CYBERSECURITY- Keeping It Simple

More and more people are aware of the need to use good cybersecurity practices. However, the National Cybersecurity Alliance (NCA) has found that,

·         46% of people say trying to stay secure online is frustrating.

·         44% say security is intimidating.

·         40% say information on how to be secure is confusing.

While cybercrime and cybersecurity can be highly technical and complex, a few basic practices can keep us secure. The NCA has developed four basic practices, they call the “Core Four,” that include using long, strong passwords and a password manager, turning on Multifactor Authentication (MFA also known as 2FA), keeping your software updated, and recognizing and reporting scams and phishing techniques.

Strong Passwords. While there is talk among cybersecurity professionals of migrating security away from passwords, we still need passwords when we open most online accounts. As computing power has improved over the years cybercriminals have improved their ability to crack passwords quickly to take over other people’s accounts. The current guidance for passwords is that they should be

·         Long, at least 16 characters or more.

·         Complex, including upper and lower case, numbers, and special characters.

·         Unique, use a different password for each of your accounts.

You might have many accounts with passwords and keeping track of them is hard since memorizing each one is impossible. The best way to keep track is to use a password manager (or vault) to securely store all of your strong passwords. Password managers are encrypted to protect your passwords from view of strangers. They also can generate strong passwords for you and often have the capability to fill in your passwords for you when you go into your accounts.

One final thing on passwords. Change the password to any account that has been breached or that you suspect may have been breached.

Multifactor Authentication. When you use a password to enter your account, you are using something that you know to enter your account. By using a second factor, the holders of your account can be assured that you are you, not someone who has stolen your password. Second factors can be something you have, like your cell phone, or they can be something you are, like your fingerprint or your face.

Using MFA improves the security of your accounts. While strong passwords can help to protect your accounts from strangers entering them, they do have some weaknesses. Scammers can acquire your passwords through phishing emails or text messages and cybercriminals can acquire your passwords through data breaches or they can purchase them from other cybercriminals. Using MFA provides a second security layer making it more difficult for a cybercriminal to enter your accounts.

MFA can be used through a text message, a phone call, or email. The most secure method to use MFA is with an authenticator app such as Microsoft Authenticator or Google Authenticator. Authenticator apps communicate with the service holding your account via a secure means precludes a cybercriminal from intercepting the codes that you exchange with the holder of your accounts.

Wherever you can, sign up for MFA to protect your online accounts.

Watch Out for Phishing. Scammers will use a phishing technique to harvest personal information that they can use to impersonate you, including your passwords. Phishing attempts can come through email, text messages (smishing), phone calls, (vishing), or QR code (quishing).  Typically, you will receive an email or text with an urgent message that claims it needs your immediate attention. It will lead you to a link to go to a website where the scammer will harvest your personal information or download malware that can harvest the information on your device.

When you receive an email or text, inspect the email of the sender to make sure it is authentic and that any URL’s are authentic before you click on them. Another thing to do is not to click on the link and use an URL for the organization that you have looked up outside of the email or text. Be suspicious of any emails or texts that are designed to get you emotional and urge you to act quickly. Also, be wary or emails or texts that appear to be from someone you know. Instead of replying to the email/text, call or email them separately.

Update your Software. Updating your software on your devices (PC, smartphone, tablet computer, modem, router, etc.) is important to help fix bugs in your software and to patch security weaknesses in your software. Software designers often update the software that you use to fix bugs that they find after the software has been released to users. They also release “improvements” to their software to make it run more efficiently or easier to use by its users (this can be a contentious issue whether an improvement really improves the operation). Finally, and very importantly, software developers send out security patches to close security weaknesses that they have found in the software code. They may find the weakness on their own, or it may be pointed out to them by other software engineers, or they may find out that cybercriminals have been using a backdoor that they have found and are exploiting for their own purposes.

Updating your devices can be very easy. Go into settings and select the choice to receive updates automatically. While you can check manually for updates, or you can be notified when an update is available, automatically updating is the easiest and best action to take for most of us.

A word of warning. Scammers take advantage of our understanding that we should update our devices. They can use update notifications to fool you into clicking a link. A full screen window telling you to update is a scam.

 

 

National Cybersecurity Alliance:

https://www.staysafeonline.org/events/core-4-webinars