Man sitting at computer receives verification code on mobile phone

Security | Cybersecurity Month 2023

You can help prevent unauthorized account access.

While there are many ways you can help protect your personal information, implementing these six security measures would be a great place to start:

1. Enable multi-factor authentication

Multi-factor authentication, or MFA, is a security protocol that adds a layer of complexity to account access. A password is just one method for authentication, and – for added protection – many online accounts now require more than a single method. The use of username and password credentials is considered the first authentication. Years ago, that was considered secure enough. However, over time, as hackers have improved their ability to decipher usernames and crack passwords, the invention and application of new methods have led to two-factor authentication (also known as two-step verification):
  • Automated text messages and emails that contain a specific code for one-time use
  • Fingerprint scans
  • Face recognition
  • Custom security question options that go beyond “What’s your mother’s maiden name?”
  • A standalone security app on your phone or computer that notifies you whenever someone attempts to log into your account
  • A standalone app, like VIP Access, that generates a time-based security code that only you can access
  • A secure item like a physical key or a key fob that identifies you as the authorized individual.

2. Use complex passwords

For years, The National Institute of Standards and Technology (NIST) at the U.S. Department of Commerce, the part of the government concerned with promoting American innovation and industrial competitiveness, has studied the growing cybersecurity threat posed by hackers. According to their experts, long passwords - longer than is typical - are more important than people think in securing your login credentials. They recommend creating passwords with a minimum of 12 characters that include numbers, a random mix of upper- and lower- case letters (no words), and special characters (as allowed by each individual platform). Length and complexity work hand in hand to help make a password so difficult to hack that, sometimes, it just isn’t worth the effort.

It is also suggested to use a passphrase, a series of random words linked together, to make your password a little easier to remember but difficult to guess, like nell!stopyoungRockFace13. According to, hacking the passphrase nell!stopyoungRockFace13 would take one octillion years, a time frame that would try the patience of even the most persistent cybercriminal.

Cybercriminals try and guess passwords using specialized software that attempts thousands of potential password combinations in a matter of minutes, and these tools continue to evolve and become more sophisticated. With short, simple passwords, there’s fewer possibilities to run. So, a good way to protect yourself is to force hackers to pursue easier targets.

3. Rely on a password manager

While we all have many accounts and each one needs a password, using the same one repeatedly is asking for trouble. Once the password is cracked, hackers can access many or all of your accounts, leading to potential disaster. As it does the remembering for you, using a password manager to store passwords, and apply your username and password data, can be a great asset. These software applications also allow you to manage your passwords in a secure location. The password manager encrypts your data and secures it behind a single, master password. The information is scrambled using mathematical algorithms and ends up useless without the key to unscramble it: the master password.

The benefits of a password manager may include:
  • Encrypted passwords
  • Prompts that encourage you to follow best practices for password creation
  • Freedom from the hassle of remembering passwords
  • Notifications of potentially fraudulent access or phishing attempts

4. Keep your software updated

Why is it so important to keep your software updated? By not running regular updates, problems and vulnerabilities discovered and solved over time will remain unsolved on your device, leaving you unprotected. Even when solutions are found, they do you no good if they are not installed.

Updating is easy. You can update manually by checking to see if updates are available. However, it is much easier to simply set your device to look for updates automatically. Your computer can identify and implement updates the moment they are released, on particular dates, or even each time your machine is turned on.

It’s important to procure the updates directly from the original source, and not from some unknown third party. For example, to update antivirus protection, download it from the company from which it was purchased or through the App Store or Google Play on your mobile device. Also, never download unlicensed programs or apps. It’s a sneaky little method hackers use to distribute illegal items that can install vulnerabilities into your device.

5. Fight back against phishing

Phishing is when cybercriminals create lookalike websites, fake emails, social media posts, and other methods to pose as trusted entities and trick you into clicking malicious links or opening dangerous attachments. Suspicious emails and text messages like these are all too common:
  • Payment due notices from the IRS
  • Order confirmation requests
  • Appeals for information
  • Acceptance or authorization required to receive fake prizes, gifts, or purchases
  • Warnings about pretend security issues that need your attention 
The best defense against phishing attacks is to be skeptical and scrutinize all communications. Signs of a phishing email can be obvious or subtle, but once you’re able to recognize a phishing attempt, you can avoid falling for it. Before acting on a communication, it’s important to verify that the apparent sender is indeed who they say they are. Warning signs to look for include:
  • Style details that stray from the norm, like an odd greeting or atypical writing style
  • Misusing words
  • Inconsistencies buried in the email address, links, or domain names – for example, receiving an email from Amazon but the link is
  • Unknown attachments
  • Spelling or grammar errors
  • Requests for login credentials, payment information, or sensitive data

6. Be diligent in reporting issues

If you’re the target of a phishing attack, don’t reply, click the links, or open the attachments. If the communication arrived on a work device, report it immediately to your superior or the IT department. If it’s a personal message from what appears to be a legitimate source, never hesitate to confirm its veracity with the company in question. Always refrain from clicking on email unsubscribe links as it just lets the criminal know that the email is active.

Phishing is, of course, illegal. If you suspect a phishing attack, you can report it to the Federal Trade Commission and also pass the information along to the Anti-Phishing Working Group. This international group of counter-cybercrime experts collects, analyzes, and distributes data about cybercrime from around the world. They also use their expertise and data to offer solutions to the continuing issue of global internet crime.

Here at First Northern Bank and Trust, we are committed to helping our customers protect themselves from fraud. If you have questions, please call 1-800-344-2274 and we’d be happy to discuss your concerns.