Use strong unique passwords 

A strong password acts as the first line of defense against cybercriminals. The National Cyber Security Centre (NCSC) recommends using three random words for a strong and memorable password. Use a mix of uppercase and lowercase letters, numbers, and special characters. Avoid using easily guessed passwords such as “password1234” and consider using a password manager to store and generate secure passwords.  

1. Make them long 

At least 16 characters—longer is stronger!  

2. Make them random 

Two ways to do this are: 

Use a random string of mixed-case letters, numbers and symbols. For example: 

• cXmnZK65rf*&DaaD 

• Yuc8$RikA34%ZoPPao98t 

Another option is to create a memorable phrase of 4 – 7 unrelated words. This is called a “passphrase.” For example: 

• Good:        HorsePurpleHatRun 

• Great: HorsePurpleHatRunBay 

• Amazing:   Horse Purple Hat Run Bay Lifting 

Note: You can use spaces before or between words if you prefer! 

3. Make them unique  

Use a different strong password for each account. 

For example: 

• Bank: k8dfh8c@Pfv0gB2 

• Email account: legal tiny facility freehand probable enamel 

• Social media account: e246gs%mFs#3tv6 

Enable Two-Factor Authentication (2FA) 

Two-factor authentication adds an extra layer of security by requiring a second form of verification, such as a code sent to your mobile device or a fingerprint scan, in addition to your password. This makes it harder for cybercriminals to access your accounts, even if they obtain your password. Turn on 2-Step Verification 

With 2-Step Verification, or two-factor authentication, you can add an extra layer of security to your account in case your password is stolen. 

After you set up 2-Step Verification, you can sign in to your account with: 

• Your password and a second step 

• Your passkey 

When you sign in, you may encounter different authentication challenges. The challenge you’ll get is what Google thinks is best to help you sign in easily and keep out hijackers. 

Tips: 

• By default, when you create a passkey you opt in to a passkey-first, password-less sign in experience. 

• If you always want to use your password first, you can change this default preference in your account settings. 

Beware of Phishing Scams Email or Links 

Cybercriminals use phishing emails and fake websites to trick individuals into revealing personal information. Be cautious of emails requesting sensitive data or containing suspicious links. Verify the sender’s authenticity before clicking on any links or downloading attachments. 

How Phishing Works 

In a typical case, you’ll receive an email that appears to come from a reputable company that you recognize and do business with, such as your financial institution. In some cases, the email may appear to come from a government agency, including one of the federal financial institution regulatory agencies. 

The email will probably warn you of a serious problem that requires your immediate attention. It may use phrases, such as “Immediate attention required,” or “Please contact us immediately about your account.” The email will then encourage you to click on a button to go to the institution’s Website. 

In a phishing scam, you could be redirected to a phony Website that may look exactly like the real thing. Sometimes, in fact, it may be the company’s actual Website. In those cases, a pop-up window will quickly appear for the purpose of harvesting your financial information. 

In either case, you may be asked to update your account information or to provide information for verification purposes: your Social Security number, your account number, your password, or the information you use to verify your identity when speaking to a real financial institution, such as your mother’s maiden name or your place of birth. 

If you provide the requested information, you may find yourself the victim of identity theft. 

How to Protect Yourself  

1. Never provide your personal information in response to an unsolicited request, whether it is over the phone or over the Internet. Emails and Internet pages created by phishers may look exactly like the real thing. They may even have a fake padlock icon that ordinarily is used to denote a secure site. If you did not initiate the communication, you should not provide any information. 

2. If you believe the contact may be legitimate, contact the financial institution yourself. You can find phone numbers and Websites on the monthly statements you receive from your financial institution, or you can look the company up in a phone book or on the Internet. The key is that you should be the one to initiate the contact, using contact information that you have verified yourself. 

3. Never provide your password over the phone or in response to an unsolicited Internet request. A financial institution would never ask you to verify your account information online. Thieves armed with this information and your account number can help themselves to your savings. 

4. Review account statements regularly to ensure all charges are correct. If your account statement is late in arriving, call your financial institution to find out why. If your financial institution offers electronic account access, periodically review activity online to catch suspicious activity. 

Stay Cautious When Downloading Apps or Software 

Only download applications from reputable sources such as official app stores or the developer’s website. Malware and viruses are often disguised as legitimate software, leading to data breaches or financial loss. 

Read about the app before installation to understand its functionality. Be cautious with permissions requested by the app. Download from reputable sources like Apple’s App Store or Google Play. Log out of apps with sensitive info, like banking apps, when done. 

Don’t Use Public Wi-Fi Without Protection 

The Risks of a Public Wi-fi The biggest threat to free Wi-Fi security is the ability for the hacker to position himself between you and the connection point. So instead of talking directly with the hotspot, you’re sending your information to the hacker, who then relays it on. 

Keep Software and Devices Updated 

You’ve probably seen messages popping up on your phone, tablet, computer or laptop prompting you to update your software, operating systems and apps. Don’t ignore them! 

These security updates are important. As well as improvements and new features, they include protection from viruses by fixing bugs and vulnerabilities. Applying the updates is one of the easiest and quickest ways to prevent your account from being hacked. 

How to install and run software updates 

Applying updates 

• Apply updates to the apps and software on your devices as soon as they become available 

• You’ll often be prompted to update your software, but if you want to upgrade manually, go into the device settings and look for updates. The exact location and wording will vary between devices. If you can’t find what you’re looking for, refer to the help or support area on the manufacturer’s official website 

Automatic updates 

• Turn on ‘automatic updates’ in your device settings, if that option is available. That way you won’t have to remember to apply updates yourself 

Make sure your device can receive updates 

• If you’re using an older phone or computer and the manufacturer has stopped providing updates for it, you should replace your device with one that can receive updates. It doesn’t have to be the latest or most expensive model – but it is worth upgrading if it means you can update your software and stay safer from fraudsters 

Back Up Your Data Regularly 

• Do backups regularly 

Get into a routine of doing your backups regularly. How often you back up depends on how often your data changes. For example, you could choose to do your backups weekly or monthly, depending on how often you save new data to your devices. 

• Have different backups 

If you can, keep two different copies of your backups and store them in different places. That way if someone was to break in and steal your laptop and hard drive from your home, you’d still have a copy of your data saved elsewhere. 

One way to do this is to use physical hardware (an external hard drive or USB drive ) for one copy, and a cloud-based backup system (like iCloud) for the other. 

• Make sure your hard drive backups are stored offline 

If you’re using a USB drive or an external hard drive to store your backups, don’t leave it connected to either your network or one of your devices all the time. Make sure you disconnect it when you’re not using it. If you leave it connected, anything that could affect your network or your device – like a virus – will affect the backup too. 

• Test your backups 

Make sure your backups work and that your data is stored correctly by checking them from time to time. Check that: 

• the files on your backup work 

• you can access the files, and 

• you can copy them back onto your device. 

Check your machine is free of malware like viruses before you restore a backup from a physical device like your hard drive. 

• Protect your backed up data with passwords 

Secure your backup by making sure it’s protected with a strong password to stop anyone else accessing the data on it without you knowing. You should also set up two-factor authentication (2FA) if it’s available. 

This includes your physical backups (USB drive or external hard drive) as well as your cloud-based ones. 

How to create good passwords 

Use two-factor authentication to protect your accounts 

Use Antivirus and Firewall Protection 

A firewall and antivirus serve different purposes in network security. A firewall acts as a barrier to block unauthorized access to and from a network or system, while antivirus software detects and removes malicious software (malware) on a device.