Cybersecurity Awareness Month was declared by the President of the United States (and Congress) in October due to increasing threats to private and technological information. The initiative is intended to help people protect themselves online. Under the guidance of the NSA, government and businesses are working in tandem to raise cybersecurity awareness at both the national and global levels. National Cybersecurity Alliance (NCA), and Cybersecurity and Infrastructure Security Agency (CISA).
Cybertravel: Take a look at yourself
The slogan for this year’s campaign, “See Yourself in Cyber,” shows that although cybersecurity may appear to be a complicated topic, it ultimately comes down to people.
Everybody should feel comfortable in cyberspace regardless of their role. Individuals and consumers can make simple steps to protect their information and privacy online. Vendors and suppliers alike can be held accountable for the security of their supply chains and take control of their role in preventing any incidents at their locations. Owners and operators of critical infrastructure that are a part of a wider network of services and systems that rely on or support critical infrastructure can learn how their company contributes to the ecosystem’s overall cybersecurity.
Cybersecurity news stories tend to focus on data breaches or cybercriminals. However, this can make it seem overwhelming and impossible to manage. Cybersecurity Awareness Month reminds everyone that you have many options to protect your data. It doesn’t take much to make a difference in cybersecurity.
Enable multi-factor authentication
All agree that multi-factor authentication (MFA), is the best protection against password attacks. A CISA advisory highlights that “MFA is one of the most important cybersecurity practices to reduce the risk of intrusions—according to industry research, users who enable MFA are up to 99% less likely to have an account compromised.”
MFA should be enabled wherever possible. One mistake many businesses make is to limit the protection of their highly-privileged accounts (such as those IT admins) and only allow remote users to use multi-factor authentication. But criminals can target any employee or individual. To reduce the possibility of an attacker compromising an account, MFA should always be available to all employees.
Attacks on recent occasions Cisco Uber However, not all MFA options are equal in security. SMS-based authentication actually is safer than other methods. deprecated by NIST since 2017While attackers use tactics such as MFA fatigue It is possible to bypass OTP push-notifications authentication. The Office of Management and Budget memorandum on enabling a Zero Trust cybersecurity Asks companies to choose a phishing resistant MFA method such as FIDO2 security key. Organizations should be careful not to replace any existing authentication methods. OTP push authentications are safer than no MFA and can be used to protect less sensitive data.
Use a password manager for strong, unique passwords
Passwords hold the key to your digital castle. Your passwords are as important to secure your digital castle as your house keys. No matter what account they are protecting, all passwords must be created with these three principles in mind:
- Long – At least 12 characters should be included in each of your passwords.
- Unique – Each account must be secured by a separate, individual password. Use unique passwords only. This way, you can rest assured that your other accounts are secure even if they’re compromised.
- Complex – Each password should be complex and contain a mix of capital and lowercase letters, digits, and special characters.
It is a good idea to not change a password that is long, unique, or complex unless it is discovered that another person is accessing the account, or that the password has been stolen in a data breach. Last updated recommendations from NIST This recommendation is supported. Since many years cybersecurity professionals have recommended that we change our passwords regularly. This is not a good idea if you have complicated passwords that are long, unique, or complex. You run the risk of using weak or duplicate passwords or repeating them if your passwords are frequently changed.
Our lives are becoming more digital and more complex. We may now have to manage 100 passwords or more. It can be tedious to create, store and remember all these passwords. But passwords are the first line of defense against hackers, data breaches, and other threats. You can use free, easy-to-use password managers to make it easier than ever to manage your passwords.
password manager This is the easiest way to create strong passwords and keep them secure for all the online accounts that we use. A password manager can help you avoid having to keep a messy sticky note with your most important passwords on it or keeping a notebook of them in a drawer. All you have to do to gain access to your password manager vault, is to create a strong password.
Password managers can be used to save hundreds of passwords on your online accounts. However, these programs have additional benefits.
- Time-saving
- All operating systems, devices and platforms can be used
- Secure your identity
- You should be wary of phishing websites
- You will be notified if a password has been compromised
Make sure to keep your software current
One of the easiest ways to protect your information is by updating your software. Because hackers are constantly looking for ways to gain access to your information through insecure software, updates can help you stay ahead.
Below are some reasons why you should consider software updates immediately.
- Security holes within easy reach Cybercriminals can gain access to a person’s computer because of software flaws. Software flaws can be viewed by cybercriminals as open access points that allow them to infect computer systems with malware. These open doors can be closed by software security updates to protect a system from attacks.
- Seek out new features. You might be able add new features or get rid of outdated features by installing updates. Technology is constantly changing so updates are a great way to keep up with all the latest developments and features.
- Safeguard your data. An attacker who gains access to software security holes will search for passwords and confidential documents. Security flaws can make data more difficult to protect.
- Increased efficiency Each patch may not be related to security. Software developers may discover bugs in their software and realize the program must be fixed. The software’s performance is boosted by these modifications.
- Check compatibility. Software developers offer updates in order to make certain that the program works with all new technology. Without updating, older software might not be compatible.
These are also two helpful tips when installing and downloading updates.
- Software updates should only be downloaded from the original author. Use cracked software, pirated or used without permission. Even if a friend has given it to you. Many of these viruses can create additional problems than the software fixes.
- Automate the entire process Software from well-respected vendors often offer the option of automatically updating your program. This notification will let you know when an update is available and allow you to start the process immediately.
Report phishing and recognize it
Phishing is a popular tactic for cybercriminals, but you don’t have to fall for it. Social engineering is used by criminals in cyberattacks. It’s effective and common. The right phish can catch anyone at any time. Social engineering has been used to compromise many other companies, such as Google, Sony and Twitter. people families.
Because we are more educated about obvious hoaxes, the cybercriminals seem to be convincing and persuading in many of these phishing scams. According to Jessica BarkerOne of the main reasons that social engineering is so successful is because it can manipulate our emotions in order to bias our judgement. How we receive information is crucial.
According to behavioral economists, each individual processes information in one of two ways: slowly or quickly. If we think slowly we can be composed, reflective, and rational. Cybercriminals demand that we think different. Cybercriminals want us to think fast while being emotionally and susceptible. Cybercriminals use our emotions to convince us to click suspicious links, to download potentially dangerous attachments and to reveal our credentials.
Be sure to take the time to ensure that your email and message are authentic before you open any attachments or click on any links. These are some guidelines. recognizing a phishing email:
- It seems like a great deal.
- Are you afraid of it?
- Do you need to provide personal information in order for it to send the message?
- Does it feel urgent to link with an unknown attachment?
- Are you asking for a business emergency?
- Is the sender’s email address correct? Attention to misspellings such as Anazon.com and Pavpal.com.
Recognizing a bogus email or message that is a part of a criminal’s phishing campaign is the challenging part. You can report it. You should immediately report it to your IT manager, security officer or workplace administrator if the email was sent to you at work.
You should not reply to the email if it was sent from your personal email account. You should not respond to an email and do not click links. Just click the “Delete” button. Blocking the sending address can help you increase security.
Everyone has a right to a safe internet, so let’s remember to #BeCyberSmart.