Understanding the sensitivity of data that you process every day is critical to how well you can protect it. It is important to follow standard procedures that have been put in place to ensure that all sensitive data are protected while using, transmitting, or storing the data. Sensitive data may include Social Security Number (SSN), Date of Birth (DOB), Telephone Number, Address, Medical Record information etc. Only share such data with individuals who are authorized to access it.
Protecting data also requires maintaining a clean desk and workspace. Lock your computer screen whenever you step away from your desk or office space. This is especially important if your desk is in a high traffic or open area. Your passwords should never be written down and pasted anywhere in your work area. Control who can access documents containing sensitive data by storing them in a secure drawer or cabinet. Do not use any unauthorized computer, personal device, or email account to copy, process or store any sensitive data. Install and use only authorized device and software to process and store sensitive data.
Multi-Factor Authentication
Multi-factor Authentication commonly referred to as MFA or Two-factor authentication (2FA) is an authentication method that grants you login access into a system after you have presented two or more pieces of evidence called factors. The system will validate the two factors before granting you access.
The factors may include knowledge -something only you know, possession - something only you have, or inherence - something unique to you. It is highly recommended to implement MFA when available on all your devices at home and at work, especially for online financial transactions. Also, it is important to note that cybercriminals can generate and send an MFA notification to you if your password or account has been compromised. Never reply to or approve any MFA notification that you did not initiate. Change the password to that account immediately.
Social Engineering
Social Engineering is a collection of techniques used by cyber criminals to manipulate people into disclosing confidential information. It takes advantage of the natural human tendency to be friendly and helpful to others, or the tendency to want to get something for nothing. Here are some key things to remember so that you don’t fall victim to social engineering scams:
- If it sounds too good to be true, then it probably is!
- Don’t be pressured into taking immediate action, such as providing your bank account information or divulging sensitive information to unauthorized persons.
- Remember that social engineering can also be done in person.
- Be cautious when responding to email messages or providing information to someone over the phone, especially to an unknown caller.
Phishing: Vishing-Smishing
Cyber criminals continue to find new and easy ways to scam you. One of the fastest growing Phishing tactics they employ is called Vishing. This is a combination of voice and phishing. Instead of using email, cyber criminals use fake caller IDs to make phone calls. On these phone calls, they may impersonate an individual or a legitimate business that you are familiar with to get you to reveal personal and sensitive information. Another form of phishing is Smishing.
The attacker sends a Short Message Service (SMS) text with an unsolicited offer of FREE stuff, a warranty update, or to discuss an alleged credit card overcharge. They provide a link that leads to a malicious website. The best option to combat phishing attacks is to not get rushed into taking any action or divulging any sensitive information to unknown sources. Do not attempt to bypass standard procedure or policy. Always pause and think before you act.
We live in times when we cannot be too careful. So, consider every email and text message from unknown sources as having the potential of a criminal “lurking in the corner” waiting to take advantage of the slightest opportunity to manipulate you and steal your data.
Password Security – Use a Passphrase
Consider a password to your computer or bank account as the key to your “kingdom.” You don’t want to hand it off or share it with anybody. Keeping your passwords safe is easier than you think. All you have to do is use passphrases or sentences that you can easily remember. Be sure to use a different password or passphrase for each of your online accounts.
- Using the same password for all of your accounts means if one of your accounts is compromised, then it’s a “FREE-FOR-ALL” access to all your other accounts.
- Do not write your password down. Choose something fun that you can easily remember, such as MyDogSmokeyHatesSmokedCaRRot$! Remember that passwords are case sensitive.
- You are personally responsible for safeguarding and preventing the misuse of your County logon credentials.
- Like your toothbrushes, change your passwords regularly and do not share them with anyone!
Safe Web Browsing
Many browsers have evolved over the years and are now equipped with security features that can display warning signs when you are about to visit dangerous websites or download dangerous files. It is imperative that you stay alert and pay attention to those warnings when they pop up while navigating the Internet.
The simplest way to know if the website you are on is safe and secure it to look at the Uniform Resource Locator (URL), which is the website name or address. A website that begins with “httpS” means the website is secure.
However, if the browser displays a warning that the website is not secure, then be proactive. Don’t try to continue browsing to see if anything bad will happen. Do not ignore any browser warning signs when surfing the web. Close the browser and visit another safe website.
Wi-Fi Safety
Cyber criminals work around the clock using various techniques and means to seek out vulnerable systems. A popular approach is to target unsuspecting victims using free unsecured public Wi-Fi connections in places such as airports, restaurants, hotels, and libraries.
If a public Wi-Fi service does not require you to enter a password, do not use it. The ease and flexibility of using mobile devices to conduct business as well as staying in touch with loved ones makes it desirable for everyone to stay connected 24/7.
It is imperative you remain mindful of where and when you connect your mobile device. If you must use an “unsecured” Wi-Fi access point, be sure not to conduct official business that would require you entering your login information or other sensitive information such as your bank account login. If your device starts malfunctioning after connecting to a non-secure public access point, shut it down and report it immediately.
