To raise awareness of the dangers of cybercrime, the Cybersecurity and Infrastructure Agency and the National Cybersecurity Alliance have designated October as Cybersecurity Awareness Month. This marks the 20th year that cybersecurity awareness has been recognized during the month of October.
This year, Cybersecurity Awareness Month is emphasizing how far cybersecurity education and awareness have come over the past two decades, as well as how far cybersecurity awareness still needs to go to fulfill the vision of a secure, interconnected world. Four key cybersecurity behaviors will be emphasized this year:
1. Enabling multi-factor authentication (MFA). Also known as two-factor authentication, this requires individuals to prove their identity more than once before they can log into an account. For example, you might first enter your username and password and then be prompted to enter a code texted to you as the second step to verify your identity.
Biometric identifiers like fingerprint scans and facial recognition and security questions are other secondary means of identity verification. MFA makes it extremely difficult for data thieves to hack into accounts even if they know the username and password, so it should be implemented whenever possible.
2. Using strong passwords and a password manager. Strong passwords are the first line of defense against cybercriminals and data breaches. However, many people don’t make the effort to create strong and unique passwords, thus exposing themselves to unnecessary cybercrime risks. Strong passwords are:
- Long — At least 12 characters is generally recommended.
- Unique — Every online account should have its own unique password. This way, if one account is hacked, other accounts won’t be vulnerable.
- Complex — Passwords should contain a combination of upper and lower case letters, numbers and special characters.
Password managers can help you keep track of all your passwords. With one single password, you can unlock the password manager vault and access all of the passwords for your different online accounts.
3. Keeping software and apps updated. Software and app developers are constantly looking for holes and vulnerabilities where cybercriminals could break in. When they find them, they update their products to plug these holes. But to benefit from these updates, you have to install them on your devices.
You might be prompted by your device that a software update is available. Or you can turn on automatic updates so they are downloaded and installed as soon as they’re available. If you download updates yourself, make sure you’re downloading them from your device’s official app store, not from a pop-up window or shady website.
4. Recognizing and reporting phishing scams. Phishing is one of the most common types of cyberattacks. Cyberthieves use fake emails, social media posts and direct messages to try to lure victims into clicking on links that lead to dangerous websites or downloading malicious attachments.
Fortunately, it’s usually easy to spot phishing emails and posts. They often contain offers that are too good to be true and language that is urgent or threatening. And they’re often poorly written with bad grammar and misspelled words. Also, the sender’s email address usually doesn’t match the company the email is supposedly coming from.
If you think you have received a phishing email or message, don’t click on any links or download any attachments. Simply delete the email. You can also block the sending address from your email program, as well as report the suspicious email to the Federal Trade Commission and forward it to the Anti-Phishing Working Group.
Visit Cybersecurity Awareness Month online to learn more, including events that are being planned and how you can get involved and become a Cybersecurity Champion. Contact your Firstrust Relationship Manager if you would like to discuss ways you can boost cybersecurity at your business.