October is Cybersecurity Awareness Month, which encourages the public to reduce their online risk in both the public and private sectors. It’s a reminder for all of us to take action each day to protect ourselves online or when using connected devices.
Building a safer digital environment can seem like a daunting task. But following just four easy steps could help you stay safe and reduce your online risk at home, work, and school. Visit the Security Center on our website for more information.
Use strong and unique passwords.
As tempting as it is to use the same password for multiple sites or services, cyber criminals depend on that consistency to make their job easier. Hacking just one account can easily turn into hacking all your accounts with little effort if you’ve reused those credentials. The solution is simple, although slightly more inconvenient: use long, random, and unique passwords for all your accounts and devices to reduce your online risk. Passwords should not be specific to you (for example, don’t use your pet’s name) and should include numbers, symbols, and upper and lowercase letters. The more random or less relatable to you, the better, as cyber criminals can only dig so deep into your background for clues.
If you’re concerned about remembering passwords for numerous accounts, a password manager can be an efficient way of handling all your log-in credentials and helping to reduce your online risk. They are available for any kind of device, from smartphones to tablets to computers, and can be downloaded and setup relatively easily. A password manager lets you store an unlimited number of passwords in one secure and easily accessible place, and usually only require you to remember one master password or use a biometric authentication (such as Face ID) to retrieve any of those stored credentials.
Turn on Multifactor Authentication (MFA).
Diversifying your passwords is just the beginning of being cyber aware. Diligence is key to preventing an attack, but if you’re not diligent about password security and other log-in details, you can end up in a precarious position. Even if you are careful about changing your passwords regularly and keeping your log-ins unique, a cybersecurity attack is always a threat. In fact, compromised passwords are one of the most common ways that criminals can access your data.
Multifactor Authentication, or MFA, can stop them in their tracks, even if they have your password. Enabling MFA is the next step in making your accounts more secure. Multifactor Authentication is an additional way of confirming your identity when logging in. In addition to asking for your username and password, which can be easy for criminals to discover and difficult for you to remember, many online services will also generate a unique code through an authenticator app or text message to your phone that you’ll need to enter. Alternatively, it may allow you to complete MFA using a biometric factor, like face recognition or fingerprint.
This is a great tactic to prevent unauthorized access to your information while not requiring you to remember another password. It’s effective because while passwords are something you know, they’re also something social engineers or cyber criminals can know or learn too. MFA methods add a second layer of security by requiring something you have, such as the code on your phone, or requiring something you are, such as your face or fingerprint. And those are infinitely harder for criminals to fake or bypass than just a password.
Things that make you go “Hmmm”.
Always be cautious of unsolicited messages asking for personal information. Known as “phishing” scams, these social engineers attempt to trick you into clicking on a link or opening an attachment by pretending to be a company that you recognize or trust. They could be imitating a representative from your bank claiming there’s a problem with your account; an employee from a utility company claiming you owe delinquent payments; or a technical support representative offering to help you remove a “virus” from your computer.
To reduce your online risk, always avoid sharing sensitive information with sources who are unknown to you. A good rule of thumb is that if you did not initiate the call or expect the email or text message, be extremely cautious and avoid sharing personal or private information. The social engineer’s goal in these scenarios is to trick you into giving up your log-in credentials or other personal info such as an account number or Social Security Number. Their most common tactic is to make the situation sound urgent, such as threatening to shut off your utilities if you don’t provide them your debit card number to pay off the delinquent account. This is meant to panic and frazzle you so that you lower your security awareness. Please remember: NO LEGITIMATE CUSTOMER SERVICE OR TECHNICAL SUPPORT REPRESENTATIVE WILL EVER ASK FOR YOUR PASSWORD.
If you ever feel you may have fallen victim to one of these scams, remember that time is important when it comes to mitigating an attack. Cyber criminals work quickly because they know they can be stopped at any time, so report a phishing attempt immediately to the service you feel may have been compromised. The faster a mistake is reported, the sooner the attacker can be stopped. In addition to reporting your suspicions, change your password and enable MFA for that account if you haven’t already!
Update your software
Making sure that you’re consistently running the latest versions of your software will certify that you have the latest security measures. Continue to check for regular automatic updates on all of your devices. Use antivirus software and back up all your data to protect against ransomware attacks. Exploiting vulnerabilities in old software versions is another common technique cyber criminals can use to gain access to your info, but staying up to date on all your software versions negates this and shuts the door on those pesky cyber criminals.
With a little patience and constant diligence, you can keep cyber criminals at bay, reduce your online risk, and stay safe and secure. If you have any concerns or suspicions about cybersecurity or need help with anything else related to this topic, please visit one of our 19 branches listed here or call 570-752-3671.