This year, National Cyber Security Awareness Month (NCSAM) comes on the heels of one of the most devastating cybersecurity breaches in history, which exposed Social Security numbers and other important consumer data belonging to about half the U.S. population. In an age where the volume of breached data has increased more than eightfold in the past five years alone, the basic cybersecurity tips that consumers have relied on in the past aren’t necessarily the best ways to stay afloat in the modern threat landscape.

Five Outside-the-Box Cybersecurity Tips to Protect Your Accounts From Modern Threats

In the wake of countless major security breaches, many of the checkpoints commonly used to prove our digital identities, such as Social Security numbers, email addresses, passwords and personal facts, are now in the hands of fraudsters, meaning they are no longer a valid way to confirm who we are online.

Consumers should consider the following cybersecurity tips to get ahead of the modern threat landscape, taking into account new guidance around passwords as well as outside-the-box advice that that can help people cope in an age where personal data is no longer private.

1. The Ideal Password Is a Long, Nonsensical Phrase

While the death of the password has been long predicted, they’re currently a core method of access for most systems and must be created with care. While the rule of thumb for passwords in the past has focused on complexity, with at least eight characters combining letters, numbers and special characters, recent guidance suggested that longer passphrases — several unrelated words tied together, made up of at least 20 characters — are actually harder to crack and easier to remember.

2. Store Passwords in a Digital Vault

Reusing passwords is one of the worst things you can do because if one gets compromised, an attacker can access your other accounts as well. But memorizing a different password for each account is virtually impossible, which is why 81 to 87 percent of people reuse passwords in the first place.

Rather than try to memorize multiple passwords or store them insecurely on your phone notepad, use a password manager, which acts as a vault for existing passwords and can also generate stronger passwords for you. Instead of managing dozens of passwords on your own, you’ll just have to remember the one key to your digital vault.

3. Lie on Your Security Questions

Many account security questions ask about information that could easily be found online, such as former addresses, your mother’s maiden name, etc. Consider either selecting questions that are opinion-based, such as your favorite color or movie, or even using fake answers for these questions to ensure that only you would know the answer.

4. Double Dip on Security Checkpoints

Many services nowadays, particularly sensitive accounts such as email and banking, allow for two-factor authentication (2FA), which adds an extra security checkpoint when certain risk factors are present, such as logging in from a new location or device. Determine which accounts are at risk and add an extra login step to avoid a single point of failure.

The most popular example is a short message service (SMS) text sent to your phone at login that asks you to enter a one-time code to access the account. However, the second factor can be anything from an email to a phone call, an extra question or a hardware token generator that stands alone and produces time-based codes. The most effective measure depends on your service provider, but you can also use your own judgment to secure your accounts.

5. Get Down With Biometrics

Even if we apply the best practices above, we’re quickly approaching a future in which the use of passwords to establish identity isn’t enough. Biometric authentication uses physical and behavioral characteristics, such as fingerprints, as a means of protection. At the same time, experts have devised ways to make sure this data is collected and applied in a manner that protects consumers and prevents cybercriminals from hijacking it.

Consider using the fingerprint option to unlock your mobile device and back it up with a lock code. Some providers are using voice signatures, and others are employing facial recognition. The race to replace the password is on, and adopting these new methods can help test and enhance them over time to make your digital identity more secure.

A Vast Playing Field for Fraudsters

The internet, our identities and the methods we use to protect ourselves online have evolved considerably in the past decade. Almost everyone has a digital identity nowadays — nearly 90 percent of U.S. residents were internet users in 2016 — so attackers have a vast playing field. Learning to outsmart the bad guys can go a long way toward shifting the dial on safeguarding our identities in an era in which our data is no longer as private as we’d like it to be.

Read the Report: Detecting digital identity fraud with IBM Trusteer

More from Endpoint

Deploying Security Automation to Your Endpoints

Globally, data is growing at an exponential rate. Due to factors like information explosion and the rising interconnectivity of endpoints, data growth will only become a more pressing issue. This enormous influx of data will invariably affect security teams. Faced with an enormous amount of data to sift through, analysts are feeling the crunch. Subsequently, alert fatigue is already a problem for analysts overwhelmed with security tasks. With the continued shortage of qualified staff, organizations are looking for automation to…

Threat Management and Unified Endpoint Management

The worst of the pandemic may be behind us, but we continue to be impacted by it. School-aged kids are trying to catch up academically and socially after two years of disruption. Air travel is a mess. And all businesses have seen a spike in cyberattacks. Cyber threats increased by 81% while COVID-19 was at its peak, with 79% of all organizations experiencing a loss of business operations during that time. The risk of cyberattacks increased so much that the…

3 Ways EDR Can Stop Ransomware Attacks

Ransomware attacks are on the rise. While these activities are low-risk and high-reward for criminal groups, their consequences can devastate their target organizations. According to the 2022 Cost of a Data Breach report, the average cost of a ransomware attack is $4.54 million, without including the cost of the ransom itself. Ransomware breaches also took 49 days longer than the data breach average to identify and contain. Worse, criminals will often target the victim again, even after the ransom is…

How EDR Security Supports Defenders in a Data Breach

The cost of a data breach has reached an all-time high. It averaged $4.35 million in 2022, according to the newly published IBM Cost of a Data Breach Report. What’s more, 83% of organizations have faced more than one data breach, with just 17% saying this was their first data breach. What can organizations do about this? One solution is endpoint detection and response (EDR) software. Take a look at how an effective EDR solution can help your security teams. …