without putting on a seat belt, you shouldn’t travel on the information superhighway without taking some basic precautions.

 

By keeping a few simple things in mind, you can not only enjoy all the Internet has to offer but you can do so safely.

Passwords and multi-factor authentication, regular updates, and backups are four of the primary ways you can help keep yourself safe while using technology.

Passwords and Multi-Factor Authentication (MFA)

Passwords are typically the first and often the only key to our digital way of living, playing, and conducting business online.

Unfortunately, it’s far from uncommon for us to hear about how hackers compromised a system and stole numerous users’ passwords, forcing us at best to change our passwords once again and at worst to deal with the aftermath of having our personal information compromised. Just as unfortunate, a study conducted by security researchers found 62% of people use the same password for multiple accounts and even when they don’t use the same password, they simply add a number to the end of the password while keeping all the other characters the same. Additionally, the researchers found just as many people were more apt to use the shortest password length possible. To put it mildly, neither of these findings are good.

When it comes to passwords, more is better. The more varied the character set used to create a password and the more of those characters you use the harder it is to break. If every possible password is tried, sooner or later yours will be found. The question is: Which will come first, sooner or later? The answer we want of course is later (or ideally never).

To help later be as late as possible, we want to create the strongest password we can while ensuring it’s something we’ll remember. The strength of a password is determined by length and uniqueness with length being THE most important factor. The longer you can make your password the harder it is to guess.

In terms of uniqueness, it’s not enough to simply add a number or special character to your go to password because it’s trivial for the numerous password cracking tools to be configured to test for these common password tricksi>. These tools will iterate through thousands of combinations per second and the tools get better all the time.

 

List of password lengths and associated time to break the password

 

So, what are we to do? One way of creating a long, unique, and memorable password that is difficult for others to guess is to use The Bruce Schneier Method. In this method, you take a sentence that means something to you, a quote from a movie, for example, and then use the first letter of each word in the sentence to create the password by applying a pattern of upper and lower case letters intermixed with numbers, and special characters meaningful to you. Roads? Where we're going, we don't need roads becomes R?WwG1985wDnR. This 13-character password is easy to remember and not easily guessable.

You should use a unique password for every device and account you have. This way, if one of your passwords is compromised, you will not have to worry as much about your other devices and accounts. You are probably thinking “I get it, long, unique passwords for every account and device sounds like a great thing, but how am I supposed to remember them all?”

Password managers are one possible answer. A password manager is a specialized application you can install on your computer, phone, or tablet to securely store all your passwords in one place. You would then just need to remember the strong, unique password for the password manager. Although password managers ARE NOT RISK FREE, they can be a useful tool in helping you stay secure.

Whatever method you use to create and track your passwords, remember to:

  • use a unique password for each account
  • use as many character types as possible
  • use as long of a password as you can

Even if we take the time to create strong and unique passwords for all of our accounts there's still the possibility an account can be compromised because cybercriminals are constantly finding better and faster ways to guess, compromise, or bypass passwords. Fortunately, we can use multi-factor authentication or MFA (sometimes called two factor authentication or 2FA) to fight back.

Mutlti-factor authentication is a method of granting access to an account only after successfully presenting two or more pieces of evidence (or factors). Those factors are typically:

  • something only the user knows
  • something only the user has
  • something only the user is
  • a less commonly used factor is somewhere the user is

MFA works by requiring not one but two (or more) different methods to authenticate yourself so even if your password is compromised your account is still protected because of the addtional layer of security afforded by having the second factor. A classic example of multi-factor authentication is your ATM card. To withdraw money from an ATM you need your ATM card (something you have) and your PIN number (something you know). If you lost your card, you'd still be protected because of the PIN; likewise, if you lost your PIN, you'd be protected because it requires the card. Someone would need both the card and the PIN to compromise your account.

Using Multi-factor Authentication

MFA is usually not enabled by default, so you’ll have to enable it yourself for each of your most important accounts (we have MFA enabled in the District) and although the process can vary from account to account and it may seem like a hassle at first, once it's set up it's rather easy to use. Generally speaking, enabling MFA involves providing a contact number (normally your cell phone number) that can be used to send you a unique code to enter once you've typed in your password for a particular account. Some accounts also allow you to use a special application or a physical key generator to create a unique code.

For many accounts, once you successfully login using MFA the first time you'll only need to use MFA again if you (or someone else) tries to log in to the account from a different device or computer; this means if a cybercriminal gains your password, they still can’t access your account since they don't have access to the unique code.

Backups

We have insurance policies on our cars and homes to help us recover if we get into an accident or something causes damage to our home but most of us do not have insurance for our computer files. This is where backups come into play. Ask yourself, “Would I mind if I were to lose all of the files on my computer? Would it matter if my pictures from last summer at the beach were lost forever? Would I care if the paper I spent hours, days, weeks, or longer working on were to just disappear?” If you answered “yes” to any of these questions, then give yourself a little peace of mind by ensuring you regularly backup your files.

Sometimes, no matter how careful you are, one of your devices or accounts may be compromised. If that happens, often, the only fix is to wipe the computer and restore

Examples of different file types

everything from backups.

 

Some attacks even hold your files “hostage” and prevent you from opening them. Again, the fix is typically just to reload everything from uncompromised backups. Performing regular backups of your personal files, photos, and other information you could not live without is the ultimate way to help protect yourself and recover from a cyber-attack. After you have backed up your data, it is a good idea to store the backup somewhere other than your computer, like a cloud service, on offline storage media, or ideally, both. Finally, you also want to ensure you test the backups to make sure you can actually recover the files.

The good thing is most modern computer operating systems and smartphones have built-in back up options you can configure to automatically do the back-ups for you, so you don’t even have to worry about it, but you do need to enable them.

Updates

Cybercriminals are constantly looking for holes and weaknesses in the software and technology we use every day and once discovered they'll try to exploit them to break into our computers, networks, phones, and any other technology we might be using. “But why would someone want to break into my computer? I don’t have anything important on my computer?” Every facet of your personal information, your computer, and your network is very important and very valuable to the cybercriminal. Not only do they seek to make money from your personal information but they'll often use a compromised system to help them stage other attacks using the un-suspecting computer or network to cover their tracks.

 

Hand holding pencil asking question should I update my software

 

Keeping our software up-to-date is one of the best ways to help protect ourselves online. Most of the software companies work diligently to patch the holes and weaknesses the hackers are continuously finding. By ensuring our computers, phones, and tablets are up-to-date with the latest patches, we reduce the number of ways the bad guys can get into our systems, meaning it’s much harder for them to do the bad they want to do!

To help keep our systems patched and up-to-date, we should enable automatic updating whenever possible. This applies to almost any technology connected to the Internet to include our TVs, baby monitors, gaming consoles, refrigerators, our cars, and any number of other Internet connected devices. Once a device is no longer supported by the manufacturer, meaning they stop providing updates and patches, it’s highly recommended the device be replaced with a newer version that is supported; if this isn't possible or practical (who can really afford to replace their Internet connected refrigerator every few years?) then best practice is removing its access to the Internet.

Taking proactive measures to create and use strong passwords, enable mutlti-factor authnetication, back up your files, and keep your systems up-to-date will go a long way in helping keep you safe when you use technology.

I encougage you to check out Cybersecure Home, Smartphone Security, and Social Engineering for additional information on staying safe when using technology.

Wishing you safe computing,

David C. Creech, CISSP, GSEC, GCED
Assistant Director, Information & Technology Security
Email: dccreech@volusia.k12.fl.us
Phone extension: 79924