Matt Miller

Ensure your posts and profile details are only visible to trusted connections. Platforms often update privacy policies, so check your settings periodically.

Create a silly sentence or a song lyric that only you know, then toss in some numbers and symbols. It’s like a secret handshake that’s easy for you but impossible for intruders.

If an email seems unexpected or urges immediate action, avoid clicking links or opening attachments. Hover over links to preview the URL before clicking.

Annually review IT and security policies to ensure they reflect current threats, technologies, and regulatory requirements. Distribute and communicate any changes to staff.

Never leave exterior or interior security doors open or unattended. Propping them open creates easy access for unauthorized individuals.

If you’re unsure about a caller’s legitimacy, hang up and call back using a known, official number. Never use a callback number provided during a suspicious call.

Secure your accounts with complex passwords that are different from those you use elsewhere. Always enable multi-factor authentication (MFA) for an extra layer of protection.

Identify and remove inactive user accounts that haven’t been used in the last 90+ days. Dormant accounts are a common attack vector for unauthorized access.

Every strong password, update, and security measure is a piece that fits together to keep your data safe. The more pieces you lock down, the harder it is for cybercriminals to crack the code.

Phishing emails often use addresses that look similar to legitimate ones (e.g., support@micr0soft.com). Always double-check for misspellings or unusual domain names.

All employees should complete updated security training at least once a year. This helps reinforce policies, recognize social engineering threats, and promote secure behavior.

Avoid posting sensitive details like your birthday, address, workplace, or travel plans. This information can be used for identity theft or social engineering attacks.