Kick off the new year with a cybersecurity boot camp

Follow this one-day program to strengthen your digital defenses against cybercrimes and fraud all year round.

Every January, millions of Americans make New Year’s resolutions focused on health, wellness or finances. Just as you might kick off the year by joining a gym, eating better or vowing to tackle your high-rate debt, consider using this new page in the calendar to strengthen your cybersecurity health and adopt better digital habits.

With that in mind, welcome to cybersecurity boot camp, your gateway to becoming a savvy digital defender. Whether you’re a tech novice or a digital native who wants to stay up to date, this annual program will help strengthen your defenses against financial fraud.

Unlike with other New Year’s resolutions, you should be able to tackle improving your cybersecurity health in a single afternoon. And once it’s done, you’re set for the year.

Ready to get started? Here’s your exercise program:

Exercise #1: Create strong passwords

First, strengthen your passwords, which are your first line of defense against bad actors trying to access your financial accounts. The federal government’s Cybersecurity & Infrastructure Security Agency (CISA) recommends passwords that are long, random and unique. Instead of “password123” or your pet’s name, for example, use a string of letters, symbols and numbers like “k8dfh8c@Pfv0gB2.” And come up with a different password for every online account.

Remembering so many long and random passwords can be difficult and time-consuming. This is where password managers come in. Rather than saving your passwords in a Word document, your email or on a sheet of paper, a password manager stores all your login information electronically, leaving you with one password to remember.

“Password managers are a godsend,” says Charles Banks, vice president, Information Security, at U.S. Bank. “A lot of the devices that we use, such as iPhones, come with their own password manager,” he adds. Similarly, Windows’ “Credential Manager” feature allows you to manage passwords. If you want additional protection, you can use a reliable free service like Bitwarden or a low-cost one like 1Password.

Exercise #2: Enable two-factor authentication

Now that you have stronger passwords, add one more level of protection. Two-factor authentication is like adding a second lock to your front door. It’s an extra code for logging into your financial and other important accounts or devices in addition to providing your username and password.

Once you sign up for two-factor authentication, your bank, for example, will send you a one-time, temporary code through a text, call or email every time you log into your account.

Another option is to install an authenticator app on your phone — two popular apps are Duo Mobile and Google Authenticator. These apps may prompt you to input a second password to log into your devices or accounts or provide some other form of authentication, such as biometrics. 

Exercise #3: Update your operating systems

Installing the latest operating systems on all your devices ensures that you have the best available fraud defenses. “If you have a digital wallet on your phone, why wouldn’t you make sure you have the most up-to-date operating system on that device?” Banks says. “Because if you don’t, that device could be vulnerable.”

CISA provides a guide to operating system updates for Windows, Apple and Android devices. Once you have the latest software, enable automatic updates for your devices and apps so you can set it and forget it.

You should also update the software on Wi-Fi–connected appliances in your home like thermostats, photo albums and refrigerators — the so-called Internet of Things. “If our information lives on these devices, we need to make sure that their operating systems are updated too,” Banks says.

Exercise #4: Secure your Wi-Fi network

If someone is connected to your Wi-Fi network, they can potentially tap into other devices in the network. To help ensure this doesn’t happen, change your Wi-Fi password once per year.

Next, change your router password — this is different from your Wi-Fi password. If it’s your first time logging into your router, the process might feel unfamiliar, but it isn’t difficult. To find directions, start by typing your router’s IP address into your internet browser — this is usually on a sticker on the back of your router.

While you’re changing your router password, it’s also a good idea to make sure the router is using the strongest security setting. If it’s set to “WEP,” as some older routers are, change it to “WPA2-PSK” or “WPA3.”

Exercise #5: Get a free credit report yearly

Banks recommends reviewing your credit report once a year. While this might seem unrelated to cybersecurity, think of it as a way to survey your “digital financial footprint,” since reviewing your credit report can alert you to instances of identity theft and fraud.

By law, you are entitled to a free credit report from each of the three major agencies every year. When reviewing your report, look for any suspicious items. For example, if an auto loan shows up on your report that you didn’t take out, that’s an indication of possible identity theft.

Exercise #6: Guard your credit card numbers

One aspect of good data hygiene, Banks notes, is understanding where all your personal financial data lives. If you’ve set up bill paying through a third-party service or directly with companies, your credit card or bank account numbers may be stored on those sites. Paying all your bills through your bank may be more secure.

How about all the places you’ve clicked to save your credit card number? “If I’m shopping on 20 different websites and I have my card saved on each one, that’s an increased risk,” Banks says. “If I have a credit card tied to an app that is compromised, then my credit card number would be compromised.” You can take control of your payment security by reducing the number of websites that store your credit card information.

Exercise #7: Back up your devices

Some cybersecurity experts recommend the “3-2-1” rule for backing up what’s on your devices. This means keeping three copies of your data — two on local devices and one off-site. In practical terms, you might store your data on your computer, on an external hard drive and in the cloud.

This might sound like a lot to do, but it only needs to happen once. After setup, all your new files will automatically be uploaded to your backups.

“Backing up your devices applies business continuity practices to your personal life,” Banks says. “If a laptop is compromised, you have all that data stored somewhere else, so that when you get a new laptop, you can simply upload all of that data on the new device.”

Read more about ways to protect yourself from financial fraud in the digital world.