This year’s U.S. National Cybersecurity Awareness Month is centered on the humans behind the devices and screens, since “while cybersecurity may seem like a complex subject, ultimately, it’s really all about people,” explains the Cybersecurity and Infrastructure Security Agency (CISA). This year’s theme is relevant for everyone but is especially directed at everyday users.
With society increasingly digitally connected, it’s essential that our digital interactions are secure and trusted. Users must feel confident that their data is safe and secure, and that they can trust the companies with which they interact online. Digital trust is what enables individuals and businesses to engage online with confidence that their footprint in a digital world is secure. Individuals can increase their personal digital security by seeing themselves in cyber and taking action to better their cybersecurity habits.
The CISA recommends four steps that anyone can and should take to improve their online security:
Here’s what our DigiCert expert Dean Coclin has to say on those four topics.
“Phishing originated in the mid-’90s as a way to steal AOL users’ information. Back then, the biggest risk was losing your credit card information. It’s safe to say that since 1995 phishing threats have evolved, becoming more diversified and impactful. However, as phishing strategies have evolved, so have the best practices to combat it,” Coclin says.
We shared 10 tips to avoid phishing scams in a recent blog, like upgrading both your operating system and browser software, blocking pop-ups, only accepting trusted certificates on webpages and looking out for any unsecure warnings from the browser. Read the full 10 tips to avoid phishing here.
“Software updates help protect against current vulnerabilities. Developers often send updates to protect against known weaknesses, so it’s wise to install them right away before an attacker can take advantage of them. You can set computers and devices to automatically install software updates, which is the easiest way to keep programs up to date. Furthermore, updates from popup ads or emails could actually be malware. So setting updates to install automatically will mean they don’t need to click on any update requests that could contain malware,” Coclin says.
A strong password meets the following criteria:
Coclin also recommends a password manager: “Password managers simplify what they must remember; instead of a different password for everything, you only need one secure password to log on, and the manager can generate secure passwords for everything else. Password managers can’t be used for everything, but they will simplify any online logins and can be used across multiple devices."
“It is no longer sufficient to just have a strong password policy. Most passwords are not strong enough to stand up against hacking: 90% of user-generated passwords are weak and vulnerable. Managing a multitude of passwords is a burden on users and they are likely reusing the same password, or aspects of the same password, just to remember it. However, this makes them even more vulnerable because if one password can be hacked, the others are easily guessed,” Coclin says.
MFA creates a layered defense with two or more independent credentials: what you know (password), what you have (security token) and what you are (biometric verification). Read the DigiCert Guide to Multi-Factor Authentication for a detailed explanation of how it works.
The CISA also has a platform for reporting incidents, phishing attempts, malware and vulnerabilities, available at https://www.cisa.gov/report.
Check out past themes for National Cybersecurity Awareness Month at https://www.digicert.com/blog/category/national-cyber-security-awareness-month.