The National Cybersecurity Alliance and the Identity Defined Security Alliance (IDSA), present the first Identity Management Day, an annual awareness event which will take place on the second Tuesday in April each year. The inaugural Identity Management Day will be held on April 13, 2021.
What is Identity Management Day?
The mission of Identity Management Day is to educate business leaders and IT decision makers on the importance of identity management and key components including governance, identity-centric security best practices, processes, and technology, with a special focus on the dangers of not properly securing identities and access credentials. In addition, the National Cybersecurity Alliance (NCSA) will provide guidance for consumers, to ensure that their online identities are protected through security awareness, best practices and readily-available technologies.
Research by the IDSA reveals that 79% of organizations have experienced an identity-related security breach in the last two years, and 99% believe their identity-related breaches were preventable. According to the 2020 Verizon Data Breach Investigations Report, as many as 81% of hacking-related breaches leverage weak, stolen, or otherwise compromised passwords.
As part of Identity Management Day, NCSA and the IDSA will provide guidance for stakeholders at all levels, to ensure that identities of employees, machines, applications, and partners are protected through security awareness, best practices and readily-available technologies. Here are our 6 tips that they have shared for safeguarding your identity.
Think Before You Click
Every day you receive an enticing offer via email or text. Instead of clicking the link in the email or text, go directly to the company’s website to verify it is legitimate. If you suspect that the email is not from who it says it is or if the email looks “phishy”, do not respond to it, click on any links, open any attachments, and do not call the phone number listed in that email. Instead, call the supposed sender on a known phone number or if possible, walk over to that person and ask if they sent it.
Why? Attackers often send fraudulent email and text messages, referred to as phishing, in order to trick individuals into providing information such as usernames and passwords, or to download malware. This seems like no big deal, but could lead to disastrous events like ransomware.
Share With Care
Think before posting about yourself and others online. Consider what a post reveals, who might see it and how it might affect you or others.
- Why? Personal information readily available online can be used by attackers to do a variety of things, including impersonation and guessing usernames and passwords. Most people use pieces of personal information for passwords so they remember them more easily. Scammers know we do that, so they pay A LOT of attention to our personal details and plug them into software to crack our passwords. Speaking of which….
Lock Down Your Login
Create long and unique passphrases for all accounts and use multifactor authentication (MFA) wherever possible. MFA will fortify your online accounts by enabling the strongest authentication tools available, such as biometrics (fingerprints, facial recognition, etc.) or a unique one-time code sent to your phone or mobile device. Use password managers to generate and remember different, complex passwords for each of your accounts.
- Why? Duplicating passwords or using common passwords is a gift to hackers. If one account is compromised, a hacker will typically try the same username and password combination against other websites through “password spraying.” A second method of authentication provides extra protection even if a username and password is compromised.
Get Savvy About Public Wi-Fi
Public wireless networks are not secure. Anyone could potentially see what you are doing on your laptop or smartphone while you are connected to them. Limit what you do on public WiFi and avoid logging in to key accounts like email and bank accounts. If you have no choice, you should definitely use a virtual private network (VPN) before accessing any private or personal information.
- Why? Attackers can insert themselves between your device and an unsecured WiFi network to intercept account information and other sensitive data or to download malware on to your unprotected device.
Keep A Clean Machine
Keep all software on internet connected devices – including personal computers, smartphones and tablets – updated to reduce risk of infection from ransomware and malware. Configure your devices to automatically update or to notify you when an update is available.
- Why? Software updates often fix security flaws. Outdated software can be riddled with security holes easily exploited by attackers.
Own Your Online Presence
Every time you sign up for a new account, download a new app, or get a new device, immediately configure the privacy and security settings to your comfort level for information sharing. Regularly check these settings (at least once a year) to make sure they are still configured to your comfort.
- Why? Attackers are likely to try the default login information for internet connected devices – typically admin – to try and gain access. While the default settings for most online accounts provide the website owner with the most information for a personalized experience, loose privacy settings could mean your data is being shared without your knowledge.
For more tips and advice, visit www.identitymanagementday.org.