In addition to fall colours, cooler weather, and pumpkins, October 2023 will be a time to reflect on real threats to businesses and identities and how to best protect against them. October is Cybersecurity Awareness Month, when governments and private industry work together to spread end-user awareness and help give people the tools and strategies they need to protect themselves against digital crime.
2023 marks the 20th anniversary of Cybersecurity Awareness Month, and it will focus on four key behaviours that we can all take to have a more secure online world:
- Use strong passwords and a password manager.
- Turn on multifactor authentication.
- Recognize and report phishing.
- Update software.
Let’s take a look at each of these behaviours in turn to better understand why they are so important.
1. Use strong passwords and a password manager.
Regardless of the accounts they safeguard, all passwords should adhere to these three core principles:
- Length: Each of your passwords should consist of at least 12 characters.
- Uniqueness: Every account should have its distinct password. Avoid password reuse, ensuring that none of your passwords resemble each other in any way.
- Complexity: Each unique password should be a mix of uppercase letters, lowercase letters, numbers, and special characters (such as >, !, ?). Once again, remember the 12-character minimum, and some platforms even permit spaces.
If your password meets the criteria of being long, unique, and complex, it is recommended that you do not change it unless you suspect unauthorized access or a password compromise due to a data breach. This recommendation aligns with the latest guidance from the National Institute of Standards and Technology (NIST). For years, the conventional wisdom was to change passwords every few months, but constant changes can lead to risky habits or reused passwords, undermining security.
Why use a password manager?
Chances are, you’ve got a multitude of online accounts that require passwords and using the same password over and over can be tempting if for no other reason than to ensure you don’t forget those passwords. Fortunately, there are numerous online password management tools that allow you to have a long, unique, and complex password for each account that you have. The only password that you need to remember is the one for your password management account! Do take note that paid password management solutions are better than free versions. Keeper Security, for instance, is a tool that we recommend and can help you to deploy for your business.
2. Turn on multifactor authentication.
Multifactor authentication (MFA) allows individuals to safeguard their digital accounts through multiple layers of security. Think of it as not only having locks and keys to secure your home but also having your keys kept in a safe that requires your fingerprint to open it.
MFA is a cybersecurity protocol that requires individuals to log into an account to verify their identity through multiple means. Typically, this involves inputting a username and password, followed by a secondary identity confirmation, such as responding to a text message.
The rationale behind this extra effort is clear: MFA significantly raises the bar for hackers attempting to breach your online accounts, even if they possess your password.
We strongly recommend implementing MFA wherever it is supported, especially for accounts tied to work, education, email, banking, and social media.
3. Recognize and report phishing.
Phishing is when cybercriminals send you a phony email or make a fake social media post to lure you into sharing sensitive information, clicking a bad link, or downloading a malicious file. The good news is that armed with a little knowledge, it is usually easy enough to outsmart the phishers.
Before you click a link or download an attachment, take a few seconds to make sure that the email is legit. Here are a few quick ways to spot a phishing email:
- Is the offer too good to be true?
- Does the language sound alarming or overly urgent?
- Does it contain grammar and spelling mistakes?
- Is it asking you to send personal information?
- Does the sender’s email address align with the company from which the email is supposedly coming from? (Look for misspellings like anazon.com)
When you recognize an email as a phishing attempt, do not click on any links or respond to it. Just delete it – and if you are at work, report it to your IT manager. You can also take a further protective step by blocking the sender’s email address and reporting it to your email provider.
4. Update software.
Finally, you can enhance your cybersecurity by consistently updating your software and apps. Every day, cyber analysts prioritize the security of their users and products, actively searching for signs of potential hacker activity or vulnerabilities that cybercriminals could exploit. To address these issues and ensure the safety of their services, reputable software companies regularly release updates.
By installing the latest updates for your devices, software, and apps, you not only gain access to the most advanced security measures but also benefit from the newest features and enhancements. However, it’s important to actively update your software to reap these advantages. Fortunately, updating software is a simple task and can even be automated.
Here are four key tips to remember when it comes to software updates:
- Automate updates – Save yourself the trouble of manually checking for updates by configuring automatic updates. This way, updates will be downloaded and installed as soon as they become available from the device, software, or app provider.
- Only use trusted sources – Limit downloads to verified sources and solely obtain apps from your device’s official app store. Updates should be sent directly by the device, software, or app developer, not from any other source.
- Beware of phishy emails and suspicious pop-ups – Be wary of urgent pop-up windows demanding immediate software updates while browsing the web. Such pop-ups tend to appear on dubious websites or if your device already has malware. These messages are typically scams and attempts at phishing.
- Make updating a routine – Even if you haven’t enabled automatic software updates, make it a habit to regularly update your devices, software, and apps. Often, you will receive notifications indicating the availability of updates. While it may be inconvenient to close your programs and restart your device, it is worthwhile, especially if an update addresses a critical security issue.
Contact Fusion Computing today.
Your IT team (MSP) can and should automatically take care of all of the above tasks to ensure you are protected online.