October is National Cybersecurity Awareness Month. That means it’s a great time to assess your cybersecurity precautions and ensure that everything is on point. Although cybersecurity should be a constant and daily concern, National Cybersecurity Awareness Month gives you a chance to take a step back and assess your overall approach to security.
This year’s theme is “Own IT. Secure IT. Protect IT.” In our previous blog post, we discussed the first part of the theme, “Own IT.” The central message behind “Owning IT” is about accountability. It is important that you take responsibility for your own online security by controlling your online presence and your modes of connectivity. (Link to “Own IT” Blog)
In today’s blog, we will tackle the second part of this year’s theme, “Secure IT.” Keeping your personal information secure gets harder each year. As Americans do more of their business online, cybercriminals grow more sophisticated in their methods. Instead of leaving yourself vulnerable, take the time to secure your online presence.
The government agency behind National Cybersecurity Awareness Month recommend the following tactics to increase your online security:
- Creating Strong Passwords
- Multi-Factor Authentication
- Zero Trust
- Protecting Against Phishing
Let’s discuss how each of these can help prevent you from becoming a victim of online predators.
Creating Strong Passwords
This seemingly obvious piece of advice continues to be a necessary warning. Although security habits appear to be improving among the general population, there is still a long way to go when it comes to convincing people to use stronger passwords.
Why is it such a struggle to get web users to change their password habits? The main culprit is laziness. Keeping up with multiple passwords is hard, and it’s even harder when those passwords are complicated. Although carelessness is often the reason that people create unsecured passwords, other people just aren’t exactly sure how to create a strong password.
Whatever the reason behind it, not securing your web presence properly can have seriously bad effects. From stolen identities to credit card fraud, a compromised password can create a huge mess that it will take you a long time to sort out. Avoid becoming the victim of online predators by following these straightforward guidelines:
- Regularly Update Passwords–How long have you had the same password? If it’s for more than a few months, it’s time to change. Although statistics show that the average American changes their passwords less than once a year, security experts recommend that you change them more regularly. Recommendations vary, but most agree that you should change them every 30-120 days.
- Use Different Passwords on Each Site–Using the same password for multiple sites is one of the most common mistakes that security experts cite when it comes to password security. People use the same passwords because it’s easy, but if a single one of those is compromised, their entire digital lives are open to hackers. Reduce your risk by always using different passwords on different sites.
- Creating Complex Passwords–This is one tip we all know we should be following, but many of us don’t. Why? Because long, complicated passwords are a pain to remember and type out. That’s true, but have you thought about how much of a pain losing your identity to online hackers would be? As the old adage says, an ounce of prevention is worth a pound of cure. So, bite the bullet and strengthen your passwords to prevent the future hassle. Randomize your passwords with numbers, punctuation, and capital letters to improve your security.
Multi-factor authentication is becoming the standard across secure websites used by institutions like banks and government, so you’re probably already aware of how it works. Instead of accepting one single mode of verifying your identity–like a password–these systems require you to verify your identity through multiple avenues in order to log into secure accounts. These other authentication methods can be email, phone, or text.
By adding multiple layers of authentication to secure websites, it makes it harder for criminals to invade your privacy. While they may be able to hack one aspect of your security protections, it’s unlikely that they will have access to each of your multiple devices that are required for multi-factor authentication. This risk management approach to security has proven to greatly reduce the chances of multi-factor authentication users becoming victims of cybercrime.
Everyone buys things online these days. Usually, doing so involves giving your private financial information to complete strangers. How can you avoid becoming a victim of online fraud when so many of your transactions take place online? Here are some pointers that will help you ensure that all of your online interactions are legitimate and secure:
- Use a Trusted Partner–Instead of entering your credit card information into multiple websites for each transaction you make, register with a trusted online payment system like PayPal, Authorize.Net, or Google Checkout. That way, your vulnerability is limited to a single, highly secured point and you don’t risk privacy breaches at each website you transact with.
- Look for SSL Certified Transactions–This piece of advice goes for both individuals and businesses alike. If your transaction is not taking place on a secured site, don’t continue with it. SSL stands for Secure Sockets Layer, which is a high-level security certification that tells you that your interaction is encrypted. Never risk third parties stealing your private information; always check for SSL certification.
- Use Good Judgment–When it comes down to it, the final line of protection against cybercrime is your own sense of awareness. Stay alert to the possibility that cybercriminals could be trying to defraud you at any moment. If something looks or feels wrong about a website, don’t move forward with the transaction. It’s important to note, however, that this advice does not work in the opposite direction. Your intuition alone is never enough to ensure your security. Be wary and always verify any website you are thinking of giving your information to.
The motto of the zero-trust security approach is “never trust, always verify.” Zero trust emphasizes the inclusion of additional security checks at every turn. More than 80% of security breaches come from within a credentialed organization. Rather than worrying about who gets trusted and when, a zero-trust approach eliminates the concept of trust altogether. Instead, these systems require verification of the user’s identity at every point.
The zero-trust philosophy has implications for the home user as well. Do you have any suspicions about whether a website you’re using is genuine or secure? Is there any possibility that you have been redirected without your knowledge? If you have any doubts, click away. The goal behind zero trust is never taking online security for granted. It is a strategy used by IT professionals that also works for individuals and organizations. So, remember: Never Trust. Always Verify.
Protecting Against Phishing
A major obstacle to eliminating phishing scams is convincing people that they are, in fact, trickable. Sure, you may be smart and savvy…but so are cybercriminals. They get more sophisticated every day. Phishing attempts today can look identical to legitimate websites, even featuring legit-looking web addresses.
Raising awareness of the risks of phishing can go a long way toward improving the public’s cybersecurity, but the government urges us to take further action to protect ourselves. Here are the four steps the Federal Trade Commission recommends taking to avoid becoming a victim of phishing:
- Protect your computer by using security software.
- Protect your mobile phone by setting software to update automatically.
- Protect your accounts by using multi-factor authentication.
- Protect your data by backing it up.
A proactive approach to phishing is your best bet for staying safe. Never assume a website is legitimate. Use updated software that will recognize and warn you about phishing attempts. Most importantly, stay alert! Never underestimate the cleverness and creativity of online scammers.
I hope that this blog has given you some ideas of ways that you can improve your cybersecurity and reduce your risk of becoming a victim of fraud. The goal of National Cybersecurity Awareness Month is to get Americans thinking about these important issues and show them a way to begin to address them. Take some time and reflect on whether you are safe online.
Next week, we will continue to explore these themes in our final entry of this month’s series, “Protect IT.” Come back then for more information and ideas on how to make your online experiences more secure.