The connectedness of our world has both benefits and drawbacks. There is convenience in shopping online, using social media as a tool to stay in touch with friends and discover new things, and teleworking as long as we take steps to stay safe when using our phones, laptops, and smart devices. October is Cybersecurity Awareness Month so it’s a great time to review simple actions you can take each day to ensure you stay safe this month and throughout the year.
About Cybersecurity Awareness Month
First started by President George W. Bush and Congress in 2004, the initial goal of Cybersecurity Awareness Month was for businesses and government to come together to raise awareness about the importance of cybersecurity. 2024 marks the 21st Cybersecurity Awareness Month which has grown into generating discussions on cyber threats on a national and global scale and encouraging the public to take actions to reduce online risk.
The enduring Cybersecurity Awareness Month theme is Secure Our World. The theme recognizes the importance of taking daily action to reduce risks when online and using connected to devices.
4 Things to Do to Keep Yourself Safe During Cybersecurity Awareness Month
Throughout the month of October, I’ll be highlighting ways to keep you and your family cybersafe with tips and free resources. Today I’m kicking off the month with 4 easy reminders from the Cybersecurity & Infrastructure Security Agency (CISA) stay safe online.
Use Strong Passwords
This month is a great time to evaluate your passwords. If there are ones that you’ve been using for a long time and you know are too short or have been compromised in data breaches, it’s time to change them to strong passwords.
Strong passwords are long, random, and unique and include uppercase, lowercase, numbers, and symbols. Here are some examples how you can strengthen your passwords from CISA:
1. Make them long
At least 16 characters—longer is stronger!
2. Make them random
Do this by:
Using a random string of mixed-case letters, numbers and symbols. For example:
- cXmnZK65rf*&DaaD
- Yuc8$RikA34%ZoPPao98t
Creating a memorable phrase of 4 – 7 unrelated words, called a “passphrase.” For example:
- Good: HorsePurpleHatRun
- Great: HorsePurpleHatRunBay
- Amazing: Horse Purple Hat Run Bay Lifting
Note: You can use spaces before or between words if you prefer!
3. Make them unique
Use a different strong password for each account such as:
- Bank: k8dfh8c@Pfv0gB2
- Email account: legal tiny facility freehand probable enamel
- Social media account: e246gs%mFs#3tv6
If you’ve been hesitant to change your passwords for fear that you’ll forget them, don’t worry! You can use the “forgot password” link or use a password manager.
Password managers help you create, remember, and fill in passwords for you. I’ve been using LastPass as my password manager for years and love that I can create a single master password and as long as I use it to log into my account, LastPass helps me do the rest by autofilling other passwords.
LastPass also helps me create secure passwords and alerts me if any of my data (email, passwords, usernames, physical address, phone numbers, and names) has been compromised. I have a premium LastPass plan but they also have a free version. You can compare the plans here.
Turn on Multifactor Authentication (MFA)
We all know that we need more than passwords to keep our accounts secure. Multifactor Authentication (MFA) makes it less likely to get hacked because you have to verify your account login and password through a secondary method such as a code sent to your email or via text.
CISA recommends enabling MFA on all your online accounts including, email, social media, and especially financial accounts by doing the following on each account or app:
1. Go to Settings
It may be called Account Settings, Settings & Privacy or similar.
2. Look for and turn on MFA
It may be called two-factor authentication, two-step authentication or similar.
3. Confirm
Select which MFA method to use from the options provided by each account or app. Examples are:
- Receiving a numeric code by text or email
- Using an authenticator app: These phone apps generate a new code every 30 seconds. Use this code to complete logging in.
- Biometrics: This uses our facial recognition or fingerprints to confirm our identities.
Recognize and Report Phishing
Phishing is the practice of luring sensitive information from you through email for the purpose of identity theft through online and email scams. Since hackers are constantly developing new ways to target our online accounts to mine data in a way that benefits them, it’s always good to be wary.
If you get an email that could be a scam:
- Be cautious of unsolicited messages asking for personal information
- Avoid sharing sensitive information or credentials with unknown sources
- Trust your gut. If it seems too good to be true, it probably is!
- Check the email address it came from. Does the email seem like it could be from a company employee? Would Apple, Microsoft, your financial institution, or your virus protection software really be sending you a personal email? Most likely not.
- Do not click on anything within the body of the email
- Ask a friend or loved one for help. Phishing scams are getting so much more sophisticated that even when you do the above, you might not be sure. It’s always a good idea to ask someone else
- Report phishing attempts and delete the message
Update Software
Software updates always seem to come at the most inconvenient of times but it’s never a good idea to delay them. According to CISA, flaws in software can give criminals access to files or accounts. Programmers fix these flaws as soon as they can but installing updates is the best way to have the latest protection.
CISA provides these 3 tips to keep your software up to date:
1. Watch for notifications
Our devices will usually notify us that we need to run updates. This includes our devices’ operating systems, programs and apps. It’s important to install ALL updates, especially for our web browsers and antivirus software.
2. Install updates as soon as possible
When notified about software updates, especially critical updates, we should be sure to install them as soon as possible. Malicious online criminals won’t wait, so we shouldn’t either!
3. Turn on automatic updates
With automatic updates, our devices will install updates without any input from us as soon as the update is available—Easy!
To turn on the automatic updates feature, look in the device’s settings, possibly under Software or Security. Search settings for “automatic updates” if needed.
Information from this post is from the Cybersecurity & Infrastructure Security Agency (CISA). No compensation was received and all opinions are my own.
