As we wrap up the 20th Cybersecurity Awareness Month, let’s take a look at this year’s themes and reminders on the threats out there and actions we can take to help stay safe online.
One of the themes of this year’s Cybersecurity Awareness Month is using strong passwords and a password manager, neither of which is really sufficient without also using multi-factor authentication, which is another of this year’s themes. Why, after 20 years, are we still talking about passwords?? And aren’t passwords going away with the advent of passkeys?
The fact is, passwords have been around for decades. They are entrenched in cybersecurity culture, and for most everyday users, protecting their accounts means using a password. Yes, passkeys are more secure, and the hope is eventually they will be the means of choice for accessing accounts, but passwords are likely to be with us for years yet. There is a cost to implementing passkeys as a form of authentication, and while that may be easily absorbed by the big players like Google and Microsoft, not every business has the resources to jump in so quickly.
Also, let’s not forget the human factor. As easy as a password manager is to use, not everyone uses one – and even fewer people use MFA unless they have no choice. And believe it or not, not everyone has a smart phone or an easy way to use a hardware token, or even a computer of their own. Requiring passkeys and not allowing the option to use a password has the potential to widen the digital divide.
Passwords and Multi- Factor Authentication
So it’s worth while to remind people of the need to use good passwords, and ideally to pair them with MFA. Dealing with passwords is made a lot easier by using a password manager, but no matter how you manage passwords, be sure not to reuse passwords.
Reusing passwords makes it much more likely that your accounts will be hacked – just look at all the data breaches in the news (and think about the ones that don’t make the news). If your password is exposed in a breach, any account that you’ve used that password on is vulnerable. MFA adds an extra layer of protection to your accounts, making it harder for the bad guys to get in.
Beware of the Phish
Another way cybercriminals can get into your accounts or systems is through phishing, which is why another theme for this year’s Cybersecurity Awareness Month is “recognize and report phishing.” Many cyber incidents start with a “phish” – an email, phone call, text, or social media message asking for information or trying to get you to click on a link, which may allow malicious software to download on your machine or steal your information.
Red flags to watch for are alarming language which tries to create a sense of urgency that you must respond right away, or links that look suspicious or have misspellings in common domain names. Not all phishing messages have awkward language or misspellings, especially as AI has made it easier to write convincing messages, so be careful of ANY email or message that asks you to click on a link or provide personal or financial information.
If you do receive a suspect message, report it. If it’s a business message, follow your company’s reporting procedures. If it’s personal, you can often report suspicious messages to your email provider or to the organization which supposedly sent the message.
Finally, delete phishing messages. Don’t reply or click on any links, even an “unsubscribe” link – just delete the message.
One of the best ways to stay secure is to update software on your computer, phone, and other devices. Software developers frequently release updates to patch vulnerabilities and fix security issues. Hackers and cybercriminals are continually searching for weaknesses to exploit, so failing to update your software can leave your devices and data exposed to potential threats.
Some updates are designed to enhance data protection and privacy. For instance, privacy settings and data encryption methods are frequently improved in updates to safeguard your personal information from potential breaches.
Turn on automatic updates where possible. You can usually set your computer, mobile phone, and web browsers to automatically install updates, which can help to keep your devices secure with minimal effort on your part. However, don’t forget about other devices connected to your network – at work or at home. Remember to check for updates on printers, routers, and IoT devices to help stay secure.
Keep It Up!
Cybersecurity Awareness Month promotes good cyber practices and provides information on current threats, but it’s important to stay aware of and practice good cyber hygiene year-round. The infographic below is a good reminder to use all year to help us all stay secure.