It's that time of year where we're all trying to stick to our New Year's Resolutions. Maybe you made some health goals — but what about your digital health? Here are four security tips to help you be more secure than ever in 2018.


Lock down your logins

Remember the White House’s 2016 “Lock Down Your Login” campaign? Turns out, they were onto something.

In order to protect your personal data from online attackers, enroll in two-factor authentication (2FA) for ALL of the online and app accounts you use regularly. Yup, I said it – all of them. If you have to prioritize, set up 2FA for your most critical accounts – websites that contain personally identifiable information (also known as PII) – such as your email, online banking and even social media accounts. 2FA will prevent un-trusted devices from logging into your accounts – making it virtually impossible for hackers to get in.

Don’t worry, you won’t have to type your credentials twice every time you want to login to a website with 2FA. After you set up your trusted device(s) the first time, 2FA will recognize the devices and won’t require you to verify them again. Once installed, you can simply click "Accept" on your 2FA app to log in. In some cases, you can even authenticate your 2FA on a smart watch. Look at you being futuristic, cool and secure!

Fond of the Post-It method for keeping track of those pesky logins? I hope not (cue sideways eyes emoji). Use a third-party password manager to protect and manage passwords—it’s the easiest way to create and keep track of credentials for all the websites you use. When you set it up, make your login credentials for your password manager the most complex password you can remember (without writing it down).


Become educated about phishing emails

Phishing, when an attacker sends an email to one person or a group of people in an attempt to gain information from them, is one of the most effective ways an attacker can compromise your security. It’s important that you know what a phishing email looks like, and what to do if you receive one. Phishing emails are often sent by a someone posing as a legitimate colleague or vendor. They can be targeted, sent to a specific person with broad system access (like an executive) or sent to a large number of people. Attackers will often combine the “quality” and “quantity” approaches to hedge their bets.

Ask your IT or Security department to run an internal training on how to avoid phishing emails, and what to do if you think you’ve received a suspicious email. This quick overview is a good resource if phishing emails are new to you and you’re not sure where to start.


Calling all Admins: update your security controls

This next one is for all of you Salesforce Administrators out there! If you’re not already, get acquainted with security controls for your role, and for your users. A great tool for Admins to run regularly (I recommend once every release) is Health Check, which acts as a hub for your org’s most important security settings.

If you’ve already run Health Check recently and want to conduct an additional review of your users’ permission settings, the following resources will help you get started:


Become a security champion at your company

It’s almost always possible for a company and its employees to be more secure. If you feel like your company can do more to safeguard its data, talk to your IT support about creating security guidelines and best practices for every employee. If you are a Salesforce Administrator, do your part by encouraging all of your users to complete the Security Basics module on Trailhead.