Cybersecurity Awareness Month: Best Practices

The season of family gatherings and charitable giving is approaching, and this year more shopping and philanthropy will be conducted over the internet than ever before. Not only has online holiday shopping continued to grow — with a significant boost during the pandemic — but web-based giving has also substantially increased by 42% over the past three years.¹ As more services and everyday tasks move online, and scammers reinvent their methods, it may feel like staying safe is a daunting task. That’s why since 2004, the U.S. President and Congress have declared October to be Cybersecurity Awareness Month — a great time to remember the importance of good cyber hygiene. By bearing in mind four best practices, you can help keep your business and your family safe online:

1.      Enable multifactor authentication

Although multifactor authentication (MFA) is an important tool for keeping accounts secure, 48% of U.S. and U.K. survey respondents say they have “never heard of MFA.”² By requiring multiple methods of authentication to verify user logins, MFA provides additional layers of defense against scammers attempting to log in to your personal, business or financial accounts. MFA works by prompting you to confirm your identity using a separate device from the one you’re signing in on. Methods of authentication vary by platform or service, but often the first layer will require a username and password, and additional layers will require something the real user knows (e.g., a PIN or security questions), something the user has (e.g., a card, a fob or a password-generating app on your phone) or something a user is (i.e., biometrics). Enabling MFA is one of the best ways to keep cyber criminals from gaining access to your accounts.

2.      Use strong passwords and a password manager

Despite the increase of online accounts requiring us to create new passwords on a regular basis, 55% of people still rely on their memory to manage passwords.³ Memorable passwords like “1234,” your birthdate, or the name of your best friend or childhood pet, however, are far from secure. To create a strong password, you should choose one that, at a minimum, includes upper- and lower-case letters, numbers, and symbols, and is eight or more characters in total. Even better, select a unique phrase that’s longer, more complex and easy for you to remember but difficult for others to guess.

With all the passwords we must keep track of today, relying on memory is becoming less feasible and storing passwords in physical or digital notes leaves them vulnerable to theft. In fact, 80% of breaches use stolen or weak passwords.⁴ Password managers are one of the securest ways to protect and keep track of passwords. This simple, single-entry system generates and stores unique, complex passwords, making it easy for you to use but hard for criminals to access.

3.      Update your software

Software updates do more than just improve interfaces and add fun emojis. Updated software and security can hinder hackers’ access. Despite clear security advantages, nearly a third (31%) of U.S. and U.K. survey respondents say they “sometimes,” “rarely” or “never” install updates.⁵

Keeping your software and apps up to date is one of the easiest ways to keep your information and devices secure. Following this best practice can be made easier by turning on automatic updates for all your internet-connected devices.

4.      Recognize and report phishing

Phishing scams have a long history and are becoming more frequent with each passing day. In 2021, 17% of successful cyber attacks started with phishing⁶ — and as our digital networks evolve, phishing techniques are becoming increasingly sophisticated.

Phishing is a type of cyber crime in which scammers send fraudulent messages that appear to come from a reputable source but instead try to trick you into sharing personal information with them — often by creating a false sense of urgency. Phishing messages are typically sent via email but can also be sent over the phone (also called vishing) or through text (smishing). Additionally, they can be sent as the start of a larger, organized cyber crime, especially if a business or organization is targeted.

To avoid falling victim to this common scam:

• Be wary of subject lines that demand urgent action.
• Don’t provide personal information, download attachments or click on links sent from unknown individuals.
• Confirm the identity of any sender by using verified contact information, such as a known phone number or email address.
• Remember that trusted businesses, like Bank of America, will never call you and ask for personally identifiable information.

If you receive a phishing email, you can report it to the FTC at ReportFraud.ftc.gov.

Cybersecurity Awareness Month is a great time to remember that it’s easy to stay safe online. By making these four best practices a habit in your business or household, you’ll be well-equipped to safely make the most of what our digital world has to offer — now and into the future.