It’s the last day of October, which means this year’s National Cybersecurity Month is officially ending. But that doesn’t mean you should stop taking measures to #StayCyberSafe! This year, the NCSAM theme was “Own IT, Secure IT, Protect IT” – let’s take a look at some of the tips that were presented this month.
We’re almost constantly connected, whether at home, at work, at school, or even on vacation. With mobile phones and Internet of Things devices, there are more ways to be connected than ever before. Not only that, we also have many accounts which collect our information.
- Don’t overshare on social media. #BeCyberSmart about where you share your information and who you share it with. Connect only with people you know and trust.
- Set privacy and security settings to limit what your devices and social media accounts share about you.
- Keep tabs on your apps; only download from legitimate, trusted sources. Review the permissions those apps are asking for, and deny any that don’t make sense.
Security breaches seem to be happening more and more often; they’re hardly front page news any more. Your personal information is valuable, so do what you can to keep it out of the hands of cyber criminals.
- Use strong passwords, and don’t use the same password on multiple accounts. A password manager can help you keep track of all those strong, unique passwords for your accounts. Some can even help you share access with trusted partners or family members, without requiring you to give them the password.
- No matter how strong your password is, if a breach occurs, your account may be vulnerable. Enable multi-factor authentication to add another layer of security and help ensure the only person who can access your account is you.
- Don’t get hooked by a phishing scam! Be very cautious when opening emails, and never click on links or attachments sent by people you don’t know. Even if the email looks like it’s from a friend, coworker, or your boss, be wary of clicking on links. Scammers can spoof email addresses, so it’s best to check the legitimacy of the email, especially if it’s urging you to click or open something right away.
While today’s technology allows us to shop, bank, communicate, and entertain ourselves anywhere, this convenience comes with an increased risk. Smart home devices, such as thermostats, door locks, and cameras can make our lives easier and save time and money, but be aware of the additional security risk that comes with these smart devices.
- Your wireless router is the main entryway to all your connected devices, so be sure to change the default user name and password, keep the firmware up to date, and set a password on your Wi-Fi network. Also, change the default credentials on all your smart devices, and make sure you understand the permissions and access they have to your network, your information, and your personal space. Assume a smart speaker is always listening, and a smart camera is always watching.
- Keep software and firmware on all your devices up to date. Your computer, smart phone, router, and many smart home devices get updates to help keep them protected from ever-changing threats. If you have an older device, make sure it’s still being supported; sometimes, it’s just time to get rid of that old streaming device to help protect the rest of your home.
- Public Wi-Fi is not safe or secure. Even a public Wi-Fi network with a password could be compromised. If you must use public Wi-Fi, be sure it’s the actual network provided by the location. Use a VPN service to protect the privacy of the information you’re sending, and avoid accessing sensitive accounts such as financial and banking accounts while on public Wi-Fi.
As we move into the holiday season and the new year, keep these cyber security tips in mind. OWN IT, Secure IT, and Protect IT to keep yourself and your family #CyberSafe.
Can You Spot The Phish?
One of the main ways cybercriminals steal information or spread ransomware is by gathering information through phishing emails.
Not all phishing emails are full of spelling errors and sent from people purporting to be Nigerian princes. Some are quite sophisticated, and emulate known and trusted brands.
Try this phishing quiz from Google to see if you can spot the phish.
Taken The Bait?
If you think you’ve been a victim of phishing, take action as soon as you realize the problem. Change your account login credentials, scan your system for malware, and report the phishing attack to the company that was impersonated. You may also want to notify your bank and credit card companies, and be sure to closely monitor your statements for unusual activity.
Also, consider reporting the phishing attempt to the Anti-Phishing Working Group (APWG), an international coalition working to coordinate responses to cybercrime. You can forward the suspicious email to [email protected]; if your email client allows, forward the email as an attachment, as this will provide more details to help APWG tracking and analysis.
