Not Your Father’s Cybersecurity Tips: Think Outside the Box to Protect Your Identity During NCSAM

This year, National Cyber Security Awareness Month (NCSAM) comes on the heels of one of the most devastating cybersecurity breaches in history, which exposed Social Security numbers and other important consumer data belonging to about half the U.S. population. In an age where the volume of breached data has increased more than eightfold in the past five years alone, the basic cybersecurity tips that consumers have relied on in the past aren’t necessarily the best ways to stay afloat in the modern threat landscape.

Five Outside-the-Box Cybersecurity Tips to Protect Your Accounts From Modern Threats

In the wake of countless major security breaches, many of the checkpoints commonly used to prove our digital identities, such as Social Security numbers, email addresses, passwords and personal facts, are now in the hands of fraudsters, meaning they are no longer a valid way to confirm who we are online.

Consumers should consider the following cybersecurity tips to get ahead of the modern threat landscape, taking into account new guidance around passwords as well as outside-the-box advice that that can help people cope in an age where personal data is no longer private.

1. The Ideal Password Is a Long, Nonsensical Phrase

While the death of the password has been long predicted, they’re currently a core method of access for most systems and must be created with care. While the rule of thumb for passwords in the past has focused on complexity, with at least eight characters combining letters, numbers and special characters, recent guidance suggested that longer passphrases — several unrelated words tied together, made up of at least 20 characters — are actually harder to crack and easier to remember.

2. Store Passwords in a Digital Vault

Reusing passwords is one of the worst things you can do because if one gets compromised, an attacker can access your other accounts as well. But memorizing a different password for each account is virtually impossible, which is why 81 to 87 percent of people reuse passwords in the first place.

Rather than try to memorize multiple passwords or store them insecurely on your phone notepad, use a password manager, which acts as a vault for existing passwords and can also generate stronger passwords for you. Instead of managing dozens of passwords on your own, you’ll just have to remember the one key to your digital vault.

3. Lie on Your Security Questions

Many account security questions ask about information that could easily be found online, such as former addresses, your mother’s maiden name, etc. Consider either selecting questions that are opinion-based, such as your favorite color or movie, or even using fake answers for these questions to ensure that only you would know the answer.

4. Double Dip on Security Checkpoints

Many services nowadays, particularly sensitive accounts such as email and banking, allow for two-factor authentication (2FA), which adds an extra security checkpoint when certain risk factors are present, such as logging in from a new location or device. Determine which accounts are at risk and add an extra login step to avoid a single point of failure.

The most popular example is a short message service (SMS) text sent to your phone at login that asks you to enter a one-time code to access the account. However, the second factor can be anything from an email to a phone call, an extra question or a hardware token generator that stands alone and produces time-based codes. The most effective measure depends on your service provider, but you can also use your own judgment to secure your accounts.

5. Get Down With Biometrics

Even if we apply the best practices above, we’re quickly approaching a future in which the use of passwords to establish identity isn’t enough. Biometric authentication uses physical and behavioral characteristics, such as fingerprints, as a means of protection. At the same time, experts have devised ways to make sure this data is collected and applied in a manner that protects consumers and prevents cybercriminals from hijacking it.

Consider using the fingerprint option to unlock your mobile device and back it up with a lock code. Some providers are using voice signatures, and others are employing facial recognition. The race to replace the password is on, and adopting these new methods can help test and enhance them over time to make your digital identity more secure.

A Vast Playing Field for Fraudsters

The internet, our identities and the methods we use to protect ourselves online have evolved considerably in the past decade. Almost everyone has a digital identity nowadays — nearly 90 percent of U.S. residents were internet users in 2016 — so attackers have a vast playing field. Learning to outsmart the bad guys can go a long way toward shifting the dial on safeguarding our identities in an era in which our data is no longer as private as we’d like it to be.

Read the Report: Detecting digital identity fraud with IBM Trusteer

Limor Kessem

Executive Security Advisor, IBM

Limor Kessem is one of the top cyber intelligence experts at IBM Security. She is a seasoned security advocate, public speaker, and a regular blogger on the cutting-edge IBM Security Intelligence blog. Limor comes to IBM from organizations like RSA Security, where she spent 5 years as part of the RSA research labs and drove the FraudAction blog on RSA's Speaking of Security. She also served as the Marketing Director of Big Data analytics startup ThetaRay, where she created the company's cybersecurity thought leadership. Limor is considered an authority on emerging cybercrime threats. She participated as a highly appreciated speaker on live InfraGard New York webcasts (an FBI collaboration), spoke in RSA events worldwide, conducts live webinars on all things fraud and cybercrime, and writes a large variety of threat intelligence  publications. With her unique position at the intersection of multiple research teams at IBM, and her fingers on the pulse of current day threats, Limor covers the full spectrum of trends affecting consumers, corporations, and the industry as a whole. On the social side, Limor tweets security items as @iCyberFighter and is an avid Brazilian Jiu Jitsu fighter.