Data breaches involving the theft, mishandling, or unauthorized access of personal, medical, and financial information continue to increase and impact tens of millions of Americans every year. This demonstrates that despite widespread efforts across the public and private sectors to increase awareness of cybersecurity risk and improve defenses, more needs to be done to raise the bar and make it more difficult and costly for bad actors to succeed. Here are some actions that everyone can take to improve online security and protect data privacy:
Conduct an audit of all online accounts that contain personal information; delete any that are no longer necessary
Enable two-factor authentication (2FA) on all online accounts and mobile apps that offer it
If your social media contains personal information and photos, restrict settings to avoid public posts
Secure your home WiFi by requiring a strong password to access the network
Change default admin passwords on connected devices such as cameras, thermostats, and appliances
Never respond to unsolicited emails or phone calls requesting your personal, medical, or financial information
Enable full disk encryption on personal computers, if available
Never make purchases or enter sensitive information on websites that do not display 'HTTPS' in the address
Collect the minimum amount of sensitive personally identifiable information (PII) and retain for only as long as necessary
Conduct an audit of all systems for sensitive PII; delete any for which there is no reason to retain
Implement policies and train employees on the proper methods to safeguard data
Embrace the principle of least privilege and the separation of duties
Encrypt sensitive data in transit and at rest
Require multi-factor authentication for remote access into the corporate network and privileged access to systems
Ensure all software and hardware is maintained at vendor supported patch levels
Segregate networks containing systems that process or store sensitive data from other corporate networks
Implement protective technologies including web and email filtering, endpoint protection, and application whitelisting
The National Cyber Security Alliance (NCSA)—the same organization responsible for National Cyber Security Awareness Month—leads Data Privacy Day and other year-round efforts to educate consumers as part of the global STOP. THINK. CONNECT. campaign. NCSA is a nonprofit, public-private partnership dedicated to promoting a safer, more secure and more trusted internet.
Additional NJCCIC Resources
Best Practices: Learn all about cybersecurity best practices on email security, passwords and multi-factor authentication, exploring the internet, and device security.
Be Sure to Secure: Discover information on various cybersecurity topics as well as instructional guides designed to teach you how to properly secure devices, data, and networks.
Threat Analysis: Catch up on the latest cyber threats!