Cybersecurity Awareness Month lacks both the gravitas of Women’s History Month and the levity of International Talk Like a Pirate Day, in comparison to other fictitious month-long observances and festivals.
In reality, the October holiday has become more well-known for producing mocking memes than for increasing digital security awareness. However, it never hurts to take a break and ensure that you are cyber-savvy.
This includes establishing strong, unique passwords for all of your online accounts, using two-factor authentication wherever feasible, and doing your best to keep your private information, well, private.
Last week, President Joe Biden issued a proclamation formally declaring October as Cybersecurity Awareness Month, in which he urged all Americans to learn to detect and prevent phishing, as well as to periodically update their software.
The proclamation states, “As the threat of harmful cyber activity escalates, we must all do our share to keep our nation safe and secure.”
Chris Jacob, vice president of threat intelligence engineering at the cybersecurity company ThreatQuotient, states that doing your bit does not have to include doing a lot.
According to him, simple “does and don’ts” might go a long way. For example, maintain backup copies of your most important papers so they are secured in the event of an attack, but avoid clicking on links in emails from unknown senders.
“It may be a stretch to label some of these things ‘cybersecurity,'” he argues, but they are nonetheless essential.
In honor of National Cybersecurity Awareness Month, here are a few simple strategies to safeguard your online accounts.
Use complex passwords
Passwords must be lengthy, random, and distinct. Daniel Clemens, CEO of the cybersecurity firm ShadowDragon, explains why passwords with more than 30 characters are significantly more difficult to break.
“Cybercriminals frequently play the numbers game with their victims,” added Clemens. They will move on to an easier victim if you put up a struggle or make things tough.
You may use a passphrase consisting of a string of unrelated phrases to make your passwords simpler to remember, for as “grandmafootballcheeseburgerhat” or “lamppostParishotsaucetrophyhat.”
Avoid providing personal information that is easily guessed. The name of your dog, the make of your first automobile, or your alma school may be significant to you, but they make terrible passwords. No matter how secure you believe them to be, you should never reuse passwords across several accounts. Thus, you can mitigate the consequences if one of your passwords is hacked.
This also applies to the personal questions and answers used to change passwords, according to CyberGRX security engineer Brianna Groves.
There is no compulsion to speak the truth when selecting your answers, according to Groves, who adds that you should never use the same questions for several accounts, whether they are genuine or not.
“The queries are often broad and rely on information that was never intended to be kept secret,” she added. “Determining your mother’s maiden name, the name of your high school, and your brother’s nickname may be easier than you think.”
If this seems overwhelming, sign up for a password manager. It will keep your login credentials organized and safe. Using the browser’s password generator and manager is also acceptable. In the past, several of these alternatives were cumbersome, but they have been improved. For instance, you can now use Google’s Chrome browser to autofill passwords into iPhone apps and auto-generate new passwords.
Always use two-factor authentication when available
If your password is hacked, a second layer of protection will do much to safeguard your account. Two-factor authentication, also known as 2FA, multifactor authentication, and two-step verification, needs a second form of identity before gaining access to your account.
2FA functions in a variety of ways. It might be an app-generated code, a biometric such as a fingerprint or Face ID, or a physical security key inserted into the device. Yes, 2FA makes the login procedure slower. However, if 2FA is available, it must be enabled.
A word of caution: if possible, avoid two-factor authentication solutions that send a code to your smartphone. Why? SIM switching, in which fraudsters steal your phone number by phoning your wireless carrier and requesting that your number be transferred to a new SIM card and phone. It does occur, and if crooks obtain your phone number, they will also receive the SMS message.
Be cautious of phishermen
Many cyberattacks and data breaches, both large and little, begin with a phishing assault nowadays. While the majority of phishing attempts are still sent by email, the practice has expanded to include social media postings, text messages (smishing), and even QR codes (quishing).
The attackers might be posing as a charity soliciting funds to assist the victims of recent catastrophes. In the past, fraudsters have attempted to profit on the conflict in Ukraine and the demand for COVID testing kits. They might also impersonate a member of your office’s IT department or a buddy who wants you to check out a fantastic bargain at your preferred shop.
The purpose of attacks is typically the same regardless of their form: to steal credentials, money, or personal information.
Work-related logins are highly sought after by cybercriminals because they might be used to get access to company systems and data, but even the logins for your personal email and social media accounts have worth. If compromised, they might expose you to the risk of financial fraud or identity theft, or be exploited in a future scam.
To prevent being a victim of a scam, experts recommend ignoring emails and other messages from unknown senders and refraining from opening files. They may be infected with computer viruses. If you have doubts about the validity of an email, pick up the phone and dial the sender’s number.
Regarding cryptocurrencies, consumers must exercise heightened caution. While banks may be able to reimburse you for credit card theft, the same cannot be said for cryptocurrencies, which are meant to be entirely anonymous and untraceable.