Cyber Lessons

Arm yourself with knowledge to stay ahead of the game.

Multi-Factor Authentication

Double your login protection.

No matter how long and strong your password is, a breach is always possible. All it takes is for just one of your accounts to be hacked, and your personal information and other accounts can become accessible to cyber criminals.

Enable multi-factor authentication (MFA) to ensure that the only person who has access to your account is you. Use it for email, banking, social media, and any other service that requires logging in. If MFA is an option, enable it by using a trusted mobile device, such as your smartphone, an authenticator app, or a secure token—a small physical device that can hook onto your key ring. This way, even if cyber criminals guess your password, they’re still out of luck!

Sometimes even long and strong passwords aren’t enough. Step up your game with MFA and keep all your private bits … private.

Wi-Fi Safety

Stay protected while connected.

The bottom line is that whenever you’re online, you’re vulnerable. If devices on your network are compromised for any reason, or if hackers break through an encrypted firewall, someone could be eavesdropping on you—even in your own home on encrypted Wi-Fi.

Practice safe web surfing wherever you are by checking for the “green lock” or padlock icon in your browser bar—this signifies a secure connection. When you find yourself out in the great “wild Wi-Fi West,” avoid free internet access with no encryption. If you do use an unsecured public access point, practice good internet hygiene by avoiding sensitive activities (e.g., banking) that require passwords or credit cards. Your personal hotspot is often a safer alternative to free Wi-Fi.

Make sure you go green—green lock, that is—for a trusted internet connection, and make this step a habit in every new environment.

App Security

Keep tabs on your apps.

Have you noticed that apps you recently downloaded are asking for permission to access your device’s microphone, camera, contacts, photos, or other features? Or that an app you rarely use is draining your battery life?

Your mobile device could be filled with suspicious apps running in the background or using default permissions you never realized you approved—gathering your personal information without your knowledge while also putting your identity and privacy at risk. Don’t give your apps an all-access pass. The following are some steps to avoid “over-privileged” apps:

  • Check your app permissions and use the “rule of least privilege” to delete what you don’t need or no longer use.
  • Learn to just say “no” to privilege requests that don’t make sense.
  • Only download apps from trusted sources.

Enable automatic app updates in your device settings or when they pop up, because having the most up-to-date software doesn’t just make things run smoother—it helps keep you patched and protected against ever-evolving cyber threats!

Oversharing and Geotagging

Never click and tell.

Everyone seems to be posting their information on social media—from personal addresses to where they like to grab coffee. You may figure, if everyone’s doing it, why can’t I?

What many people don’t realize is that these seemingly random details are all criminals need to know to target you, your loved ones, and even your physical belongings—online and in the real world. Avoid posting names, phone numbers, addresses, school and work locations, and other sensitive information (whether it’s in the text or in the photo you took). Disable geotagging, which allows anyone to see where you are—and where you aren’t—at any given time.

While it’s tempting to do otherwise, limit your social networks to people you actually do know in real life, and set your privacy preferences to the most restrictive settings.


Play hard to get with strangers.

Cyber criminals cast wide nets with phishing tactics, hoping to drag in victims. Seemingly real emails from known institutions or personal contacts may ask for financial or personal information.

Cyber criminals will often offer a financial reward, threaten you if you don’t engage, or claim that someone is in need of help. Don’t fall for it! Keep your personal information as private as possible. If they have key details from your life—your job title, multiple email addresses, full name, and more that you may have published online somewhere—they can attempt a direct spear-phishing attack on you. Cyber criminals can also use social engineering with these details to try to manipulate you into skipping normal security protocols.

If you’re unsure who an email is from—even if the details appear accurate—do not respond, and do not click on any links or attachments found in that email. Always avoid sending sensitive information via email.

If you receive a suspicious email that appears to be from someone you know, reach out to that person directly on a separate secure platform. If the email comes from an organization but still looks ‘phishy,’ reach out to them via customer service to verify the communication.


Shake up your password protocol.

Gone are the days when you needed to come up with a frustrating mixture of letters, numbers, and symbols. According to NIST guidance, you should consider using the longest password or passphrase permissible. NCCIC guidance suggests 16-64 characters.Some sites even allow for spaces. Easy-peasy!

It’s important to mix things up—get creative with easy-to-remember ways to customize your standard password for different sites. Having different passwords for various accounts can help prevent cyber criminals from gaining access to these accounts and protect you in the event of a breach. Always keep your passwords on the down-low. Every time you share or reuse a password, it chips away at your security by opening up more avenues in which it could be misused or stolen.

Ready for extra credit? The most secure way to store all your unique passwords is by using a password manager. With just one master password, a computer can generate and retrieve passwords for every account you have—protecting your online information, including credit card numbers and their three-digit CVV codes, answers to security questions, and more.

Device Protection

If you connect, you must protect.

Our devices are great at making our lives easier and fun, but it’s important to be conscious about all the information you are generating and where it’s headed. Once your device plugs into cyberspace, you and your device could potentially be vulnerable to all sorts of risks.

These include malware that can steal information and data, destroy your hardware, log keystrokes, and infect other devices connected to your compromised device. Whether it’s your computer, smartphone, game device, or other network devices, the best defense is to stay on top of things by updating to the latest security software, web browser, and operating systems. If you have the option to enable automatic updates to defend against the latest risks, turn it on. And, if you’re putting something into your device, such as a USB for an external hard drive, make sure your device’s security software scans for viruses and malware. Finally, protect your devices with antivirus software. There are many kinds of antivirus software available, so find one that fits your needs and your devices.

Cyber threats may be evolving, but you can outsmart them with a savvy security protocol.