Passwords for all applications and websites should be changed bi-annually, be complex, contain a mix of numbers, symbols, capital and lowercase letters, and be at least 12 characters in length. In addition, passwords should not contain dictionary words or personal information.

Avoid storing your passwords insecurely such as the notes app on your phone. Instead, store passwords in a locked cabinet or password manager application.

Be aware of “shoulder surfing" in the office and in public; ensure nobody is peering over your shoulder when you are entering your password or other login credentials.

Turn on multi-factor authentication when available.