More and more people are aware of the need to use good cybersecurity practices. However, the National Cybersecurity Alliance (NCA) has found that,
·
46% of people say trying to stay secure online is frustrating.
·
44% say security is intimidating.
·
40% say information on how to be secure is confusing.
While cybercrime and cybersecurity can be highly technical and complex,
a few basic practices can keep us secure. The NCA has developed four basic
practices, they call the “Core Four,” that include using long, strong passwords
and a password manager, turning on Multifactor Authentication (MFA also known
as 2FA), keeping your software updated, and recognizing and reporting scams and
phishing techniques.
Strong Passwords. While there is talk among cybersecurity professionals of migrating
security away from passwords, we still need passwords when we open most online
accounts. As computing power has improved over the years cybercriminals have improved
their ability to crack passwords quickly to take over other people’s accounts. The
current guidance for passwords is that they should be
·
Long, at least 16 characters or more.
·
Complex, including upper and lower case, numbers, and special
characters.
·
Unique, use a different password for each of your accounts.
You might have many accounts with passwords and keeping track of
them is hard since memorizing each one is impossible. The best way to keep
track is to use a password manager (or vault) to securely store all of your
strong passwords. Password managers are encrypted to protect your passwords
from view of strangers. They also can generate strong passwords for you and often
have the capability to fill in your passwords for you when you go into your
accounts.
One final thing on passwords. Change the password to any account
that has been breached or that you suspect may have been breached.
Multifactor Authentication. When you use a password to enter your
account, you are using something that you know to enter your account. By using
a second factor, the holders of your account can be assured that you are you,
not someone who has stolen your password. Second factors can be something you
have, like your cell phone, or they can be something you are, like your
fingerprint or your face.
Using MFA improves the security of your accounts. While strong passwords
can help to protect your accounts from strangers entering them, they do have
some weaknesses. Scammers can acquire your passwords through phishing emails or
text messages and cybercriminals can acquire your passwords through data
breaches or they can purchase them from other cybercriminals. Using MFA
provides a second security layer making it more difficult for a cybercriminal
to enter your accounts.
MFA can be used through a text message, a phone call, or email. The
most secure method to use MFA is with an authenticator app such as Microsoft
Authenticator or Google Authenticator. Authenticator apps communicate with the
service holding your account via a secure means precludes a cybercriminal from
intercepting the codes that you exchange with the holder of your accounts.
Wherever you can, sign up for MFA to protect your online accounts.
Watch Out for Phishing. Scammers will use a phishing technique
to harvest personal information that they can use to impersonate you, including
your passwords. Phishing attempts can come through email, text messages
(smishing), phone calls, (vishing), or QR code (quishing). Typically, you will receive an email or text
with an urgent message that claims it needs your immediate attention. It will
lead you to a link to go to a website where the scammer will harvest your
personal information or download malware that can harvest the information on
your device.
When you receive an email or text, inspect the email of the sender
to make sure it is authentic and that any URL’s are authentic before you click
on them. Another thing to do is not to click on the link and use an URL for the
organization that you have looked up outside of the email or text. Be suspicious
of any emails or texts that are designed to get you emotional and urge you to
act quickly. Also, be wary or emails or texts that appear to be from someone
you know. Instead of replying to the email/text, call or email them separately.
Update your Software. Updating your software on your devices (PC, smartphone, tablet
computer, modem, router, etc.) is important to help fix bugs in your software
and to patch security weaknesses in your software. Software designers often
update the software that you use to fix bugs that they find after the software
has been released to users. They also release “improvements” to their software
to make it run more efficiently or easier to use by its users (this can be a contentious
issue whether an improvement really improves the operation). Finally, and very
importantly, software developers send out security patches to close security
weaknesses that they have found in the software code. They may find the
weakness on their own, or it may be pointed out to them by other software
engineers, or they may find out that cybercriminals have been using a backdoor
that they have found and are exploiting for their own purposes.
Updating your devices can be very easy. Go into settings and
select the choice to receive updates automatically. While you can check
manually for updates, or you can be notified when an update is available, automatically
updating is the easiest and best action to take for most of us.
A word of warning. Scammers take advantage of our understanding
that we should update our devices. They can use update notifications to fool
you into clicking a link. A full screen window telling you to update is a scam.
National Cybersecurity Alliance:
https://www.staysafeonline.org/events/core-4-webinars
