WHAT IF THE BEST ADVICE I COULD GIVE YOU CAME FROM PROFESSIONALS AT THE TOP OF THEIR FIELD? In this series, I ASK EXPERTS AND LEADERS TO WEIGH IN ON SOME OF THE MOST COMMON DECLUTTERING QUESTIONS I HEAR FROM MY CLIENTS.

FROM THE MENTAL HEALTH BENEFITS OF A DIGITAL DECLUTTER TO “WHAT IS A 3-2-1 BACKUP AND WHY DO I NEED IT?” IF YOU WANT TO DECLUTTER YOUR DIGITAL LIFE, READ ON TO LEARN TIPS AND TRICKS FROM LEADERS IN THEIR INDUSTRY. WHY? BECAUSE A PRO SAID SO.

Some of the most common questions I get from clients are regarding Cybersecurity. The questions range from virus threats and software updates all the way to identifying fraudulent emails. Although I have been consulting on these topics for some time, I thought I would revisit them with an expert in the field.

This month I sat down with Dave Eiselman, CISSP, to hear what he had to say. Read on for expert advice on why you should lock down your passwords, enable 2-Factor Authentication, and set up automatic software updates today.

How long have you been working in cyber/information security?

I’ve been working in IT for 22 years and in information security for the past 10 years. I’ve been a Certified Information Systems Security Professional for the past 4.5 years.

I meet a lot of clients who are using the same (or variations of the same) password for most of their online accounts. Do they really need a different password for every single account?

It is very important to use a strong, unique password for each of your online accounts. Cyber criminals often use hacked credentials from one account to try to gain unauthorized access to another account. Let’s say someone has your credentials to an online retailer. They can then attempt to use these same credentials on other sites, including financial institutions.

A password that is complex can still be hacked by something called a brute force attack. However, the length of the password makes a huge difference. According to security.org, a complex password that is 8 characters long can be hacked via brute force in about eight hours. A similarly complex password that is 12 characters long would take 34,000 years to hack!

We've established that a strong password is important. What are your tips on creating a strong password?

Password complexity, length and lifetime are the three most important factors when it comes to choosing a password. Complexity can mean adding symbols and numbers for example. Length is just that. The longer the password, the harder it is to hack. Lifetime refers to how often you change your password. Consider changing your passwords every 3 to 6 months. Using a password manager like LastPass can help you easily keep track of all your passwords.

Another line of defense I talk to clients about is 2FA (2-Factor Authentication). Could you explain what this is and why is it important?

2FA (two-factor authentication), also sometimes referred to as MFA (multi-factor authentication), is one of the best ways to protect your online accounts! 2FA requires the user to provide two factors to access their accounts. There are generally three types of factors: something you know (think password), something you have (such as a phone or hardware token like a Yubikey), and something you are (such as your fingerprint). Simply using two of the same factors is not considered 2FA. For example two passwords is not 2FA. You have to have two different factors, such as a password and a phone, or a password and a fingerprint. Even if someone gains access to your credentials they’ll still only have one factor, which makes getting into your account much less likely.

Let's talk about updates. Do they really help? Many people just plain forget to check for updates. Some are scared to run an update because they don't understand what it's doing. What would you say to these people?

Applying updates or ‘patching’ is one of the most important things you can do to maintain your digital security. Software companies often roll out patches to address vulnerabilities. Keeping your software up to date protects your computer from hackers. Plain and simple. Hackers will even examine software updates to find out what vulnerabilities were addressed and then try to exploit them on unpatched machines.

How necessary is having additional antivirus software besides what's already installed on your computer?

Generally the anti-virus software included in modern (and patched!) operating systems is enough protection for the average user. It is for me. If you want extra protection you can always use a third party antivirus product. In some cases this might catch something your native antivirus software missed. I often recommend Malwarebytes. It is free to use to run regular scans on your computer and for a small monthly fee you can enable their real time protection for extra peace of mind.

What about spam and phishing? What are they and is there an easy way to tell if an email is fraudulent?

Spam is just unwanted and not necessarily malicious. A Phishing email is a fraudulent message that appears to come from a reputable source. The intent is to fool you into giving away sensitive information like an account password or even to install malware on your computer. Phishing emails often seem to come from someone you know. They often claim that something bad will happen if you don’t take immediate action. Pay attention to the “From” line. Check the actual sender's address. If it does not feel right, trust your gut. If you have received an unwanted email you should mark it as spam and delete it.

David Eiselman is Certified Information Systems Security Professional and Network Security Specialist at the University of North Carolina at Chapel Hill. There he works to set policy and architect security solutions for the universities over 40,000 students, faculty, and staff.

Follow along with me each month as I speak to more leaders & industry pros, debunking decluttering myths, giving my clients power, and educating them on how to live their best life, the Decluttered Digital Way.