Cybersecurity Awareness Month Tips

Multi-factor authentication (sometimes called MFA, 2FA or two-factor authentication) is when you set up more than one way to verify your identity when logging into accounts. First, you type in your password. Then, you have to verify your identity through another source like a text, email, or biometrics such as fingerprints or facial recognition, to confirm that it’s you trying to log in. In addition to this extra layer of protection, you will also get notifications anytime someone tries to log into your accounts.

To turn on multi-factor authentication refer to your account and/or device settings.

2. Use Strong Passwords

Creating a strong password is one of the best things you can do to protect your online accounts. Two of the most common ways hackers try to get your passwords are by credential stuffing or password spraying.¹

Credential stuffing is when hackers use common or known passwords that have appeared in a data breach to see if any of these passwords work with a particular email address. Password spraying is when hackers test common passwords across multiple user accounts until they gain access.¹

Your passwords should have a combination of uppercase and lowercase letters, numbers, and special symbols. To make a strong password, follow ALL 3 of these tips.²

1. Make them long. At least 16 characters—longer is stronger!
2. Make them unique. Use a unique password for every site, this way if an account does get hacked it won’t put the security of your other accounts at risk.
3. Make them random. Two ways to do this are:
   1. Use a random string of mixed-case letters, numbers and symbols. For example: cXmnZK65rf*&DaaD.
   2. Another option is to create a memorable phrase of 4 – 7 unrelated words. This is called a “passphrase.” For example:
      • Good: HorsePurpleHatRun
      • Great: HorsePurpleHatRunBay
      • Amazing: Horse Purple Hat Run Bay Lifting

3. Update Software

Software and app updates contain important security fixes that can help keep you safe. These software updates protect your laptop, your smartphone, and any other device you may use to connect to the Internet. You may be tempted to click “Update Later” on those software update notifications, but that decision could leave you more vulnerable to fraudsters. Installing software updates in a timely manner is one critical measure you can take to protect your devices because they defend against attackers exploiting patched vulnerabilities.

• To minimize your risk, consider setting up automatic software updates.
• Only download software updates from trusted vendor websites. Don’t trust a link in an email message, especially if you don’t know the sender.
• Avoid software updates while using untrusted or unsecured networks (such as the WiFi at the library or a coffee shop).

4. Recognize fraudulent phishing attempts

Over 90% of successful cyber attacks start with a phishing email.³ Phishing emails and text messages may look like they are from a legitimate person or company you know and trust. Sometimes phishing messages tell a story to urge you respond to a text message, click on a link, or make a phone call. Taking a few seconds to review the message closely may save you from falling for a phishing attack.

In today’s digital-first world, protecting our data and systems is more critical than ever. If you suspect a breach:

• Call your Heritage Wealth Manager or your Schwab Alliance team immediately at 800-515-2157 so that they can watch for suspicious activity and collaborate with you on other steps to take.
• Freeze credit with all three credit bureaus.

Resources for more information and best practices:

• Cybersecurity Resources
• Cybersecurity & Infrastructure Security Agency
• StaySafeOnline.org: National Cybersecurity Alliance
• FTC Online Privacy and consumer advice
• FBI Scams and Safety website provides additional tips

^{1.https://blog.lastpass.com/posts/credential-stuffing-vs-password-spraying}

^{2.CISA Use Strong Passwords}

^{3. CISA Guidance for Families}