Cybersecurity
What is Cybersecurity?
In today's ever-evolving digital landscape, it is vital to safeguard all aspects of your electronic presence. Cybersecurity is the practice of protecting systems and information from digital threats. Whether you're checking your email, online shopping, posting to social media, even online gaming with your friends, you could become the victim of a cyberattack. McLean County is proud to be an official Champion of #CybersecurityAwarenessMonth.
Proclamation from the McLean County Board in support of Cybersecurity Awareness Month 2023
Sometimes called two-factor authentication or two-step verification, Multi-Factor Authentication (MFA) allows you to protect yourself in multiple ways. Typically, you will enter your username, password, and then verify your identity in some other way such as responding to a text message or approving each login attempt through an authenticator app.
Multi-Factor Authentication makes it extremely difficult for hackers to access your accounts, even if they know your password. It is recommended that you implement Multi-Factor Authentication for any account that permits it, especially accounts associated with work, school, email, banking, and social media.
Passwords are your first line of defense against cybercriminals and data breaches. No matter what accounts they protect, strong passwords should be used to reduce the risk unauthorized account access. A strong password should be:
- Long
- Each password should be a minimum of 12 characters in length
- Unique
- Each account should be protected with its own unique password
- Never reuse old passwords or use the same password for multiple accounts
- None of your passwords should look alike (don't use the same password but add an additional character at the end)
- Complex
- Passwords should be a combination of upper case letters, lower case letters, numbers and special characters (such as ! ? < .)
Use these three guiding principles to create strong passwords for all of your accounts, and never share your password with anyone!
Password managers are pieces of software that allow you to generate new, secure passwords that are long, unique and complex with just a few clicks. Password managers automatically store your passwords and can autofill them when you arrive at the site you are logging in to. Quality password managers encrypt all of the passwords stored on them. Some of the advantages of using a password manager are:
- Time saving
- Works across all devices and operating systems
- Identity protection
One of the easiest ways to increase your cybersecurity is to make sure your software and apps are up to date. By installing the latest updates for your devices, software and apps, you ensure that you are getting the best security available as well as access to all of the latest features. Enrolling in automatic updates will ensure that you always have the most up-to-date security available, though it is a good idea to periodically review your update settings.
Only download software to your computer from verified sources and only download apps from your device's official app store. Updates should be sent from the device, software or app developer, do not download updates sent from another source. Check your device and app settings regularly, especially if you don't have automatic updates turned on.
Phishing is when criminals use email, messaging or social media to try and get you to click on a bad link or download a malicious attachment. Never click any links or download attachments from a communication you believe to be a phishing attempt. Use the tips below to help identify phishing attempts:
- Does it contain an offer that's too good to be true?
- Does it include language that's urgent, alarming or threatening?
- Is it poorly crafted writing riddled with misspellings and bad grammar?
- Is the greeting ambiguous or very generic?
- Does it include requests to send personal information?
- Does it stress an urgency to click on an unfamiliar link or attachment?
- Is it a strange or abrupt business request?
- Does the sender's email address match the company it's coming from? Look for slight misspellings like pavpal.com or anazon.com
So what should you do if you suspect that you've identified a phishing attempt? If you're at work, report it to your IT department as soon as possible. If you receive a phishing attempt on your personal device or email, simply delete it. Do not click on any links, do not respond to the message, just delete it and carry on.