October, National Cyber Security Awareness Month (NCSAM), is our yearly reminder to evaluate our habits: Are we really following cyber security best practices or are we becoming complacent?
This year commemorates the 15th year of this security awareness initiative. Headed by the Department of Homeland Security, NCSAM is a collaborative effort between government agencies and businesses to raise awareness of the constant and growing threat of cybercrime which impacts every Internet user. The overarching theme of “Our Shared Responsibility” underscores the roll we all play in contributing to a safe and secure online experience. With that in mind, here are a few helpful tips which can be quickly implemented to strengthen your security posture and resiliency to common cyber threats.
First Tip: Make account passwords complex and unique.
- A complex password that consists of a combination of lower and uppercase letters, numbers, and special characters yields the strongest defense against password guessing and brute force attacks.
- Password length is vital: the number of password combinations increases exponentially for each increased character used in a password.
- Each unique account should have a unique password. If the password to any single account is compromised, every account that shares that password is vulnerable as well. Password management apps are a great aid in managing unique account passwords.
- Enable multifactor authentication whenever possible, especially on key accounts like banking or social media. Many mobile devices have biometric capabilities in the form of fingerprint and facial recognition. There are also apps available which provide a single use code as part of a multifactor authentication process.
Second Tip: Be email aware. Phishing and spear-phishing email campaigns continue to be one of the most commonly used vectors of cyber-attacks.
- If you receive an odd or unexpected request, stop and question it. After all, it’s unlikely that the CEO needs you to transfer him thousands of dollars by the end of the day.
- Never respond to emails from unknown sources requesting personal information such as social security numbers or birthdays.
- Unsophisticated phishing attempts will frequently have poor grammar or state that it is some type of official correspondence from an entity like the United Nations but ask you to send your information to an unofficial email address from a free email service like Gmail or Hotmail.
- Many phishing attempts try to create a sense of urgency in order to compel the victim to act immediately, with headlines like “act now” or “password expired”.
- Most important, do not click on links or attachments if you are not absolutely confident in the source of the email. This is one of the most common vectors for introducing malware to a system.
Third Tip: Keep a clean machine, from desktop PC’s to mobile phones.
- Update security software and operating systems as updates become available. These updates frequently contain the latest security patches which address known vulnerabilities to the system.
- Enable automatic updates for apps and software when available. Likewise, regularly check for firmware updates for home network routers and other connected devices.
- Always change the default admin usernames and passwords for connected devices. Default usernames and passwords are readily available from a simple web search.
It’s easy to take a few steps towards increasing your security posture in order to reduce the chances of being a victim of a cyber-attack. If each of us implements stronger security practices and raises awareness of vulnerabilities we can mitigate, our interconnected world will be more resistant to attack and more resilient should an attack occur.