close
close

Cybersecurity Awareness Month: It’s time to lock down your logins

Posted on by darion

It’s October – in many parts of the country, the air conditioning is turned off, “ghost season” is in full swing, and many of us have already had enough pumpkin spice lattes for the year.

It is also Cybersecurity Awareness Month. And while 31 Days of Internet Safety may seem ridiculous, it’s still a great time to take a hard look at your cybersecurity situation.

This means setting strong and unique passwords for all your online accounts, turning on two-factor authentication when possible, installing those pesky software security updates, and doing your best to keep as much of your private information as, well, private as possible.

This may all seem daunting, but for those looking for where to start, there’s plenty of help. The Cybersecurity and Infrastructure Security Agency has just launched a month-long educational campaign titled “Secure Our World.” It aims to raise awareness of the importance of basic cyber hygiene practices.

The campaign website provides useful tools for consumers, small and medium-sized businesses and all levels of government, CISA Director Jen Easterly said in a statement.

“Protecting yourself online is as simple as taking a few simple, everyday steps to keep your digital life safe,” says Easterly.

In honor of Cybersecurity Awareness Month, here are some simple tips from CISA and others to help you keep your online accounts safe.

Use strong passwords and a password manager

Passwords must be long, random and unique. This year, the U.S. National Institute of Standards and Technology updated its guidelines. The latest recommendations state that organizations do not need to require passwords to contain a combination of character types. Additionally, companies are no longer required to set mandatory password change intervals, such as every 30 or 90 days.

Many security experts argued that these types of requirements were counterproductive because they pointed people to easy-to-guess passwords — think P@$$w0rd or Bree2024!.

On the other hand, while NIST still technically requires companies to require passwords of at least eight characters, it now recommends requiring passwords of at least 15 characters and a maximum of 64.

Yes, that’s a lot of characters, but to make it easier, you can use a password consisting of a few unrelated words, such as “GrandmafootballCheeseburgerhat” or “lamppostParisHotsaucethrophyhat”.

Avoid personal information that can be easily guessed or answered by Google or social media mining. The name of your dog, the model of your first car or the university you graduated from may be important to you, but they are bad password material. Don’t re-enter your passwords and use them across multiple accounts – no matter how good you think they are. This way, you will limit the consequences if one of your passwords is compromised.

This also applies to the personal questions and answers you use to reset these passwords.

Need help? Sign up for a password manager. Thanks to it, all your logins will be organized and safe. Using the password generator and password manager built into your browser is also fine. While some of these options were clunky in the past, they have now improved. For example, you can now use Google Chrome to automatically enter passwords in apps on your iPhone, as well as automatically generate new ones.

Always use multi-factor authentication

If your password is compromised, a second layer of protection will go a long way to protecting your account. Multi-factor authentication, also called MFA, two-factor authentication, and two-step verification, requires someone trying to access your account to enter a second form of identification before gaining access.

MFA works in many different ways. This could be a code generated by an app, biometric data such as a fingerprint or face ID, or a physical security key that you insert into your device. Yes, MFA slows down the login process. However, if MFA is available, enabling it is a must.

One warning: If you can, avoid MFA systems that text a code to your smartphone. Why? SIM swapping, where cybercriminals steal your phone number by calling your wireless service provider and asking them to change your number to a new phone and SIM card. This happens and if criminals take over your phone number, they will also receive this text message.

Beware of phishermen

Today, many cyberattacks and data breaches – both large and small – start with a phishing attack. These are fraudulent emails or other types of messages designed to trick people into giving money or personal information under false pretenses.

Although most of them still appear as emails, phishing now also comes in the form of social media posts, text messages (smishing), and even QR codes (quishing).

Nowadays, phishing is easier than ever thanks to the advent of easily accessible artificial intelligence tools such as ChatGPT. They make it much easier for fraudsters, especially those who are not native English speakers, to write an almost endless number of legitimate-looking and highly personalized emails.

The attackers could have pretended to operate as a charity and were seeking donations to help victims of hurricanes or the war in Ukraine. They may also pretend to be a member of your office’s IT team or a friend who wants you to shop for great deals at your favorite retailer.

Regardless of the form, the goal is usually the same: attackers want to steal credentials, money or personal information.

An image of a fish hook hooking a credit card in front of a computer keyboard. An image of a fish hook hooking a credit card in front of a computer keyboard.

It may seem outdated at this point, but cybercriminals still steal your credit card information.

Getty

Work logins are among the most sought after by cybercriminals because they can potentially be used to gain access to corporate systems and their data, but even logins to personal emails and social media accounts have value. If breached, they could expose you to financial fraud or identity theft, or be used in other fraud.

To avoid scams, experts advise, ignore emails and other messages from people and groups you don’t know, and don’t open any attachments. They may contain computer viruses. If you are concerned about the authenticity of an email, pick up the phone and call the person who allegedly sent it.

Better yet, help stop phishing by reporting it. If you have concerns about your work email address, please let your company’s IT staff know. Chances are your email app has a dedicated “report” button for phishing and junk mail. The same goes for personal email and social media accounts.

Consumers should be especially careful when it comes to requests for cryptocurrency. While banks may be able to keep you covered in the event of credit card fraud, the same is not true for cryptocurrencies, which are designed to be largely anonymous and untraceable.

Use antivirus software and keep all software updated

Good antivirus software can go a long way in protecting you, but it needs to be updated to protect you against the latest threats.

This also applies to all your devices. Laptops, smartphones and the vast collection of internet-connected devices need to be kept up to date. The easiest way to do this is to turn on automatic updates. This way, you’ll get the latest fixes without having to think about it.

Don’t forget about the router. This is the front door to your home network, so it’s best to make sure it’s closed.