This year’s Cybersecurity Awareness Month theme is, “See Yourself in Cyber,” which could not be more relevant given the threat landscape we’re battling today. Most data breaches still are caused by individuals falling for threat actors’ tactics of phishing and social engineering, and individuals failing to follow basic cybersecurity best practices. Collectively, as an industry, we need to use the month of October to kick off an ongoing campaign that demonstrates the role each individual plays in both their own and their company’s security, as well as equips them with best practices to adopt a strong security posture. Here are a few practices that will ensure good cyber hygiene:
- Update passwords regularly and use a strong, unique password for every account. To keep passwords difficult to guess, use combinations of at least 12 letters (upper and lowercase), numbers and characters.
- Consider using multi-factor authentication (MFA), when possible. MFA is a method of authenticating into an account that requires users to present at least two pieces of evidence to prove their identity — something they know (e.g., a password), as well as something they have (e.g., an authentication code via text or email) or something they are (e.g., facial recognition or a fingerprint scan). Coupling a strong password with MFA will make it exponentially more difficult for cybercriminals to compromise accounts.
- Slow down when reading emails and text messages and when listening to voice mails. The social engineers that craft phishing, smishing and vishing attacks are banking on the fact that people are busy and likely going to overlook red flags.
- Report potential phishing/vishing/smishing attacks to corporate IT departments, or, in the case of a personal attack, other appropriate parties (e.g., email provider or FTC).
- Update devices and software when prompted. Updates not only enhance features, but they provide security patches to address known vulnerabilities.
- Turn off auto-connect for WiFi and Bluetooth to avoid accidentally connecting to a threat actor’s network.
- Download software only from legitimate sources.
- Thoroughly review the permissions mobile applications require before installing them.
- Limit digital and social footprints. For example, refrain from “checking into” locations and tagging or sharing photos. Keep profile information to a minimum. And lastly, use a VPN and browse in incognito mode.
- Keep informed of new cybersecurity risks, especially around smart technologies like wearable devices and WiFi-connected appliances.
- Don’t forget about the Internet of Forgotten Things, those devices you’ve forgotten about but are still connected to your network.
- Lastly, don’t forget about your home network and router; change the administrative password from its default and set the password to a strong password mentioned above, set up a Guest network for visitors, and only use WPA2 or the newer WPA3 protocols, if your devices support it.”
