Directive Blogs
Prioritize Your Cybersecurity Hygiene in 2024
A New Year can be about self-improvement. Most of us make lofty goals to spend more time at the gym, or to stop sneaking spoonfuls of uncooked Pillsbury Cookie Dough right out of the tube from the back of the fridge at four in the morning. Some of us accomplish our goals, and some of us have gotten really good at hiding that Pillsbury Cookie Dough wrapper in the bottom of the trash so nobody realizes it’s gone. All joking aside, it feels good to make accomplishments, and I truly hope that anything you set your mind to is able to happen for you.
If you are looking for an easy resolution that will help you sleep better at night and is extremely easy to maintain, I’d highly suggest that you prioritize your own personal cybersecurity in 2024.
It will take a little effort, but trust me, it will save you a lot of headache down the road.
Get Yourself a Password Manager
First and foremost, you’ll want to start this journey with a trusted password manager. There are plenty of them out there, such as Keeper, Dashlane, 1Password, Bitwarden, and KeePass. If your business already uses an enterprise password manager, most of the time they include free personal and family accounts, so you can take advantage of that. If not, you are going to get a paid account for yourself (most personal/family plans are only a couple dollars per month).
Protip! If your business doesn’t have an official password manager, definitely reach out to Directive at 607.433.2200 to talk to us about getting a standard in place. If we can help all of your employees improve their cybersecurity hygiene, it will greatly reduce the number of risks your organization faces.
When creating your account, I want you to come up with the most secure password you’ve ever been able to come up with, while still making it something you can memorize. This is going to be one of the only passwords you’ll ever have to memorize after we are done, so let’s make sure it’s a good one.
How Do You Create a Strong Password?
Strong passwords don’t contain any information about you, or anything that we could possibly guess if we knew you well. They should be long, complex, and contain capital and lowercase letters, numbers, and symbols.
My favorite way to set the foundation of a strong password is to take song lyrics I like, and take the first letters or syllables and put them into the password.
Just for an example, if I were to take Taylor Swift’s “Shake It Off” and make a password out of it, here’s what I might do. Let’s take the lyrics:
Cause the players gonna play, play, play, play, play
And the haters gonna hate, hate, hate, hate, hate
Baby, I'm just gonna shake, shake, shake, shake, shake
Now let’s turn it into some letters that I can type out while humming it to myself in my head:
ctpgppppp&thghhhhhbbijgsssss
Look at that, I was able to add a symbol without even thinking about it. We’re already off to a good start. Now let’s make it more secure, without making it harder to memorize and type out. Maybe all the letters that represent play, hate, and shake should be numbers? Remember, don’t use birthdays or obvious anniversaries that might be on public record.
ctpg11223&thg88898bbijg71182
Okay, now we’re going to dress it up with some capital letters and a couple symbols and we are good. And because we want to make it simple for ourselves, we’re only going to make the “p” for “players” and the “h” for “haters” capitalized, because that makes sense in our head.
The final password is:
ctPg11223&tHg88898@bbijg71182!
Obviously you can’t use this exact password—it’s already published in this guide on the Internet. You’ll want to make your own. Still, the song method is a great way to get something super secure, and with a little practice, you can actually type out a 30-character password without straining your brain. Experiment—you don’t need as many characters; as long as you have at least 15 characters, your password is considered very strong.
This new password will be the password you use to sign into your password manager.
Change Every Password on Every Account You Have
Grab a drink and a snack, because this is going to take you some time. I did this for myself last year in the days between Christmas and New Year's. It took a couple of evenings, and it was a long, arduous process, but it was so worth it. Those two nights of pain and boredom made the entire year that much easier. I’m auditing all of my accounts this year, and thanks to my hard work last year, it should only take me an hour.
So here we go. Start with your email accounts, your bank accounts, and anything that involves managing money. Then move on to social media and e-commerce sites, and then any other accounts you have.
Log in, change each and every password, and log that password away in your new password manager. Take it slow, and be thorough. Make sure you document the email address tied to each account, and make sure you have access to that email.
For the new passwords, don’t come up with a password on your own. Instead, just generate a long, secure, random password in your new password manager. Your password manager will have a button that lets you generate a random password. Since you’ll be relying on your password manager to log into everything, you don’t need to memorize any particular password.
You’ll be able to install your password manager on your phone, tablet, and any other device you control so you can access your passwords securely.
Set Up Multi-Factor Authentication on Every Account You Can
While you are in each of these accounts, look for security/privacy/account options and look to see if the site offers multi-factor or two-factor authentication (sometimes labeled as MFA or 2FA). This is where the account will send you a text message with a PIN to complete the login process.
To be even more secure, install a multi-factor authentication application like Google Authenticator, Microsoft Authenticator, or Duo Authenticator. Then scan the QR code with your authentication app and the application will generate the pin number for you. This way, if someone hijacks your phone and can read your text messages, they can’t also sign into your other accounts.
This Will Take Time. It Will Be a Slog. It Will Be Worth It.
Believe me, it was a nightmare to go through my personal accounts and lock everything down. In the end, I managed to reset passwords for just over 300 different online accounts, and set up multi-factor authentication for around 190 of them.
But once it is all done, you are organized, and maintaining the system is so simple—just let your new password manager create passwords for new accounts, and always set up multi-factor authentication.
One more thing—now that your passwords are stored in a password manager, you’ll want to tell your web browser (Google Chrome, Edge, Firefox, Safari, etc.) to stop remembering your passwords, and to delete all the passwords they were storing.
In Google Chrome:
Click the three-dot icon on the top right of your browser window and select Passwords and Autofill > Google Password Manager. From here you can manage and delete the passwords that Google Chrome has saved for you. They are safer in your new password manager, anyway!
In Microsoft Edge:
Select Settings and go to Privacy, Search, and Services. Then scroll down to Clear Browsing Data. Click Choose what to clear and it will allow you to only select passwords. Set the time range to All Time and click Clear Now to delete all the saved passwords in Edge.
Let’s Make 2024 the Best Year for Your Cybersecurity
Share this article around to your colleagues, friends, and family. If you need help securing your business, give Directive a call at 607.433.2200 today!