See yourself in cyber: 4 steps to stay safe

As threats to technology and private information become more prevalent, the President of the United States and Congress have proclaimed October as Cyber ​​Security Awareness Month. This initiative aims to help people protect themselves online. Government and business are working together to increase cybersecurity awareness nationally and globally under the leadership of the National Cybersecurity Alliance (NCA) and the Cybersecurity and Infrastructure Security Agency (CISA).

See yourself in Cyber

This year’s campaign slogan, “See Yourself in Cyber”, shows that while cybersecurity may seem like a complicated subject, it ultimately comes down to people.

Everyone should see themselves in cyberspace, no matter what role they play. Consumers or individuals can take simple precautions to protect their privacy and digital information. By having strong workplace cybersecurity measures in place to help prevent an incident at their site or further down the supply chain, vendors and suppliers can take responsibility for their role while protecting their brand and reputation. . Owners and operators of critical infrastructure that are part of a larger network of services and systems that rely on or support critical infrastructure can learn how their business contributes to the overall cybersecurity of the ecosystem.

Even though the majority of cybersecurity news stories focus on big data breaches and cybercriminals, it can still feel overwhelming and like you have no control over it. But Cybersecurity Awareness Month reminds everyone that there are many ways to protect your data. Even learning the basics of cybersecurity can have a significant impact.

Enable multi-factor authentication

Everyone agrees that enabling multi-factor authentication (MFA) is the best precaution to mitigate password attacks. A CISA advisory highlights that “MFA is one of the most important cybersecurity practices for reducing the risk of intrusions. According to industry research, users who enable MFA are up to 99% less likely to have a compromised account”.

It is therefore important to enable MFA wherever possible. A mistake that some companies make is that they only protect their privileged accounts, such as IT administrators, and their remote users with multi-factor authentication. However, every employee and every individual is a potential target for criminals. Therefore, MFA should be enabled for every employee to reduce the risk of attackers compromising an account.

Recent attacks against Cisco and Uber have demonstrated that not all MFA methods are equally secure. In fact, SMS authentication has been deprecated by NIST since 2017, while attackers use tactics like MFA fatigue to bypass authentication methods like OTP push notifications. The Office of Management and Budget’s memo on enabling zero-trust cybersecurity asks organizations to opt for a phishing-resistant MFA method, such as FIDO2 security keys. However, organizations should not remove and replace existing authentication schemes. OTP push authentications are more secure than no MFA and can still be used to protect less critical data and systems.

Use a password manager for strong and unique passwords

The keys to your digital castle are your passwords. You want to take every precaution to protect your passwords, just like you would your house keys. All passwords should be generated with the following three guiding principles in mind, regardless of the accounts they protect:

  • Long – At least 12 characters must be included in each of your passwords.
  • Unique – Each account must be secured with a separate and individual password. Use unique passwords only. This way, even if one of your accounts is compromised, the others are safe.
  • Complex – Every password should be complex and contain a mix of upper and lower case letters, numbers and special characters.

If your password is long, distinct and complex, the advice is never to change it unless you notice that someone else is using this account without your permission or the password was stolen during a data breach. The most recent recommendations from NIST support this recommendation. Cybersecurity experts have been advising us to change our passwords regularly for many years. However, if your passwords are all long, distinctive and complex, this frequent change is ineffective. In fact, if you change your passwords frequently, you run the risk of repeating old ones or developing unhealthy habits like using identical or weak passwords.

As our lives have grown and we have done more online, we can now manage over 100 or more passwords. Creating, storing, and remembering all those passwords can be a hassle. However, passwords are your first line of defense against hackers and data breaches. Free and user-friendly password managers can make managing your passwords easier than ever.

A password manager offers the easiest approach to establishing and maintaining strong passwords for the growing number of online accounts we log into. By using a password manager, you can avoid storing a cluttered sticky note with all your most crucial passwords stuck on your computer or a complicated password notebook in a drawer. Now all you need to access your password manager vault is a strong password.

You can use password managers to store hundreds of different passwords for your online accounts, but these programs also have the following benefits:

  • Win time
  • Work on all your operating systems and devices
  • Protect your identity
  • Warn you about potential phishing websites
  • Notify you when a password may have been compromised

Always update your software

Updating your software and apps is one of the easiest ways to secure your information. Software updates are an easy way to stay one step ahead of bad guys, because you can be sure they’re always looking for new ways to access your data through vulnerable software.

Here are some justifications for thinking about software updates right away.

  • Close security holes. Cybercriminals can gain access to a person’s computer through software flaws. Threat actors see these flaws as unlocked doors that allow them to infect systems with malware. Software security updates close these open gateways to prevent attacks on a system.
  • Add new features. By installing updates, you may be able to add new features and get rid of outdated ones. Updates provide the latest features and advancements as technology is constantly changing.
  • Protect your data. A malicious actor gaining access through a software security hole will search for confidential documents, passwords, and other personal data such as financial information. Data is better protected when software is updated to fix security vulnerabilities.
  • Increased efficiency. Not all patches are security related. Software developers might discover flaws in software or realize that a program needs improvement. The performance of the software is boosted by these modifications.
  • Check compatibility. To ensure that their program is compatible with the latest technologies, software developers release updates. Older software may not be compatible with new technologies without upgrades.

Additionally, here are two tips for downloading and installing updates.

  • Download software updates only from the source that produced them. Never use software that has been cracked, pirated, or used without a license (even if your friend gave it to you). These often contain viruses and create more problems than they solve.
  • Automate the process. The option to update your program automatically is usually offered by software from reputable vendors. It provides notification when an update is available so you can start the process right away.

Recognize and report phishing

Phishing is a popular tactic for cybercriminals, but you don’t have to fall for it. In the majority of cyberattacks, criminals use social engineering, and they do it because it’s effective. Anyone can be caught by the right phishing at the wrong time. Many other companies, including Twitter, Sony and Google, have been used for social engineering to compromise individuals and families.

Cybercriminals are becoming more convincing and persuasive in many of their phishing attempts as we have become more knowledgeable about obvious hoaxes. According to Jessica Barker, one of the reasons social engineering is so effective is that it manipulates our emotions to distort our judgment. It all depends on how we take in the information.

According to behavioral economics, each of us processes information in two ways: fast and slow. When we think slowly, we are calm, thoughtful, and reasonable. Cybercriminals want us to think differently. They want to force us to think fast while we are still sensitive, emotional, and easy to control. Therefore, cyber criminals manipulate our emotions to persuade us to click on dubious links, download dangerous attachments and leak our credentials.

Spend a few seconds making sure the email or message looks legitimate before clicking on links or downloading attachments. Here are some tips for recognizing a phishing email:

  • Is there a bargain in there that sounds too good to be true?
  • Does he use threatening, frightening or urgent language?
  • Does it request the sending of personal information?
  • Is there a sense of urgency to open an unknown link or attachment?
  • Is this an odd or rushed trade request?
  • Does the sender’s email address match the company they’re from? Pay attention to minor misspellings like Anazon.com or Pavpal.com.

Recognizing a fake email or message that is part of a criminal’s phishing campaign is the hardest part. All that remains is to point it out. Report the email as soon as possible to your IT manager or security officer if you are at work and it was sent to your work email address.

If the email was sent to your personal email address, do not follow the instructions. Do not respond to the email or click on any link, even the unsubscribe link. Just press the delete button. You can increase your security by blocking the sender address of your e-mail program.

Everyone has the right to a safe internet, so let’s not forget to #BeCyberSmart.

Comments are closed.