Cybersecurity for your personal computer

From Alliance Doc
Jump to navigation Jump to search

Context

Cyber criminals spend their days trying to deceive us into giving up our information, tamper with our devices and even steal our identities. When cyberattacks like phishing are successful, they can ruin our days, to put it lightly. That’s why, this Cybersecurity Awareness Month, we’re encouraging Members of the Alliance and the Federation to ruin a cybercriminal’s day!

For October Cybersecurity Awareness Month, the National Security Council’s Cybersecurity Training and Awareness Team is sharing resources and planning a series of workshops to help Members of the Alliance and the Federation improve their security knowledge and awareness.


Our Four Topics

We have selected four topics this year:

  • Basic Computer Hygiene
  • Password Hygiene Habits
  • Safe Browsing and MFA
  • Linux Permissions

Basic Computer Hygiene

Health Check

The following questions are designed to assess the cyber security posture of your computer. Let’s answer the questions to check whether your computer is secured.



Password Hygiene Habits

Despite many solutions that protect information and systems, stolen usernames and passwords (credentials) are still the most common way attackers gain unauthorized access. While this might be through social engineering or phishing, it is frequently the result of weak, guessable passwords and re-used credentials that have been exposed.

Which is most important for keeping your password secure?

  1. Change it frequently
  2. Use a mix of cases and characters
  3. Make it long and unique


The correct answer is that long and especially unique passwords are the most secure. Password complexity can help, but length is much more important than the characters used. Despite this, many systems still enforce outdated complexity rules, but password length is what’s critical. The most important is that a different password is used for every different service. Why? because breaches happen, eventually some service will mishandle your credentials and they will get exposed. Just have a look at https://haveibeenpwned.com/ - for most people, it's already happened. IF you password isn't unique, and is exposed, it can be used to access any system where that same credential is used. This process (called password stuffing) is usually automated and can happen as quickly as 12 hours after the initial exposure.

Changing passwords frequently, without cause, can actually degrade security. When forced to change their password frequently, many people choose an easy to remember password based on predictable patterns.


So how can you best protect yourself?

  • Use a password manager
    • Regardless if you choose one that is standalone or integrated into your web browser, open source or a commercial product/service. A password manager is essential when it comes to all the other steps below.
  • Use a different password for everything - every service, every system;
    • This is quite easy, if you’re using a password manager.
  • Make it long - 15 characters or longer is a good size;
    • Again, easy with a password manager when you allow it to generate the passwords for you. 20-32 characters is easy since you don’t need to remember them anyway.
  • Never share it with anyone; really, no one, ever;
    • Your credentials belong to you, they identify you, sharing them not only compromises your identity but is also usually a violation of the policies of the service or system they are used to access.
  • Change only if there is a reason.
    • If you believe the password may have been compromised, may be reused, or is weak, you should change it. There is no good reason to change passwords based on a time schedule.

If this is not your current situation: Don’t Panic! just start making changes today. Every little bit helps. If you have hundreds of passwords you need to change, start with a few of them, do a couple every day at lunch. Every time you make even one set of credentials more secure you’re doing yourself a big favour.

Safe Browsing and MFA

Join our workshop on October, XXX where we will provide an overview of MFA project!

Session in English:
Session in French:


Linux Permissions

Join our workshop on October, 27 at 12pm - 2pm EST where we will make a deep dive into Linux permissions!

Session in English:
Session in French:

Retrieved from "https://docs.alliancecan.ca/mediawiki/index.php?title=Cybersecurity_for_your_personal_computer&oldid=119681"