Identity Management Day
Tuesday, April 12, 2022 is Identity Management Day--a day dedicated to helping everyone understand how to protect their digital identities. In today's world we all have massive amounts of personal data online, and it is very valuable to cybercriminals. If one of your accounts is compromised and your data were stolen by a cybercriminal they could use it to steal your identity, steal your money, or create phishing\vishing\SMS attacks to steal from others--known and unknown to you.
According to a 2021 Cisco report on Cybersecurity threats*:
-86% of organizations had at least one user try to connect to a phishing site
-70% of organizations had users that were served malicious browser ads
-69% of organizations experienced some level of unsolicited crytomining
-50% of organizations encountered ransomware-related activity
-48% found information-stealing malware activity
Overall, cryptomining, phishing, ransomware, and trojans averaged 10x the internet activity of all other threat types.
*Data from this report was collected across more than 620 billion internet requests from across 190 countries
How can you protect yourself, your identity, and your data?
- Make long & strong passwords.
- Make passwords different for each account\device. This will mean using a password manager since remembering would be difficult. IF you prefer to write them down, put that in a safe for protection.
- Use lower/uppercase letters; numbers; symbols
- Make passwords at least ten (10) characters in length
- Do not use a password generator because cybercriminals have access to these too
- Enable two-factor\multi-factor\biometric authentication on as many accounts\devices that you own
- Use email\internet\social media with suspicion
- Double-check email addresses and links
- Don't just scan any QR code you find
- Don't interact with emails\phone calls\text messages that are unsolicited or from unknown people (be suspicious of those from known people if they seem 'odd' to you in any way)
- Don't use public\unknown\unsecure wi-fi for any activity where a password is involved
- Don't leave Bluetooth turned on in public spaces, when not in use
- Check the website have i been pwned? once/year to see if your passwords\accounts have been compromised
- Check your credit reports for free once per year to see if your financial accounts have been compromised
- Tell someone about it! Cybercriminals want your silence. Don't be embarrassed if you fall for a scam. Don't clam up because of it. For example, if your organization has an IT department, alert them when you receive a suspicious email in your employee email account. Or if you get an email in a personal account where someone is trying to spoof another organization (e.g., they are pretending to be from Netflix--alert Netflix). If you're not sure who to contact, you can go to a company page and search, or you can report here:
- CISA Reporting Links (https://www.cisa.gov/uscert/report-phishing)
- Google Reporting Page (https://safebrowsing.google.com/safebrowsing/report_phish/?hl=en)