With shorter days and falling leaves, apples and pumpkins ready for harvest, and Halloween just around the corner, October is one of our favorite times of year here at BTB Security. Much as we love the thrills and chills that skeletons, witches and spiderwebs bring, we also appreciate the fact that it’s National Cybersecurity Awareness Month. Now being observed for its seventeenth consecutive year, this nationwide campaign seeks to raise awareness about the importance of cybersecurity and ensure that all Americans have the resources they need to be safer and more secure online.
When it comes to protecting your organization from the frightful ghouls lurking in the darkest corners of the Internet, the most important steps you can take include adhering to fundamental cybersecurity best practices. These remain the same whether you’re working in the office or remotely, whether you’re accessing cloud applications or software that’s hosted on premises, and whether you’re a computer engineering expert or someone with less of a technical bent. They’re well established strategies, but all too often, busy employees forget their significance or underestimate the risks. That’s why awareness is so critical – and why National Cybersecurity Awareness Month provides an all-important reminder each year.
With that, we’d like to call your attention to these tried-and-true methods for reducing your cybersecurity risks, both at home and at work:
#1: Choose strong passwords and make use of a password manager rather than re-using passwords on multiple sites.
With so many essential services available through the Internet today, passwords may be the only thing standing between your accounts –and the sensitive financial and personal information they contain – and cybercriminals. Because so many passwords have been exposed in data breaches, it’s vital that you don’t employ the same one for multiple accounts. Should someone intercept one account’s password, you don’t want them gaining access to others. A strong password should contain a minimum of twelve characters (though more is better) and should not be easily guessable. Because they’re even longer, passphrases offer additional security.
Consider a password manager such as the free open-source password vault KeePass. With these services, you need to remember only one strong password, which will then give you access to all your others. KeePass stores your account passwords in a strongly encrypted database.
#2: Use two-factor or multi-factor authentication (MFA) on all of your accounts.
Implementing two- or multi-factor authentication adds a layer of protection beyond the passwords that safeguard your accounts. Once it’s set up, users need to present an additional form of identity verification before they’re granted access to accounts or online resources. This additional factor could be evidence that they have a smartphone (proof of receipt of a text message), access to an email account, a unique code or token, a fingerprint or even a retina scan. With MFA in place, even if you do fall victim to a phishing attack, there’s an extra barrier standing in the way of cybercriminals seeking to make use of compromised credentials.
#3: Educate yourself, your co-workers and your employees about the latest cybersecurity threats.
When it comes to cybersecurity, knowledge is power. Because attackers are always on the lookout for new ways to hoodwink potential victims, it’s critical to remain aware of the dangers associated with Internet use. The better you understand the tactics criminals are currently employing to gain access to user accounts or personal and financial information, the less likely you are to be tricked.
Take phishing as an example. It used to be that these fraudulent email or text messages were rife with grammatical errors and spelling mistakes, but that’s no longer the case. Today’s most sophisticated phishing messages feature pirated logos and other branding that’s nearly impossible to distinguish from the real thing. For this reason, you should never click on a link in an email to visit a banking website. Instead, bookmark a link to what you’re certain is the authentic and trustworthy site. Many banks offer automatic alerting whenever transactions are initiated – an extra layer of protection that it’s worth enabling. In addition, it’s always a good idea to call your financial institution if you notice questionable activity in your account. Be sure to use a known phone number to reach them when you call, not one that arrived by email.
#4: Keep software up to date.
Software vendors frequently update their products and as soon as vulnerabilities are discovered, they issue patches that fix problems that have been discovered. Some of these vulnerabilities are severe, in some cases even enabling malicious third parties to completely control someone’s computer without their knowledge. Cybercriminals are constantly scanning the Internet for machines that are running older versions of software that contain vulnerabilities that can be exploited. Enabling automatic software updates is an easy way to protect yourself from these sorts of attacks. It ensures that all new patches will automatically be applied to your computer as soon as they’re released.
#5: Use antivirus software and install a firewall
Antivirus programs and firewalls are designed to prevent malicious code from infecting your computer. This includes malware that’s arrived via infected email attachments, malicious links in email messages and so-called “drive-by downloads” – automatic downloads initiated by compromised websites. Because antivirus and firewall technologies usually work by blocking known threats, it’s important to ensure that your software will receive automatic updates. This provides protection based on the most recent information and guards against the latest threats.
Want more advice from industry professionals on how to stay one step ahead of cybercrime? Don’t miss our blog, where you’ll find more information, practical tips and wisdom from the field.