October 2023 is the 20th Anniversary of Cyber Security Month!
#SecureOurWorld
In recognition of the 20th year, CISA announced a new enduring cybersecurity awareness program, Secure Our World. Secure Our World reflects a new enduring message to be integrated across the Cybersecurity and Infrastructure Security Agency’s (CISA) awareness campaigns and programs, and encourages all of us to take action each day to protect ourselves when online or using connected devices.
The program promotes behavioral change across the Nation, with a particular focus on how individuals, families and small to medium-sized businesses can Secure Our World by focusing on the four critical actions below.
Enable Multi-Factor Authentication
1. Go to Settings
It may be called Account Settings, Settings & Privacy or similar.
2. Look for and turn on MFA
It may be called two-factor authentication, two-step authentication or similar.
3. Confirm
Select which MFA method to use from the options provided by each account or app. Examples are:
- Receiving a numeric code by text or email
- Using an authenticator app: These phone apps generate a new code every 30 seconds. Use this code to complete logging in.
- Biometrics: This uses our facial recognition or fingerprints to confirm our identities.
Use Strong Passwords and a Password Manager
A strong password follows ALL THREE of these tips.
1. Make them long
At least 16 characters—longer is stronger!
2. Make them random
Two ways to do this are:
Use a random string of mixed-case letters, numbers and symbols. For example:
- cXmnZK65rf*&DaaD
- Yuc8$RikA34%ZoPPao98t
Create a memorable phrase of 5 – 7 unrelated words. This is called a “passphrase.” To make it even better, get creative with spelling and/or add a number or symbol. For example:
- Strong: HorsePurpleHatRunBaconShoes
- Stronger: HorsPerpleHatRunBayconShoos
- Strongest: HorsPerpleHat#1RunBayconShoos
3. Make them unique
Use a different strong password for each account.
For example:
- Bank: k8dfh8c@Pfv0gB2
- Email account: LmvF%swVR56s2mW
- Social media account: e246gs%mFs#3tv6
It’s hard to remember all these long passwords and we don’t want to save them in a file on a computer. Instead, use a password manager.
Update Your Software
1. Watch for notifications
Our devices will usually notify us that we need to run updates. This includes our devices’ operating systems, programs and apps. It’s important to install ALL updates, especially for our web browsers and antivirus software.
2. Install updates as soon as possible
When notified about software updates, especially critical updates, we should be sure to install them as soon as possible. Malicious online criminals won’t wait, so we shouldn’t either!
3. Turn on automatic updates
With automatic updates, our devices will install updates without any input from us as soon as the update is available—Easy!
To turn on the automatic updates feature, look in the device’s settings, possibly under Software or Security. Search settings for “automatic updates” if needed.
Recognize and Report Phishing with 3 simple tips:
1. Recognize
Look for these common signs:
- Urgent or emotionally appealing language, especially messages that claim dire consequences for not responding immediately
- Requests to send personal and financial information
- Untrusted shortened URLs
- Incorrect email addresses or links, like amazan.com
A common sign used to be poor grammar or misspellings although in the era of artificial intelligence (AI) some emails will now have perfect grammar and spellings, so look out for the other signs.
2. Resist
If you suspect phishing, resist the temptation to click on links or attachments that seem too good to be true and may be trying to access your personal information. Instead, report the phish to protect yourself and others. Typically, you’ll find options to report near the person’s email address or username. You can also report via the “report spam” button in the toolbar or settings.
3. Delete
Delete the message. Don’t reply or click on any attachment or link, including any “unsubscribe” link. Just delete.