October is National Cybersecurity Awareness Month (NSCAM) and its goal is to raise awareness and empower everyone online to be safer, more secure and better able to protect their personal information by taking simple, actionable steps. This year NSCAM emphasizes personal accountability and the importance of taking proactive steps to enhance cybersecurity at home and in the workplace.
Occasionally databases full of stolen usernames and passwords are released by hackers for anyone to download. Upon perusing one of these databases, I found my old forgotten email accounts and the correct passwords that I had made years ago. Luckily I had changed those passwords so this data was useless to a hacker. The website haveibeenpwned.com is an online repository of email addresses and passwords collected from publicly disclosed data breaches that you can search to see if your accounts have been compromised.
Here are some tips for protecting yourself against hackers who get ahold of stolen passwords:
Use two-factor authentication where possible. This is one of the best defenses against your passwords getting stolen. By setting up two-factor authentication with your phone for Facebook for example, an attacker would have to also have access to your cellphone to be able to log in. Two-factor can prevent unauthorized access to accounts when a hacker has the right password but not the user’s phone.
Use a password manager like LastPass or iCloud Keychain. This helps you keep track of what accounts you have, and it makes it much easier to change passwords more often, or deactivate old accounts that you don’t use. I highly recommend setting up two-factor authentication on your password manager.
Change old passwords and do not reuse passwords. As I shared, hackers had stolen my real passwords for several of my accounts and I had no idea. Knowing or not, I can reset passwords for my accounts periodically so if my passwords are stolen, they become useless to hackers. And although it’s tempting, it’s important to refrain from reusing a password for other accounts. If I had reused old passwords on my current email account or my online bank account, anyone who checked out that stolen database potentially would have access to both.
Unfortunately we can’t get rid of hackers, but we can take simple but powerful steps to protect our online information. Visit staysafeonline.org for more information. If you feel that you need more protection, particularly if you own a business, seek assistance from a trusted security partner who can help you ensure that your online assets are properly secured.
Ariana Dow is a managed security services engineer at Hawaiian Telcom. Reach her at Ariana.dow@hawaiiantel.com.
