As high-profile data breaches and cyberattacks have continued to become more frequent and damaging over the years, industry professionals are constantly working on ways to promote keeping good cyber habits. In 2021, the Identity Defined Security Alliance (IDSA) declared that the second Tuesday of each April would be recognised as Identity Management Day, a day of awareness aimed at educating business leaders, IT decision-makers, and the general public about the importance of managing digital identities securely.
With the proliferation of digital identities and the risks associated with identity theft, data breaches, and other cyber threats, Identity Management Day serves as a reminder of the need to adopt best practices for safeguarding online activities and protecting our accounts and personally identifiable information (PII).
In honour of Identity Management Day earlier this month, here are five easy steps that you can share with your customers, which will help to protect their online identity.
1. Use strong, unique passwords for each account.
One of the most basic and effective ways to protect your digital identity is to use unique and strong passwords for each of your online accounts.
They should not contain any easily guessed or personal information such as your name or birthday. It's also important to use a different password for each account you have, as reusing passwords can increase the risk of multiple accounts being compromised if one password is exposed.
In general, when creating strong passwords, you should always:
- Use a combination of uppercase and lowercase letters, numbers, and special characters,
- Make them at least 12 characters long,
- Avoid using any words that have personal meaning, such as your name, a pet’s name, dates of birth, or anniversaries,
- Make new ones significantly different from other passwords (e.g., don’t just change a number or special character),
- Use passphrases where possible (e.g., “Thunder&L1ghtning!”)
Although it may be difficult to remember many different passwords, using a password manager can help you keep track of them securely.
2. Enable two-factor authentication.
Enabling two-factor authentication (2FA) is another effective way to enhance the security of your online accounts. In fact, it’s said to prevent between 80-90% of cyberattacks.
2FA requires users to provide two forms of identification to access their accounts, typically with a password as the first form of authentication. The options for the second form of identification will differ between apps or websites, but most commonly, these involve one-time passwords which are sent via SMS or email, or, more increasingly, to authenticator apps. However, where possible, it’s recommended that users choose biometric signatures. These can include options such as fingerprints, iris scans, and facial or voice recognition, which are all far more difficult for scammers to forge or bypass and gain unauthorised access to your account.
While it may add an extra step to the login process, the increased security is worth the additional effort.
3. Limit what information you share online (and who you share it with)
If your social media accounts are set to public, hackers can easily find out sensitive information about you, such as your birthdate, mother’s maiden name, best friend’s name, pet names, and sometimes even your home address.
But online security goes beyond social media. Even seemingly innocent online quizzes and surveys can be a front for cybercriminal organisations seeking to gather personal information that can be used to compromise your accounts. “What are your pets' names? When were you born? What’s the name of the street that you first lived in? Enter your email address, and we’ll send you your rockstar stage name!”.
Where possible, make sure your online accounts are private and be selective about who you accept as a friend or follower. Many social networking sites even give the option to view your account as a member of the public, so you know exactly what information is visible to others. If you’d like to keep your profile visible to the public, you can always make use of features that restrict who can see your posts. For example, Instagram has a “close friends” feature which allows only a selected group to view specific posts.
4. Regularly monitor bank accounts and credit reports
An important step in protecting your digital identity is to regularly monitor your bank accounts and credit reports for any signs of suspicious activity. By frequently checking your bank accounts, you can quickly identify any unauthorised transactions and report them to your bank before any further damage is done. Many banks also allow their customers to set up alerts for any unusual activity, which will flag large purchases or withdrawals, and help to detect fraudulent activity more quickly.
Using personal information stolen in data breaches or phishing attacks, scammers are able to open new accounts or apply for credit in your name, so it’s vital that you’re regularly checking your credit report. By doing this, you can quickly identify any new accounts or credit inquiries that you didn’t authorise, and you can take the steps to report the fraud and minimise the damage to your credit score.
5. Beware of suspicious emails, links, and attachments
Always think before you click.
Scammers use links and attachments in emails to share malware or phishing sites where your personal information could be stolen. If something seems suspicious or raises doubts, it's best not to click on it. Here are some fundamental indicators to watch out for:
Don’t click links on emails that:
- Aren’t addressed to you by name,
- Are sent to you from a different email address than the one that the sender typically uses,
- Appear to be from a legitimate company but use poor spelling or grammar, or omit details that you would otherwise expect,
- Are from businesses or people that you were not expecting to hear from, and
- Take you to a website or landing page that is different to what you expected.
If you’re unsure if an email is legit, one of the first things to look out for is the sender’s email address to see if the domain that it’s coming from is correct. Be sure to click on the sender’s address to view the actual sending email account. Scammers will often forge the sender name so that it appears to be the real thing, or taking it one step further; they will register a domain that is similar to the correct domain for the company that they’re spoofing. If the link or attachment has come from an untrusted source, or someone you weren’t expecting to hear from, proceed with absolute caution.
Keeping businesses safe and secure
When it comes to protecting your customers' digital identities, prevention is always better than a cure, and the best defence is to encourage businesses to proactively boost their company’s cyber resilience levels to avoid threats landing in your inboxes in the first place. Even if they’re using Microsoft 365 or Google Workspace, your customers should also have a third-party email security specialist in place to mitigate their risk. For example, using a third-party cloud email security solution like MailGuard.
Nine out of 10 cyberattacks start with an email, so your customers need to ensure that their inboxes are secure. Cybersecurity experts refer to it as a ‘defence in depth’ or ‘multi-layered’ approach. Like having a lock on your front door and a latch, if one fails to stop the intruder, the second one will.
Talk to us
Australian partners, please call us on 1300 30 65 10
US partners call 1888 848 282 2
UK partners call 0 800 404 8993
