October is Cybersecurity Awareness Month under the leadership of CISA and the National Cyber Security Alliance (NCSA). The goal is to continue to raise awareness about the importance of cybersecurity across our Nation. This year’s theme is to be #cybersmart, as we all play a role in the security of our own “cyberspace”. Focusing on cybersecurity and being cybersmart can positively impact our lives, but also the organization we work for and our nation.
To kick off cybersecurity awareness month, here are the five tips to be #cybersmart.
- Use a password manager – It’s important to have great password hygiene. This means making sure your passwords are hard to crack, that it is long enough and a combination of uppercase and lowercase characters, numbers and special characters. You also don’t want to reuse passwords for various accounts, so the best way to manage this is to use a password manager that will securely store all your passwords for your various accounts.
- Don’t use public hotspots – When you’re at the airport, your favorite coffee place or at the library, do you connect to the public WI-FI network? A safer option is to connect to your phone’s hotspot, or use a VPN. There are no guarantees that public WI-FI networks are secure. In fact, with the flaws discovered in WPA2, the encryption standard that secures modern WI-FI networks, attackers within the range of vulnerable wireless access points can become a “man-in-the-middle”, intercepting passwords, emails and other sensitive data. In many cases, they can also inject malware into the sites that you’re visiting.
- Update your applications – whether you’re on your mobile device or laptop, you’re probably running a number of key applications that will come with vulnerabilities. Enable automatic updates on your applications or make sure that you’re updating them regularly with patches. This includes browser updates such as Chrome or Safari.
- Use multi-factor authentication – Many applications offer multi-factor authentication. This means you’re required to validate your identify via two or more pieces of credential. Your credentials fall into any of these three categories: something you know (like a password or PIN), something you have (like a smart card), or something you are (like your fingerprint or faceID). Your credentials must come from two different categories to enhance security. You can add an extra layer of defense to your accounts by enabling multi-factor authentication.
- Beware of phishing scams – One of the most common delivery systems for malware is via phishing scams, via attachments that come to you in an email, masquerading as a file you should trust. Once they're downloaded and opened, they can take over you computer. Avoid clicking on links from people you don’t know about, or clicking on links in email messages with grammatical errors and details that don’t make sense. Some phishing scams are very targeted so beware of oversharing sensitive information on social media that would make it easy for hackers to target you.