This year’s U.S. National Cybersecurity Awareness Month is centered on the humans behind the devices and screens, since “while cybersecurity may seem like a complex subject, ultimately, it’s really all about people,” explains the Cybersecurity and Infrastructure Security Agency (CISA). This year’s theme is relevant for everyone but is especially directed at everyday users.

With society increasingly digitally connected, it’s essential that our digital interactions are secure and trusted. Users must feel confident that their data is safe and secure, and that they can trust the companies with which they interact online. Digital trust is what enables individuals and businesses to engage online with confidence that their footprint in a digital world is secure. Individuals can increase their personal digital security by seeing themselves in cyber and taking action to better their cybersecurity habits.

The CISA recommends four steps that anyone can and should take to improve their online security:

1. Think before you click: Recognize and report phishing. If a link looks a little off, think before you click. It could be an attempt to get sensitive information or install malware.
2. Update your software: Don't delay. If you see a software update notification, act promptly. Better yet, turn on automatic updates.
3. Use strong passwords: Use passwords that are long, unique and randomly generated. Use password managers to generate and remember different, complex passwords for each of your accounts. A password manager will encrypt passwords, securing them for you.
4. Enable multi-factor authentication: You need more than a password to protect your online accounts, and enabling MFA makes you significantly less likely to get hacked.

Here’s what our DigiCert expert Dean Coclin has to say on those four topics.

Think before you click

“Phishing originated in the mid-’90s as a way to steal AOL users’ information. Back then, the biggest risk was losing your credit card information. It’s safe to say that since 1995 phishing threats have evolved, becoming more diversified and impactful. However, as phishing strategies have evolved, so have the best practices to combat it,” Coclin says.

We shared 10 tips to avoid phishing scams in a recent blog, like upgrading both your operating system and browser software, blocking pop-ups, only accepting trusted certificates on webpages and looking out for any unsecure warnings from the browser. Read the full 10 tips to avoid phishing here.

Update your software

“Software updates help protect against current vulnerabilities. Developers often send updates to protect against known weaknesses, so it’s wise to install them right away before an attacker can take advantage of them. You can set computers and devices to automatically install software updates, which is the easiest way to keep programs up to date. Furthermore, updates from popup ads or emails could actually be malware. So setting updates to install automatically will mean they don’t need to click on any update requests that could contain malware,” Coclin says.

Use strong passwords

A strong password meets the following criteria:

• It is at least eight characters long.
• It does not contain any of your personal information — specifically, your real name, username or your company name.
• It is unique from your previously used passwords.
• It does not contain any word spelled completely.
• It is made up of different types of characters, including uppercase letters, lowercase letters, numbers and characters.

Coclin also recommends a password manager: “Password managers simplify what they must remember; instead of a different password for everything, you only need one secure password to log on, and the manager can generate secure passwords for everything else. Password managers can’t be used for everything, but they will simplify any online logins and can be used across multiple devices."

Enable multi-factor authentication

“It is no longer sufficient to just have a strong password policy. Most passwords are not strong enough to stand up against hacking: 90% of user-generated passwords are weak and vulnerable. Managing a multitude of passwords is a burden on users and they are likely reusing the same password, or aspects of the same password, just to remember it. However, this makes them even more vulnerable because if one password can be hacked, the others are easily guessed,” Coclin says.

MFA creates a layered defense with two or more independent credentials: what you know (password), what you have (security token) and what you are (biometric verification). Read the DigiCert Guide to Multi-Factor Authentication for a detailed explanation of how it works.

Where to get help and learn more

The CISA also has a platform for reporting incidents, phishing attempts, malware and vulnerabilities, available at https://www.cisa.gov/report.

Check out past themes for National Cybersecurity Awareness Month at https://www.digicert.com/blog/category/national-cyber-security-awareness-month.