October is Cybersecurity Awareness Month

It is National Cybersecurity Awareness Month. This year the theme is “Own IT. Secure IT. Protect IT.” Learn 5 ways we can all take collective responsibility and protect ourselves.

National Cybersecurity Awareness Month

Own IT. Secure IT. Protect IT.

National Cybersecurity Awareness Month (NCSAM) started in October 2004, and from 2009 until 2018, the theme was “Our Shared Responsibility”. This means ensuring security is a collective responsibility between corporations, governments, and citizens. This year the theme is “Own IT. Secure IT. Protect IT.” Below are 5 ways we can all take collective responsibility and protect ourselves.

Password vs. PassPhrase

Sites like useapassphrase.com demonstrate the value of longer passwords versus short complex ones.  A password like “Wave1234%” can be cracked in about 1 minute, but “wave ocean sun%” will take 18 centuries to crack! In fact, using a longer password in the form of a passphrase with the required uppercase and lowercase letters, numbers and punctuation makes it more secure and easier to remember.

Use Different Passwords

Do yourself a favor and don’t repeat the same password across applications or store them in your Notes app. How can you have a different password for the hundreds of applications and sites you use? Password managers such as LastPass and 1Password are examples of a better solution. To login to the manager, the user will choose one master password. When logging into applications, your device or the program’s browser extension will supply the specific username and password. For extra security, the manager will generate long and complex passwords.

2 Locks are Better than 1

You may have heard the terms, “Two-Factor Authentication”, “Two-Step Verification” or “Multi-Factor Authentication”. At its basic level, this is an additional password in the form of a code generated through a text message, an application, or a physical device in your possession. In addition to your password phrase, you have this second layer of protection to prove your identity. Sites such as G Suite for Education, Microsoft Office 365, Facebook, Twitter, and Instagram have this capability. For more information, visit https://twofactorauth.org.

Compromised?

If you suspect foul play, visit these sites to learn about security breaches:

Have I Been Pwned – https://haveibeenpwned.com/
Firefox Monitor – https://monitor.firefox.com/

You can also use these sites to monitor and protect yourself from future incidents. If your email or password are listed, change your password on the affected site(s) and anywhere else you may have used it.

Don’t Get Hooked by a Phishing Attempt

Phishing is generally an attempt through email to get you to click on an attachment or a link to gain access to your device or login credentials. This could also be attempted through social media, texting, or even a phone call. Take Google’s phishing quiz/tutorial and click through the Show Me prompts to learn what to look for. In case of any phishing-like attempt, notify your technical support team so that they can notify others and help protect you.

More Resources

Here are some additional NCSAM resources
National Initiative for Cybersecurity Careers and Studies and Homeland Security
NCSAM 2019 Toolkit