In today’s rapidly evolving online landscape, terms like zero trust, PIM (or Privileged Identity Management), and a series of other acronyms can leave the average person scratching their head. Amidst this jargon and the complex frameworks, it’s too easy to lose sight of the fundamental question at the core of identity management: “Who are you?”
By focusing on the basics, everyone can work together on bolstering identity management throughout our digital reality.
Translating identity management
Since almost every business and other organization has some digital footprint, knowing who is accessing what is critical for security. At its core, identity management is the task of controlling information about people on computers. Yet, the explosion of terms like zero trust, PIM, OAuth architecture, and back-channel authentication creates the illusion that securing our online presence requires a PhD.
Cut through jargon
We think that there’s a way to explain identity management basics to the public, including the billions of people who log onto the internet every day. It’s a matter of defining your jargon as you use it and only using jargon when necessary.
Zero trust, for example, is an intimidating term and might appear contradictory. But with some explanation, the concept becomes clearer: zero trust means a system where no entity is trusted by default, even those inside the network. Zero trust is why most leading password manager software options are as secure as they are. With a sentence or two of clarification, you can explain why zero trust is a good thing. Approaching identity management like this requires taking a moment to understand how you are coming off to the average person.
As another example, PIM (privileged identity management) involves how an organization monitors and controls access to its online system, especially regarding admin access. With a bit of explanation and thinking beyond the abbreviation, the meaning of PIM makes sense. Even better, the lesson of quality PIM becomes more apparent: be mindful of access privileges – don’t overshare and don’t overgrant.
The basics of identity management
Fortunately, by following good cybersecurity habits, the average internet denizen will also be following solid identity management best practices. Here are some of our identity management tips for individuals, and we want this advice to be shared far and wide.
1. Shield yourself with strong authentication
Safeguarding your identity management starts with the basics: your passwords. Each password should be unique, complex, and at least 16 characters long. Use a password manager to seamlessly store your password collection. Always enable multi-factor authentication (MFA) for all your accounts (including your password manager) because it adds an extra layer of protection beyond your password.
2. Audit your digital life
Every few months, take stock of your digital presence. Do you have apps on your smartphone that you don’t use anymore? What permissions have you granted? Don’t hesitate to delete apps you no longer use or trust. If you want to use an account or app in the future, you can always start a new account or download it again.
3. Think before you click
Identifying and reporting phishing attempts remains one of the top ways to bolster your identity management skills. Always be very skeptical of unsolicited emails, messages, or links. Verify the sender’s legitimacy before clicking anything. Remember, legitimate organizations won’t ask for sensitive information via email.
4. Check your privacy settings
Whether with social media or other online platforms, familiarize yourself with privacy settings. Adjust them to your comfort level and consider who can see your posts. Remember, the less you share publicly, the harder it is for someone to misuse your information for social engineering.
5. Security is a lifetime goal
Cybersecurity evolves and so should your knowledge. Stay informed about the latest threats and best practices. There are many free online resources for beginners that will provide valuable insights into protecting your digital identity. Also, you can help others protect their identity management!
Simplify, strengthen, and secure
Identity management is not reserved for tech experts or corporations with giant IT departments. It impacts everyone online. By simplifying the jargon, focusing on the basics, and implementing practical steps like strong authentication and regular audits, individuals can take more control of their online identity. Even in our complex world, doing the basics right is a powerful defense.
About the Author: Cliff Steinhauer is the Director of Information Security and Engagement at the National Cybersecurity Alliance. Cliff is a passionate information security and privacy professional. Currently based in Seattle, he has over a decade of experience in sales, marketing, and project management. With the National Cybersecurity Alliance, Cliff works to direct community engagement through live events, educates through thought leadership, and runs the Cybersecurity program for NCA. Cliff enjoys sharing the message of securing your digital life, protecting information systems and the people that run them, and mentoring young folks to promote interest in the field.