Milepost 42 is honored to join an initiative to promote awareness of online safety and privacy, by signing up as a Champion of National Cybersecurity Awareness Month (NCSAM) 2019.
NCSAM is a collaborative effort among businesses, government agencies, colleges and universities, associations, nonprofit organizations and individuals committed to this year’s NCSAM theme of “Own IT. Secure IT. Protect IT”, and this year’s initiative will encourage everyone to #BeCyberSmart through cybersecurity best practices.
30 years ago, the world wide web was just getting started. Today, we can access information almost instantly, from a device that fits in a pocket. We have technology in almost every aspect of our lives. And just like in all the other parts of our lives, we need to protect and secure the things we own.
~ Stacy Clements, Owner of Milepost 42
Now in its 16th year, NCSAM continues to build momentum and impact with the ultimate goal of providing all Americans with the information they need to stay safer and more secure online. [Organization name] is proud to support this far-reaching online safety awareness and education initiative which is co-led by the National Cyber Security Alliance (NCSA) and the Cybersecurity and Infrastructure Agency (CISA) of the U.S. Department of Homeland Security.
“Cybersecurity is important to the success of all businesses and organizations. NCSA is proud to have such a strong and active community helping to encourage proactive behavior and prioritize cybersecurity in their organizations,” said Kelvin Coleman, executive director, NCSA.
For more information about NCSAM 2019 and how to participate in a wide variety of activities, visit staysafeonline.org/ncsam. You can also follow and use the official NCSAM hashtag #BeCyberSmart on social media throughout the month.
About Milepost 42
Milepost 42 is a technology partner for small business owners who want to focus on their passion and not the “techie stuff” needed to support it. Small businesses need technology –websites, email, automation – to run and grow, and they also need to be aware of the need for cybersecurity to ensure business continuity. Milepost 42 provides those services and planning assistance for small business owners who are ready to have someone else handle the “web stuff”.
About National Cybersecurity Awareness Month
NCSAM is designed to engage and educate public- and private-sector partners through events and initiatives with the goal of raising awareness about cybersecurity to increase the resiliency of the nation in the event of a cyber incident. Since the Presidential proclamation establishing NCSAM in 2004, the initiative has been formally recognized by Congress, federal, state and local governments and leaders from industry and academia. This united effort is necessary to maintain a cyberspace that is safer and more resilient and remains a source of tremendous opportunity and growth for years to come. For more information, visit staysafeonline.org/ncsam or niccs.us-cert.gov/national-cybersecurity-awareness-month-2019.
NCSA is the nation’s leading nonprofit, public-private partnership promoting cybersecurity and privacy education and awareness. NCSA works with a broad array of stakeholders in government, industry and civil society. NCSA’s primary partners are the Cybersecurity and Infrastructure Security Agency and NCSA’s Board of Directors, which includes representatives from ADP; American Express; Bank of America; CDK Global, LLC; CertNexus; Cisco; Cofense; Comcast Corporation; Eli Lilly and Company; ESET North America; Facebook; Google; Infosec; Intel Corporation; Marriott International; Mastercard; Microsoft Corporation; Mimecast; NXP Semiconductors; Proofpoint; Raytheon; Symantec Corporation; Trend Micro, Inc.; Uber: U.S. Bank; Visa and Wells Fargo. NCSA’s core efforts include National Cybersecurity Awareness Month (October); Data Privacy Day (Jan. 28); STOP. THINK. CONNECT.™, the global online safety awareness and education campaign co-founded by NCSA and the Anti-Phishing Working Group with federal government leadership from the Department of Homeland Security; and CyberSecure My Business™, which offers webinars, web resources and workshops to help businesses be resistant to and resilient from cyberattacks. For more information on NCSA, please visit https://staysafeonline.org/about/.
Summer is here! Kids are out of school, and maybe you have a vacation planned – but cybercriminals never take a holiday. Whether you’re booking a hotel room, buying concert tickets, picking up stuff for your garden, or taking advantage of summer clothing sales, stay vigilant when making online purchases.
