As a cybersecurity professional, Cybersecurity Awareness Month is an opportunity for me to reach out and remind people of the things that everyone can do to protect themselves from being a victim of cybercrime.
October will be the 19th observance of Cybersecurity Awareness Month, which was created thanks to a partnership between the National Cyber Security Alliance and the Cybersecurity & Infrastructure Security Agency. Instead of having a weekly theme, the focus for the month will be on four key behaviors to protect yourself while online. These behaviors are:
>> Enabling multifactor authentication.
>> Using strong passwords and a password manager.
>> Updating software.
>> Recognizing and reporting phishing.
Enabling multifactor authentication, or MFA, is a great way to protect your accounts. An example of MFA is the text with a one-time code or a code shown in an application like Google authenticator that you enter when logging into a website. This extra step increases security by adding a second authentication method that is something you have (a specific device that generates a code for you) to something you know (a password). If an attacker manages to get your password, this extra step still makes it difficult to access your account.
Everyone should use strong and unique passwords for every site, but how can we do this when we access dozens of websites? The answer is a password manager. This software can remember your passwords and assign unique, random passwords for every site. The best thing is that you only need to remember one strong password to use the software, and it does the rest.
Vulnerabilities are weaknesses or flaws in software that attackers can take advantage of to take control of a system or access sensitive or financial data. When manufacturers find these flaws, they send out software updates to fix them. Updating software is critical to protect anything connected to the internet, including phones, computers, routers, smart devices and more.
The final critical behavior is recognizing and reporting phishing attempts. Phishing emails remain one of the primary ways attackers gain access to networks. There are many articles written about how to identify suspicious emails, but in addition to identifying them, reporting them to your security team or email provider is equally important. Reporting them allows your security team to improve the detection of malicious emails and also to find similar emails that may have tricked other users. By reporting these emails, you may be saving others from falling victim.
In October, detailed information will be available on the National Cyber Security Alliance website (staysafe online.org), the Cybersecurity & Infrastructure Security Agency website (cisa.gov), and by following the hashtag #BeCyberSmart on your favorite social media platform.
———
Mike Kober is the senior manager of security service operations at Hawaiian Telcom. Reach him at mike.kober@hawaiiantel.com.