2023 marked the 20th Cybersecurity Awareness Month which was founded as a collaboration between government and the private industry to raise awareness about digital security and empower everyone to protect their personal data from digital forms of crime.
While most of the cybersecurity news articles are about massive data breaches and cybercriminals, it can seem overwhelming, making it feel like you’re powerless against it. Cybersecurity Awareness Month reminds everyone that there are many ways to keep your data protected. Even practicing the basics of cybersecurity can make a huge difference.
Cybersecurity Awareness Month 2023 – A Focus on Four Key Behaviors:
- Use strong passphrases and a password manager.
- Enable multi-factor authentication.
- Recognize and report phishing.
- Update software.
Use Strong Passphrases
Passwords vs. Passphrases
The message is quite simple: use passphrases instead of passwords. Passwords are usually constructed by exchanging letters for numbers and special characters. This creates very hard-to-remember combinations, leading most people to create short, simple, and easily guessed information. A passphrase bridges the gap between human memorization and security to deter cybercriminals.
Equally important is to use a different password for every online account. This is because if a criminal compromises your password, it will be attempted on every online account imaginable. Even a slight variation in the same passphrase is not good, as the criminals will be able to determine your pattern from the stolen credentials. For example, if your Amazon passphrase is “ThisIsMyAmazonPassphrase!”, a criminal will suspect that you are also using “ThisIsMyGooglePassphrase!” for your Google account. This is why security professionals often remind everyone to use a password manager, which will create and securely store unique passwords for every account.
Enable Multi-factor Authentication
Whenever possible, enable Two-Factor Authentication (2FA) or Multi-Factor Authentication (MFA) to add an additional layer of security to your accounts. This extra verification method means that, even if a social engineering attack is successful and someone gets your password, it will be much harder for them to gain access to your sensitive data. The 2factorauth group maintains a list of many of the sites that offer 2FA.
Always Think Before You Click
Phishing still remains a common entry point for attackers. Simple methods, such as links in emails and text messages or via direct messaging in social apps, are quite common. Voice calls are also starting to emerge as a popular attack method. Regardless of who sent the message or who the person claims to be, you should always take extra precautions.
Recognizing Phishing Attempts
Phishing emails and text messages often tell a story to trick you into clicking on a link or opening an attachment. You might get an email or text message that looks like it’s from a company you know or trust, like a bank or a credit card or utility company – or it’s from an online payment website or app. The message could be from a scammer, who might:
- Say they’ve noticed some suspicious activity or log-in attempts — they haven’t
- Claim there’s a problem with your account or your payment information — there isn’t
- Say you need to confirm some personal or financial information — you don’t
- Include an invoice you don’t recognize — it’s fake
- Want you to click on a link to make a payment — but the link has malware
- Say you’re eligible to register for a government refund — it’s a scam
- Offer a coupon for free stuff — it’s not real
If You Suspect a Phishing Attack
If you receive a message that asks you to click on a link or open an attachment, answer these questions:
- Do I have an account with the company?
- Do I know the person who contacted me?
- Is the domain name misspelled?
- Is the message poorly written?
- Does the email include suspicious attachments or links?
- Does the message create a sense of urgency?
These questions generally also apply to voice calls.
Ways to Win Against the Criminals
- Don’t be rushed – always think before you click.
- Stay in control – don't panic and make a decision in haste.
- Listen to your instincts – more times than not, you will know when something doesn’t feel right.
- Never disclose security details – such as your account credentials.
Keep Your Software Up to Date
On all of your devices and all of your software, do your best to keep everything up to date. If automatic updates are an option, turn them on.
These simple reminders can set you on a path to increased online security, and can ease any feelings of overwhelming defeat against cybercrime.