Cybersecurity Awareness Month (Cyber Month) is celebrated in Canada every October. As individuals and organizations, Cyber Month is an ideal time to consider how we can protect ourselves and our loved ones online. A great Canadian Resource for Cyber Month is the Get Cyber Safe website.
As part of Cyber Month, we are promoting these key behaviours to encourage everyone to take control of their online lives. You can stay safe and secure online in a variety of ways, but practicing these cybersecurity basics can make a big difference:
- Use Strong Passwords and a Password Manager
- Turn on Multifactor Authentication
- Recognize and report suspicious email
- Update Your Software
In this blog, we will detail exactly how these four areas can help keep you cyber-safe.
- Use Strong Passwords and a Password Manager
We have gone from managing a few passwords to managing upwards of 100 as our online lives have evolved. That means you'll have 100 unique passwords to remember if you’re using strong password habits. Using a password manager can make users' lives easier by recommending strong, unique passwords and keeping them all in one place instead of having to remember multiple passwords.
Many of us re-use or use simple passwords to make remembering our passwords easy. The problem with using an easy-to-guess password is that it is like locking the front door but leaving the key in the lock. Weak passwords are easily cracked by computer hackers. Fortunately, strong passwords reduce the risk of someone stealing your sensitive information, data, money, or even your identity by protecting your accounts from compromise.
Tips for stronger passwords:
- Longer is stronger: Passwords with at least 16 characters are harder to crack.
- Make it hard to guess: Use a random string of mixed-case letters, numbers, and symbols. A good way to remember a password is to create a passphrase consisting of five to seven unrelated words. Be sure to get creative with spelling and add numbers or symbols.
- Don’t re-use passwords: Use a unique password for each account to protect your accounts from potential hackers. Only 33% of individuals create unique passwords for all accounts (National Cybersecurity Alliance).
Remembering long, unique passwords for every account you might have is impossible. Instead of writing them down or reusing weak passwords, you should use a password manager. Only 18% of individuals have downloaded a password manager (National Cybersecurity Alliance). A password manager stores all your passwords securely, so you don’t have to remember them. It also helps you generate unique passwords for each account, so you don’t have to come up with them yourself. Some password managers will even let you know when you have weak, re-used passwords, or compromised passwords. One bonus tip to make your password manager secure is to create a memorable long “passphrase” as described above and NEVER write your master password down.
- Turn on Multifactor Authentication
In a recent National Cybersecurity Alliance survey, 57% of respondents said they had heard of multifactor authentication (MFA) but didn’t realize that multifactor authentication is an incredibly important layer of protection in keeping accounts secure. Among those who had heard of MFA, 79% had applied it to their online accounts. (National Cybersecurity Alliance)
MFA provides extra security by providing a secondary method of confirming your identity. With MFA, you enter a code sent to your phone or email, or one generated by an app. Push notifications are another common method of MFA. This added step prevents unauthorized users from accessing your accounts even if your password has been compromised.
How to activate multifactor authentication:
- Open your app or account settings.
- It could be called Account Settings, Settings & Privacy, or something similar.
- Turn on multifactor authentication.
- It may be called two-factor authentication, two-step authentication, or something similar.
- Select an MFA method to use from the options provided. Examples include:
- Receiving a code by text or email.
- Using an authenticator app: These phone-based apps generate a new code every 30 seconds or so.
- Biometrics: This uses facial recognition or fingerprints to confirm your identity.
Studies show that once someone starts using MFA, 94% of those people will continue using MFA. This demonstrates that the biggest hurdle to its use is getting users to try it. (National Cybersecurity Alliance)
- Recognize and Report Suspicious Email/Phishing
Phishing attacks have become an increasingly common problem for all organizations as they can be very difficult to spot. Every individual must know how to spot red flags to avoid clicking on a bad link or opening a malicious attachment. The good news is, that 72% of users reported that they checked to see whether messages were legitimate (i.e., phishing or a scam) compared to 15% who reported not doing so. (National Cybersecurity Alliance)
Phishing occurs when criminals try to get you to open harmful links or attachments to steal your personal information or infect devices. Phishing messages can come in the form of an email, text, direct message on social media, or phone call. Many of these messages appear to come from trusted individuals or organizations to entice you to respond. Fortunately, you can protect your accounts and avoid falling for phishing scams! The following tips can help you avoid falling victim to phishing attacks:
- Recognize: Look for these common signs:
- Urgent or alarming language
- Requests to send personal and financial information
- Poor writing, misspellings, or unusual language
- Incorrect email addresses, domain names, or links (e.g., amazan.com).
- Report: If you suspect phishing, report it to protect yourself and others.
- Know your organization’s guidance for reporting phishing. If your organization offers it, you may have options to report the email via the “report spam” button in your email toolbar or settings.
- For personal email accounts, you may be able to report spam or phishing to your email provider by right-clicking on the message. 47% of the participants said they used the reporting capability on a platform (e.g., Gmail, Outlook) “very often” or “always. (National Cybersecurity Alliance)
- Delete: Delete the message. Don’t reply or open any attachments or links, including any “unsubscribe” links. Just delete.
- Update Your Software
Approximately 40% of survey respondents say they either “sometimes,” “rarely,” or “never” install software updates (National Cybersecurity Alliance). This is a scary statistic, as one of the easiest ways to protect your accounts and information is to update your software and applications regularly. Software updates provide security patches to address known vulnerabilities and fix software issues. This Cyber Month don’t hit the “remind me later” button. You must take action to stay ahead of cybercriminals.
The good news is that 36% of survey participants reported installing the latest updates and software as soon as they became available. (National Cybersecurity Alliance). Automatic updates can be enabled in your device or application security settings for added convenience! Of those who reported installing the latest updates to their devices, 62% had automatic updates turned on. (National Cybersecurity Alliance)
Here are some tips on how you can stay on top of updating your devices.
- Check for Notifications
Devices and applications will notify you when the latest software updates become available. It is also important to check for updates periodically. These software updates include your devices’ operating systems, programs, and apps. It is crucial to install all updates, particularly for web browsers, antivirus software, and any apps that contain financial or sensitive information. - Install updates as soon as possible
When a software update becomes available, be sure to install it as soon as possible. Especially critical updates. Attackers won’t wait and neither should you! - Turn on automatic updates
Devices will install updates as soon as they become available if automatic updates are enabled. This makes the task of updating your devices and software easy! To turn on automatic updates, look in the device settings, usually under Software or Security.
If you follow the best practices of using strong password management, using multifactor authentication, recognizing and reporting phishing emails, and regularly updating your devices and systems, you will become more cybersecure. It is also important that you practice these cybersecurity best practices not only in October but all year round. If you have questions about these tips or any other cybersecurity questions, please follow us on LinkedIn or send us an Email. We’d be happy to help!