Cybersecurity Awareness Month: Think Before You Click
Of all the months in the cyber community’s calendar, October is one of the most important as it marks Cybersecurity Awareness Month. Originating from the US’s department of homeland security and the National Cyber Security Alliance, the purpose of this initiative is to promote cybersecurity awareness and to encourage people to be safe online through the sharing of good practices.
The themes of this year’s campaign are “choose to be safe online” and “think before you click” with a key focus on the people aspect of cybersecurity to help individuals make smart choices whether on the job or at home.
At a time when we’re more connected that ever and threats are multiplying at an alarming rate, to say practicing good digital hygiene is essential is an understatement. To stay safe in today’s ever evolving threat landscape individuals and organisations need to be more than just cyber aware, they need to be cyber smart.
One of the best and most simple ways to protect yourself and others online is to be consistent in the practise of cybersecurity fundamentals. Embedding a few basic steps into your daily habits will go a long way to securing your digital world. Here are our 5 top tips for keeping yourself and those you are connected with, safe online.
1 – Turn on automatic software updates
Whilst you may already have legacy antivirus solutions in place, this only protects you from known malware attacks and leaves you vulnerable as cyber criminals continue to evolve.
That’s why it’s important to update software and devices regularly to patch security vulnerabilities. Updates include protection from viruses and other kinds of malware and will often include improvements and new features. If you receive a prompt to update your device or apps, don’t ignore it. Applying these updates is one of the most important and quickest things you can do to keep yourself safe online.
You should also turn on ‘automatic updates’ in your device’s settings, if available. This will mean you do not have to remember to apply updates.
2 – Use multifactor authentication
Although it can feel like an extra hassle, we highly recommend you enable multifactor authentication (MFA) whenever possible. MFA requires one or more additional verification factors, which decreases the likelihood of a cybercriminal hi-jacking your account. For example, with some 2-step verification methods you will be asked to type in a unique code that will be sent to your phone when you sign in using a new device or change settings such as your password. You won’t be asked for this every time you check your email.
MFA adds an extra layer of protection, so even if cyber criminals steal your password, they can’t easily access your email or change your password.
3 – Recognise the red flags of phishing
Unfortunately, we’re all susceptible to fraudulent communications, and as cyber criminals become increasingly sophisticated in their scams more and more people are going to get duped. As of September 2022, the NCSC received over 14m scam reports, which resulted in 100,000 scams being removed from 184,000 URLs. To avoid falling victim to such attacks, you need to be able to accurately spot the red flags of phishing. When you receive a suspicious communication, stop and think before you click.
Take an extra minute to review the message and search for the following red flags:
– A cybercriminal will push you to act urgently
– Look for poor grammar and unprofessional language
– Requests for personal data, login credentials, or credit card information
– Once-in-a-lifetime offers
– Beware of email attachments, opening a malware attachment can paralyse entire IT systems. Only download attachments from trusted sources
– Do not click on suspicious URLs
If you have any doubts about a message, contact the organisation directly. Don’t use the numbers or address in the message – use the details from their official website. Your bank or any other official source will never ask you to supply personal information via email or call and ask you to confirm your bank account details.
4 – Back up your data
If the worst should happen, whether it be a cyber-attack or a destroyed or missing laptop, having a backup will enable you to avoid the inconvenience of not having access to your valuable data. Your backup should be stored in a separate secure location on the Cloud.
Most Cloud backup solutions allow you to choose what data is stored and can be upgraded to accommodate more data as needed. With an online option you can access your data from anywhere, which offers you much more flexibility. Cloud storage also means you’ll have the option to automatically create backups, so you’re more likely to have access to the most recent copy of your data.
However, it’s important to remember that anyone who can access your Cloud account will also have access to your data, so it’s vital you protect your account with strong passwords and turn on MFA.
5 – Practice good password etiquette
Passwords are the keys to our digital kingdom, so it’s vital you choose strong passwords, and do not reuse them anywhere else. Neither should you reuse the same password and email combination across various accounts, for example, on retail websites, email, social media and other online services. If an attacker identifies a single password you’ve used multiple times, any account using that password can easily be compromised.
But, as many of us know, creating and remembering multiple passwords is hard. A password manager or web browser can store your strong passwords securely. In addition, password managers can help you synchronise your passwords across devices, making it easier to login. Some will even notify you if your password appears within a known data breach, so you know if you need to change it.
A strong password should include the following:
– A mix of upper and lower-case characters
– Make your password at least 12 characters long
– Avoid using passwords that could easily be guessed such as people you know or a pet’s name
– Do not use personal information that others might know or could easily find out such as important birthdays or your initials
– Don’t use common words & patterns such as “qwerty” or “qazwsx”
Here are 6 ways organisations can strengthen employees’ password practices https://adarma.com/ways-strengthen-employees-password/.
Please remember that no single tip is fool proof but practicing them in tandem and habitually is the best way to practice good cyber hygiene and protect yourself, the people and the networks you connect with from a cyber-attack.