This week kicks off Cybersecurity Awareness Month, and the theme is “Be Cyber Smart.” Like good personal hygiene, good cyber hygiene is about mindfulness, thoroughness and consistency. And, like personal hygiene, having a good security posture is important for everyone, and not something to be left just to the IT department.
Now in its 18th year, this month-long program was created by the Cybersecurity and Infrastructure Security Agency (CISA), a federal agency that operates under Department of Homeland Security (DHS) oversight, and the National Cyber Security Alliance (NCSA) to raise awareness about the importance of cybersecurity. The campaign encourages individuals and organizations to own their role in protecting their part of cyberspace with cyber hygiene best practices. It stresses personal accountability and the importance of taking proactive steps to enhance cybersecurity.
The Importance of Cyber Awareness
The most important step you can take towards being cyber smart is to be cyber aware. Knowing the types of attacks that are possible, the methods that attackers use to try and get your information and being sure to protect yourself and others are the best things you can do to prevent them from succeeding. Here’s some easy steps you can take today to improve your basic cyber hygiene, and good security practices to reduce your cyber risk.
It’s estimated that 90 percent of all cyber attacks start with someone tricking you into giving up personal information like your bank account information, your credit card numbers, or your passwords. How do they do this? By convincing you that a fraudulent email or text is actually from a legitimate organization or someone you know — also known as phishing or spear phishing.
It’s incredibly important to be hyper vigilant about phishing scams and other social engineering attacks. Pay attention to the email address that the email is coming from, or who’s sending you texts or social media messages — is it actually coming from the organization or person it says it is? Are you expecting to receive a message from the sender?
Now look at the message itself. Is it asking you to click something? Is it asking you to “verify” your information? Is it marked as “urgent,” which is often a trick to get people to click? Listen to your intuition. If something doesn’t seem right, it probably isn’t. Think before you click that link or respond to that random person on your Instagram DMs.
Create Strong Passwords
It’s likely your employer has some sort of password policy intended to make sure you use a combination of requirements like uppercase letters, special characters and numbers to create a complex password. Organizations generally put these policies in place to ensure the safety and security of their systems and data.
Unfortunately, this doesn’t usually extend to your personal computer and accounts, so it’s important you put a similar policy in place for yourself. Choose passwords that are at least 12 characters long and made up of letters, numbers and special characters. It’s equally as important to use both capital and lowercase letters, and ensure that you use different passwords for all your login credentials.
One way to do this is to come up with a unique naming convention that only you know, such as using the last three characters of the name of the website or app at the end of your passwords. You should also avoid using birthdays and family or pet names as your password, as these can be easily guessed based on information found on social media sites. Another option to consider is a password manager that can safely store all your login and generate strong, unique passwords. These are particularly handy if you frequently log into the same sites and apps from both your laptop and your phone.
One final tip: avoid sharing passwords with friends or family members unless they absolutely need to have access to your accounts. Even something as simple as sharing your Netflix password with a friend can be dangerous if you reuse that password for multiple accounts and your friend’s phone or laptop gets lost, stolen or hacked, for example.
Keep Your Data Safe
Another important part of having good cyber hygiene is protecting your personal data. In addition to using strong passwords, one of the easiest ways to keep your accounts and information safe is to enable multi-factor authentication (MFA), the most common version of which is two-factor authentication. This can make it 99 percent less likely you’ll get hacked, according to CISA.
Many websites and social media platforms enable you to opt-into MFA as an extra step to double check your identity. Instead of using only a password – which can be reused, cracked or stolen – you can set up accounts to require two forms of information, like a PIN number or a notification on a special application to authenticate the request, or a confirmation text to your mobile phone. Start with your personal email account, then move on to banking and financial sites, social media accounts, retailers and streaming services, CISA advises.
Assume your email addresses and passwords have already been involved in a breach (most have), and plan for the worst case scenario in case one of your online accounts is compromised. It’s also a good policy to ensure you have a backup of important information if you get hit with ransomware. If your computer is stolen or there’s a natural disaster and you have to flee quickly without it, if you have good data backups, you’ll still be able to access important information.
Whether you choose to use thumb drives, external hard drives or the cloud, make sure to back up your information regularly to ensure that you can recover the most up-to-date versions of your data.
Another step you can take is to regularly update your operating systems, hardware and software, and to apply security patches to devices to protect them from malicious activities. In addition, we strongly recommend running antivirus software with real-time protection for advanced malware, as well as taking advantage of free applications for improved mobile security that many cell phone service providers now offer.
Stay Cyber Smart with Training
Unless you work in an Amish furniture shop, you’re likely using computers and the internet as part of your everyday life. Many employers now require cybersecurity safety and awareness training on a regular basis as organizational policies shift, technology evolves and the threat landscape changes. If so, take advantage of these to educate yourself on how to better protect your organization and your personal information. If not, there are thousands of free and inexpensive courses available online ranging from Cybersecurity 101 to advanced courses that can help you get into cybersecurity as a career.
One of the easiest ways for agencies and other organizations to ensure that employees are up to speed on the latest threats is purchase a training subscription service like the Motorola Solutions Cyber Hub, which gives you unlimited access to all vectors of cyber training and regularly updated best-practices and guidance.