October is Cyber Security Awareness Month.  Created by the United States president at the time, George W Bush, it was designed to raise awareness to the importance of cyber security both for normal computer users and for corporate computer users.  Estimates place the losses to cybercrime for 2015 at $3 trillion dollars and that it will increase by 15% each year.  To help combat cybercrime, the Cybersecurity & Infrastructure Security Agency (CISA) recommends four easy steps to staying safe online.

Strong passwords

Passwords like “password1”, “123456”, “p4ssw0rd”, “Computer” are all easy to crack.  The recommended password scheme uses the following:

• At least 16 characters long. 
• A mix of upper/lower case letters, and numbers/symbols
• Use unique passwords for everything.  Do not reuse passwords, ever.

You may also utilize a password manager to help you organize and securely store your passwords.  Some will even monitor if you accidentally used the same password more than once.

Utilize Multi Factor Authentication (MFA)

There can be a bit of confusion here as Two Factor Authentication (2FA) is also available, and some people don’t understand the difference.  Both add security by requiring two separate authentication methods or factors. 

2FA – Uses password and access to Short Message Service (SMS).  A code will be sent via SMS which is entered by the user for login. 

MFA – Uses password and access to a digital device-specific token or key fob.  Instead of receiving an SMS message, a code is generated by the device that is used for login.  An example would be a smart phone with an authenticator app installed and linked to the account.  The code changes every 30 seconds or so.  Such apps can be Microsoft Authenticator, Google Authenticator, LastPass Authenticator, Secure Signin, or Authy (other such apps are available).

It is generally accepted that MFA is more secure than 2FA and some businesses are required to utilize MFA if they want to procure cyber insurance.

Recognize & Report Phishing

Phishing (pronounced “fishing”) is used to describe methods of obtaining information surreptitiously that can be used to either access accounts or to build a profile used to trick unwary support staff that they are someone else.  This can be a phone call that will ask you to provide account information, an email that tricks you into entering login credentials on a fake website, or any other method of gathering personal information.  This is why people need to be on their guard when responding.  Always ask yourself:

• Is this message/call unsolicited?
• Does this link really go to where it should (is it Amazon.com or is it Amazon.co)?
• Are there misspellings or bad grammar?
• Is someone using intimidation to trick information out of me?

But vigilance is not enough.  Vigilance will guard the individual, but only the individual.  The reporting of phishing attempts is vital, especially in the corporate world.  Putting a red flag on sketchy communications can warn your coworkers so they also do not fall for cyber trickery.

Update Software

Software updates are posted regularly.  Some provide additional functionality or bug fixes, but they also provide security fixes.  That is, the respective software companies are constantly testing their software to make sure any security issues are resolved.  But they only help if you install them.  Always keep up with updates to your operating system, applications, and phone software.  And especially keep up to date with antivirus software.

In conclusion, a little effort in vigilance will go a long way in protecting you and everyone else.  Be careful out there.

Resources:

Want to know more about cyber security?  Here are some places to start.

Cybersecurity Awareness Month | CISA

What is Cybersecurity? | IBM

What Is Cybersecurity? | Microsoft Security

20 types of phishing attacks + phishing examples - Norton