Cybersecurity Awareness Month is a collaboration between government and private industry to raise awareness about digital security and empower everyone to protect their personal data from digital forms of crime.
The National Cybersecurity Alliance (NCA) and the Cybersecurity and Infrastructure Agency (CISA) work together to provide information about staying safe online and encouraging actions we can all take to protect ourselves against malicious cyber actors.
Four key cybersecurity tips are recommended by the NCA and CISA to safeguard your information. These key tips are simple and actionable for both individuals and businesses.
Tip #1: Create Strong Passwords and Use a Password Manager
Creating, storing, and remembering passwords can be cumbersome, but the truth is that passwords are your first line of defense against cybercriminals and data breaches.
Remember the three guiding “LUC” principles when creating a new password – Long, Unique, and Complex:
• Long – Each of your passwords should be at least 12 characters long.
• Unique – Each account needs to be protected with its own unique password. Never reuse passwords. This helps avoid multiple accounts being compromised at once.
• Complex – Each unique password should be a combination of uppercase letters, lowercase letters, numbers, and special characters (like >,!?).
If your password is “LUC”, current recommendations state that you don’t need to ever change it unless you become aware that an unauthorized person is accessing that account, or the password was compromised in a data breach.
It has never been easier to maintain your passwords with free, simple-to-use password managers. These online tools allow for the creation and secure storage of “LUC” passwords for all your accounts, allowing you to remember just one “LUC” password to gain access to all your passwords straight from your mobile or desktop device. Ideally, couple a password manager with the use of multi-factor authentication (MFA).
Tip #2: Enable Multi-Factor Authentication
Multi-Factor Authentication, otherwise known as “MFA”, adds one more security step when logging in to an account beyond only using a traditional email and/or username and password. It confirms your identity using an additional pre-configured authentication method. The goal of MFA is to increase the difficulty for a scammer to access your online accounts.
MFA can include:
- An extra PIN (Personal Identification Number)
- The answer to an extra security question like, “What is your favorite pet’s name?”
- An additional code either emailed to an account or texted to a mobile number
- A biometric identifier like facial recognition or a fingerprint
- A unique number generated by an “Authenticator App”
- A secure token, which is a separate piece of hardware (like a key fob that holds information) that verifies a person’s identity with a database or system
By activating and using Multi-Factor Authentication on all online accounts that have the option, you will dramatically increase the security of your personal information and data. To set up MFA, start by viewing your account profile settings on the website or application you wish to activate MFA on and look for an “Account Settings” or “Security Settings” menu.
Tip #3: Update Your Software
Scammers are always looking for new ways to get your data through the software that lives on all your devices. Updating your operating system (OS), the software that runs the base interface and function of your device, will greatly reduce your risk of scammers accessing your data since the OS is where cybercriminals look for vulnerabilities.
Software Update Tips:
- Only use official software updates from the company that created your device.
- Watch out for fake updates. Pop-up windows when visiting a website or software that urgently asks you to complete an important action will always be fake.
- Make updates an automatic process when possible. Software from legitimate companies usually provides an option to update your software automatically. When there’s an update available, it gives you a reminder so you can easily start the process. If you can’t automatically update software, remind yourself to check quarterly if an update is available.
The next time your phone, tablet, or computer’s operating system (OS) prompts you for an update or asks you to set up an automatic update for various software, don’t ignore it. Regularly updating your software is an easy way to stay a step ahead of scammers.
Tip #4: Recognize and Report Phishing Attempts
Phishing is the number one way cybercriminals gain access to your information. Sending a convincing email and adding a sense of urgency to the receiver of the email is easy to do and it can be difficult to recognize the subtle clues.
Be on the lookout for the following red flags in your inbox:
- Does it contain an offer that’s too good to be true?
- Does it include language that’s urgent, alarming, or threatening?
- Is it poorly crafted writing riddled with misspellings and bad grammar?
- Is the greeting ambiguous or very generic?
- Does it include requests to send personal information?
- Does it stress an urgency to click on unfamiliar hyperlinks or attachments?
- Is it a strange or abrupt business request?
- Does the sender’s email address match the company it’s coming from? Look for misspellings like pavpal.com or anazon.com.
If you receive a potential phishing email, do not do what it says and do not click on any links or open any attachments. If you are at work, follow your company’s policies and procedures for reporting a suspicious email. Often, this will involve the use of an extension reporting button or link that sends the email to be scanned by your organization. If you are at home, delete the email and block the sender.