Several years ago, most people made very few online purchases. Now, Amazon Prime Day(s) are touted almost as much as holidays, and some people buy almost everything online. You can make purchases, and even pay, with your mobile phone. The downside of this convenience is that it gives cyber thieves more ways to get into your wallet.
But just like there are ways to protect yourself when in a crowded place that may harbor pickpockets, there are ways to protect yourself from the cyber bag snatchers. CouponChief has put together an Online Shopping Safety Guide to educate consumers on security concerns and provide some tips on what you can do to protect yourself. Give it a read, and enjoy your summer shopping, safely!
Happy #WorldPasswordDay! The first Thursday of May is designated World Password Day, and it’s intended to promote better password habits to help safeguard our digital identities. With cybercrime on the rise and data breaches becoming almost commonplace, it’s more important than ever to protect these keys to our kingdoms. Take a moment today to review these tips to secure access to your accounts.
Use Strong Passwords
You know this…but do you follow this advice? A recent study of hacked accounts showed that 23.2 million victim accounts used 123456 as the password. Make your passwords strong – a combination of upper and lower case letters, numbers, and special characters is best.
Use a minimum of 12–15 characters – longer is better! Length is even more important than complexity, and long “pass phrases” can actually be easier to remember. Don’t use easy-to-guess information, such as birthdays, sports teams, or band names, and don’t use dictionary words.
Don’t Use The Same Password On Different Systems
When you’ve picked out a great strong passphrase, it’s tempting to use it everywhere. Don’t do it! Even the strongest password does you no good if it’s been exposed in a data breach. Cyber criminals often take passwords gleaned from a breach, and try the credentials on other systems. If your social media account is compromised, and you use the same password and email address for your bank account…well, that’s a problem you don’t need.
Web security expert Troy Hunt created a great free resource which collects data on known breaches to help people assess whether their information may be at risk. Check out Have I Been Pwned to see if any of your accounts have been compromised in a data breach. (Spoiler: the answer is probably yes!)
LastPass is a great password management tool for you, your family, or for a business team. (Disclosure: This is an affiliate link, which means I may get a small commission if you purchase through this link. There is no extra charge to you and there is no requirement to purchase through this link to get the latest deal.)
Use A Password Manager
So, I’m supposed to use long, strong passwords, and different passwords for everything – how am I supposed to remember all this? If you follow best practices for passwords, it’s impossible to remember and keep track of them all – this is where password managers come in.
A good password manager will securely store unique login credentials for all your different accounts. You only need to remember the master password to the password management tool itself. Features vary depending on the tool you choose, but many password managers allow you to autofill using a browser extension (be cautious!), sync passwords to use on desktop and mobile devices, help you change passwords on your accounts, and generate strong passwords to help keep your accounts secure.
Most password managers are relatively inexpensive, and many have free versions that may work for you. I personally use LastPass, but it doesn’t matter what you use, just use one!
#LayerUp Your Login
Yes, it’s World Password Day, and since passwords are still the most prevalent way of protecting an account, we need to follow good password practices. However, the best password in the world is useless if it’s been exposed in a data breach. The theme for this year’s World Password Day is #LayerUp – further protect your login by using multi-factor authentication (also known as two-factor authentication).
Multi-factor authentication adds another layer of protection to your accounts by requiring an extra step, such as entering a code sent to your phone, a code generated by an authentication app on your mobile device, or authentication with a separate hardware key. This may seem a little inconvenient, but it’s a lot less hassle than trying to get your money back if your bank account is hacked or having to cancel your credit card after a major data breach.
Most major companies now have the option to turn on two-factor authentication to help prevent fraudulent access and add additional protection to your account. Check out these tutorials to learn how to enable this additional protection for many popular services.
Your personal information is valuable – protect it! Take a moment to celebrate #WorldPasswordDay by reviewing your accounts for strong passwords, and enabling multi-factor authentication on your most important accounts. #LayerUp and stay safe online!