This October will mark the 20th annual Cybersecurity Awareness Month. The Cybersecurity Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA) have partnered to declare the October 2023 theme “It’s Easy to Stay Safe Online” and encourages “4 Simple Steps Every American Can Take to Stay Safe Online.” These steps should be practiced throughout the year and enhance safe computing.
Step 1: Use Strong Passwords & a Password Manager
A strong password includes uppercase letters, lowercase letters, number, and symbols. The password should also be long, not just a few digits. Most security experts recommend fourteen or more digits. Short weak passwords are easily hacked by cybercriminals. Additionally, a Password Manager stores your ID’s and passwords and will generate long, strong, unique, random passwords for your logins. A few examples of Password Managers are, Dashlane, NordPass, Last Pass, and more. Last Pass had a breach several months ago but recovered safely from the incident.
Step 2: Turn on Multi-Factor Authentication (MFA)
Multi-factor Authentication (MFA), also called two-factor authentication (2FA), or two-step authentication, is used to protect cloud accounts and the data stored in the cloud. Multi-factor authentication requires a second step when logging into a cloud account. The second step is a verification and makes it less likely that your account will be hacked or breached. It is recommended that multi-factor authentication be enabled for all online accounts, email, payroll, insurance, social media, financial and banking. When using remote access to the office computer and or server, multi-factor authentication should also be used.
To turn on multi-factor authentication for your online accounts, go to the Settings Feature within your online account to enable the feature or look within the privacy settings. Every online account now offers multi-factor authentication, whether it is via an app, text, or email to confirm your identity.
Microsoft 365 has been rolling out multi-factor authentication mandates. If you have not implemented multi-factor authentication for your Microsoft 365, set it up immediately.
Step 3: Recognize and Report Phishing
When you receive emails, text messages, or phone calls from someone you do not know or if you were not expecting them, do not enter any personal information. Most compromises are from emails, texts, or calls that look and sound legitimate and are trying to get you to enter or provide some sort of personal information. Always use a direct method to go to the legitimate provider. For example, if you receive an email that looks just like Microsoft 365 prompting for a password change. The email has a link and is prompting for your online credentials. You should instead go to your web browser and log into your Microsoft 365 account directly. You can check and/or reset your password online. Never trust an email, text, or call prompting for credentials or personal information. Alert others in the office and IT support when you receive a potential phishing email.
Step 4: Update Software
Hardware and software manufacturers release patches and security updates regularly to fix issues and prevent security compromises. Check regularly all your software applications to make sure that the latest patches and updates have been installed. Check for patches and security updates for the computer’s operating system, anti-virus software, Microsoft Office, web browsers, and other software applications. Some software will have automatic updates and some you will need to manually update.
Celebrate cybersecurity awareness month! The above four simple steps will help to keep you safe online.
Please share these steps for safe online computing practices with family, friends, and co-workers.