Programs
Cybersecurity Best Practices and Resources
Cybersecurity is everyone's responsibility, and here you'll find essential tips and resources to help ensure your actions contribute to a safer online environment. By staying educated on the latest cybersecurity best practices, you're empowering yourself with the knowledge to protect your personal and county data.
Resource Index
Use Strong Passwords and a Password Manager
Turn on Multifactor Authentication
Phishing: Recognize It and Report It
Use Strong Passwords and a Password Manager
Strong passwords are critical to protecting your accounts.
- For each account, create a unique password that's 12-16 random characters and includes uppercase, lowercase, numbers and symbols.
- Avoid common words or phrases. Instead, use random combinations of letters, numbers and symbols that do not resemble dictionary words.
- Use a password manager to save usernames and passwords in an encrypted database. Rather than remembering 100 different passwords, you only need to remember one: the password to your password manager. Password managers can also generate new passwords.
- Discourage shared password use and consult your IT team to find a better solution. The more people who know a password and access an account, the less secure it is.
Additional resources
- 1$ Y0uR P@$$w0rd S3curE?
- Password best practices
- Password Managers tip sheet
- CISA password tip sheet
Turn on Multifactor Authentication
Experts recommend implementing multiple layers of security, especially for county email accounts and other online accounts that hold personal or sensitive information. This multilayered approach is called multifactor authentication, or MFA, and may be referred to as two-step verification or two-factor authentication.
What is MFA?
A cybersecurity measure that requires users to provide two or more methods of authentication verifying their identity to log in and access an account. While MFA was once a recommended best practice, it is now a standard practice for account security.
The challenge?
While MFA significantly enhances security, in instances where it is abused by bad actors, it can also lead to "MFA fatigue." This occurs when users become overwhelmed, frustrated or desensitized by constant prompts for authentication, leading them to approve requests without proper scrutiny and leaving them vulnerable to a cyberattack.
What you can do
- Never act on or authorize an MFA prompt that you yourself did not initiate.
- Use authenticator apps like Microsoft Authenticator, instead of relying solely on text message codes.
- Never share your security codes with anyone.
Enable MFA
The TAC County Information Resources Agency (CIRA) offers a multifactor authentication solution that is free for all of our email service members. Learn how to set up multifactor authentication on your CIRA-hosted email account. To enable MFA or to become a CIRA email member, visit our website or contact the team at CIRA Support or (800) 456‑5975.
Additional resources
- National Cybersecurity Alliance tip sheet
- Cybersecurity and Infrastructure Security Agency tip sheet
Phishing: Recognize and Report It
Phishing occurs when cybercriminals try to trick you into taking a specific action, such as opening a harmful link or attachment or sharing sensitive information, to expose you or your county to cybercrime. Phishing messages, or "bait," usually come in the form of an email, text, direct message on social media or phone call. These messages are often designed to look like they come from a trusted person or organization and may include an urgent request for you to take action.
Phishing attacks have become an increasingly common problem for organizations of all sizes and are becoming more difficult to spot. Failure to recognize a phishing attempt could result in identity theft, credit card fraud, ransomware attacks and huge financial losses for your county. That's why it's important for all of us to know how to spot red flags and why we should always stop and think before clicking a link or opening an attachment.
Additional resources