Multi-Factor Authentication combines and leverages “something you know” (like your login credentials) and “something you have” (like your smartphone or email account).

MFA increases security because even if one of your credentials has been compromised, unauthorized users likely won't be able to meet the second step, which will block their attempted access to the targeted computing device, network, or database.

To learn more about MFA and how to enable it on some of the more popular tools, check out these resources:

• Multifactor authentication (MFA) | CISA
• How to enable on Gmail
• How to enable on Gsuite
• How to enable on Outlook.com
• How to enable on M365

Updates can install new features, protect data, improve performance, and ensure compatibility. Many software vendors today even allow you to enable automatic updates.

The two most important reasons to stay on top of software updates? Patching security flaws and protecting your data, which you can learn more about here:

• Understanding Patches and Software Updates

From checking your email to online banking to simply accessing your devices and systems, passwords are a part of daily living. While it can feel tempting to use a short or catchy password to help you keep track, a lack of password complexity or repeating passwords can also pose serious risks to your security.

To protect yourself and your information, use passwords that are long, strong, and difficult for someone else to guess—while still relatively easy for you to remember.

• Password Length
  The longer a password is, the harder it is to crack. Many security professionals recommend 16 unrepeated characters.



• Uniqueness
  For stronger cybersecurity, every one of your accounts should have a unique password. Though it may feel like you’re saving time or effort by using the same password for multiple accounts, doing so can increase your risk.
  
  For example, if your credentials get stolen in a data breach, an unauthorized user could gain access to any accounts where you’ve used those same credentials.



• Passphrase
  With all the requirements needed to make your passwords strong, creating passphrases can help you create and keep track of your unique passwords. A passphrase is an easy phrase for you to remember, but hard for others to guess (such as an uncommon song lyric). When creating a passphrase, avoid commonly used phrases (like ‘letmein!’) or personal information (like the name of your pet). Here's an example of a strong passphrase: F1sh1ngWithMyS0n



• Changing Passwords
  While tedious, occasionally updating passwords is a strong security practice, especially if you fear an account has been compromised or if you notice unusual activity.



• Password Managers
  A password manager can generate, save, and sync passwords across multiple devices. It's a handy application that removes the hassle of having to remember all of your long credentials and prevents bad habits like writing passwords down or storing them in unsecure documents. Google "password managers" to learn more.

Routine cybersecurity awareness training can help prevent the loss of Personal Identifiable Information (PII), intellectual property, money, or brand reputation. An effective awareness training program may help address the common cybersecurity mistakes employees may unknowingly make on the web, through email or text, and in the physical world, such as document disposal or being tailgated. To learn more about cybersecurity awareness training, check out these resources from the Cybersecurity & Infrastructure Security Agency.

• CISA Cybersecurity Awareness Program
• CISA Cybersecurity Awareness Program Small Business Resources
• Cybersecurity Training & Exercises

A cyber insurance policy helps an organization pay for any financial losses they may incur in the event of a cyberattack or data breach. It also helps them cover any costs related to the remediation process, such as paying for the investigation, crisis communication, legal services, and refunds to customers.