Securing the Future Starts with You.
Technology plays an indispensable role in the lives of people across the state. Whether at work or at home, people rely on the internet and other technologies in everyday life to get things done. While cybersecurity can seem intimidating, there are simple actions everyone can do to safeguard personal information and help ensure long-term security.
Cybersecurity Recommendations
Make cybersecurity a priority as you spend time online at home and at work. We recommend you follow the cybersecurity best practices below to secure your information.
SLAM Phishing
Phishing is a type of attack that tricks you into clicking in links, opening attachments, or logging into an account so that attackers can gain access and install malware on your devices or steal your credentials for financial gain. Use the SLAM acronym (Sender, Links, Attachment, Message) to identify a phishing attempt.
- Sender – Check the true sender of an email.
- “Hover” your mouse over the sender’s name to reveal the true email of the sender.
- Check email addresses carefully to look for misspellings or out of place characters.
- Look for the company name in the domain address.
- Links – Do not go to a link unless it is legitimate.
- “Hover” your mouse over a link to reveal where the link will take you.
- Consider visiting the company website directly, instead of clicking the link.
- Do not provide login credentials to view a document or link from a third party (especially someone you don’t know).
- Attachment – Recognize when an email attachment may not be legitimate.
- It is unlikely that a business would send an email attachment without prompting.
- Don’t open an attachment from an unsolicited email.
- Message – Check the content of the message carefully, even if it is coming from someone you know.
- Call the person to ask if they sent it before clicking on links or opening attachments.
- Review the message. Would the person you know say this or ask you to take action?
Multi-Factor Authentication (MFA)
Multi-Factor Authentication (MFA) is an authentication method that requires users to provide two or more verification factors to gain access to a resource. Factors include a) something you know (e.g., password/personal identification number [PIN]); b) something you have (e.g., ATM card, cell phone, token); or c) something you are (e.g., biometrics).
- Implement MFA for access to both personal and work accounts.
- Consider using a reputable authenticator application instead of an email or cellphone text-based authentication factor method.
- If you have MFA in place, review requests for verification carefully to avoid a hacker stealing your login session.
- Business owners should consider implementing number matching and adding login context to “push” notifications from authenticator applications. Examples of both are available here.
Use Strong Passwords or Passphrases
An 8-character password can be hacked in mere minutes. Use these tips to make your password stronger and more secure, and never use the same password more than once.
- Create a strong password or passphrase.
- Something you can remember
- For example: CoffEE-awake-Tea-Y@!
- Use a password manager.
- You can use biometrics to access it.
- You don’t need to memorize 15 - 20 character passwords.
- You don’t re-use passwords.
Software Patching
Technology companies update software and release patches to fix security issues on a regular basis.
- Keep mobile devices and personal computers up to date with the latest software and patches.
- If your computer prompts you to install a software update, don’t delay unnecessarily.
- Ask your company’s IT team about their patching policy and restart or update your computer as required.
Discovered a Phishing Email?
Here are some steps to take if you discover a phishing email:
- Mark the email as spam. There is usually a way to do that in your email application. Take the time to find out how.
- Do not forward the email to anyone.
- Report the email to your IT department, managed service provider or internet provider so that they can:
- blacklist the sender’s domain address; and
- alert other others.
USBs / Flash Drives
Hackers try to take advantage of human curiosity or altruism to penetrate networks. Examples of this include:
-
Dropping USBs / flash drives in parking lots; and
-
Sending USBs / flash drives in the mail.
If you find or receive one:
-
Do not plug it in to your home or work devices, especially if you aren’t sure where it came from; and
-
Give it to your security or IT staff.
Backup Your Data
When you lose access to your data through a cyberattack or ransomware or for any reason, it’s important to have a plan.
- Identify your important data (contacts, financial information, pictures, etc.) and back it up.
- Consider a cloud-based vendor or use an offline, external hard drive.
- Create a plan for how to access that data in case of cyberattack or an emergency.
- Ask your IT staff about your company’s backup plan; make sure you store data where it can be recovered if your company has a cyberattack.
Wi-Fi
Public wireless networks are not secure, and data can be seen and stolen.
- Be vigilant when using public wireless networks.
- If you are in a restaurant, ask an employee about the correct wireless network name (also known as an SSID). For example: MBTA-wifi vs. guest-wifi).
- Utilize a Virtual Private Network (VPN), which creates an encrypted tunnel between your device and internet locations.
- Minimize using personal logins and passwords over public networks.