As the clock ticks, we come to a new Cybersecurity Awareness Month (CAM)! This marks the 20th year of October being CAM. This year’s theme is “Secure Our World,” and how appropriate that is! With technology ever improving, we need to stay up to date on the best ways to stay safe online. This article will focus on you, and how you can “secure your world.”
The Cybersecurity & Infrastructure Security Agency (CISA) provided 4 ways to stay safe online. Let’s review them together!
Report Phishing
At Social-Engineer, LLC, we define phishing as “the practice of sending emails appearing to be from reputable sources with the goal of influencing or gaining personal information.” Astra states that “nearly 1.2% of all emails sent are malicious, which in numbers translated to 3.4 billion phishing emails daily.” Basically, this means that phishing emails are something that can affect all of us, if they haven’t already. So, how do we keep our families safe?
To start, we need to be cautious of unsolicited messages asking for personal information. CISA gives us 3 steps:
1. Recognize
Look for these common signs:
-
- Urgent or emotionally appealing language, especially messages that claim dire consequences for not responding immediately.
- Requests to send personal and financial information.
- Untrusted shortened URLs.
- Incorrect email addresses or links, like amazan.com.
They also share this important note: “A common sign used to be poor grammar or misspellings although in the era of artificial intelligence (AI) some emails will now have perfect grammar and spelling, so look out for the other signs.”
2. Resist and Report
Sometimes, our curiosity may try and get the better of us. Resist the urge to share sensitive information or credentials with unknown sources. Instead, report the phishing attempt via the “report spam” button!
3. Delete
Lastly, do not click on links from these unknown sources, unsubscribe, or reply. Instead, simply delete the message after reporting.
Use Strong Passwords
CISA says that a strong password follows all three of the following tips:
1. Make Them Long
At least 16 characters – longer is stronger!
2. Make Them Random
There are two suggestions on how to do this: Use a random string of mixed-case letters, numbers and symbols. The second option is to create a memorable phrase of 4-7 unrelated words.
3. Make Them Unique
Use a different strong password for each account. This can be made easier through the use of a password manager.
Turn on MFA
Multifactor Authentication (MFA) is like a secondary defense for your accounts. It enables multiple points of verification to enter said account. For example, when trying to log in, a username and password may be required. When MFA is enabled, it would then require a code from an app on your phone in order to enter the site, or something similar. MFA can help ensure that it is really you who is logging in, when utilized properly.
It can sound overwhelming if you don’t know where to start, but CISA offers a step-by-step process to activating MFA:
1. Go To Settings
It may be called Account Settings, Settings & Privacy or similar.
2. Look for and turn on MFA
It may be called two-factor authentication, two-step authentication or similar.
3. Confirm
Select which MFA method to use from the options provided by each account or app. Examples are:
- Receiving a numeric code by text or email.
- Using an authenticator app: These phone apps generate a new code every 30 seconds. Use this code to complete logging in.
- Biometrics: This uses facial recognition or fingerprints to confirm our identities.
Update Software
It can be easy to click “remind me later” when a software update appears. However, updates are very important! They fix security risks and keep your information safe. Follow the following steps from CISA to keep your software up to date:
1. Watch for notifications
Our devices will usually notify us that we need to run updates. This includes our devices’ operating systems, programs and apps. It’s important to install ALL updates, especially for our web browsers and antivirus software.
2. Install updates as soon as possible
When notified about software updates, especially critical updates, we should be sure to install them as soon as possible.
3. Turn on automatic updates
With automatic updates, our devices will install updates without any input from us as soon as the update is available—Easy!
To turn on the automatic updates feature, look in the device’s settings, possibly under Software or Security. Search settings for “automatic updates” if needed.
Secure Our World
With the above tips, you can be sure that your world will be more secure than before. Remember to always report phishing messages, use strong passwords, turn on MFA, and update your software. Be sure to share these tips and this article with your loved ones so we can, together, secure our world.
Written by:
Shelby Dacko
Human Risk Analyst at Social-Engineer, LLC