October is CyberSecurity Awareness Month
October is CyberSecurity Awareness Month – 4 main tips to be CyberSmart!
Its #CyberSecurityAwarenessMonth. A 4-minute read on four key behaviours that are very easy to implement to protect your data.
Everyone has a right to a safe internet, so let's remember to #BeCyberSmart!
TIP 1: ALWAYS ENABLE MULTI-FACTOR AUTHENTICATION
Multi-factor authentication aka MFA is a security measure that requires anyone logging into an account to navigate a two-step process to prove their identity.
It makes it twice as hard for criminals to access an online account. When it's available, always turn it on because it's easy to do and greatly increases your security.
So, how does MFA work?
By adding one more simple step when logging into an account, MFA greatly increases the security of your account. Here's how it works.
1. Log into your account and type in your password.
2. Provide an extra way of proving that you're you, like entering a PIN code or texting/emailing a code to your mobile device or accessing an authenticator app.
MFA can include:
- An extra PIN.
- The answer to an extra security question like "What's your favourite pet's name?"
- An additional code either emailed to an account or texted to a cell number.
- A biometric identifier like facial recognition or a fingerprint.
- A unique number generated by an "Authenticator App".
By combining two or three factors from the above a MFA is crafted.
What type of accounts offer MFA?
It's seen on many accounts that usually hold either valuable financial or personal information like banks, online stores or social media platforms.
Any place online that is storing your personal information (especially financial information) or any account that can be compromised and used to trick or defraud someone else should be protected with MFA. So, basically everything!
Simply put, use MFA everywhere!
TIP 2: YOU NEED TO DO UPDATES OFTEN!
One of the easiest ways to keep your information secure is to keep your software and apps updated.
Always keep your software updated when updates become available and don't delay.
These updates fix general software problems and provide new security patches where criminals might get in.
You can be sure the bad guys are always looking for new ways to get to your data through software, so updating your software is an easy way to stay a step ahead.
There are 3 key principles to this….
1. Get it from the source
When downloading a software update, only get it from the company that created it. Never use a hacked, pirated or unlicensed version of software (even if your friend gave it to you). These often contain malware and cause more problems than they solve.
2. Make it automatic
Software from legitimate companies usually provide an option to update your software automatically. When there's an update available, it gives a reminder so you can easily start the process. If you can't automatically update it, remind yourself to check quarterly if an update is available.
3. Watch for fakes!
Maybe you've seen these pop-up windows when visiting a website or opening software that urgently asks you to download something or fill out a form? These are always fake and should not be followed. A browser will only warn you not to move forward or stay on a specific web address because it might not be secure or it could contain malware.
Remember, do updates often to keep your data safe!!!!
TIP 3: CYBERCRIMINALS LIKE TO GO PHISHING BUT YOU DON'T HAVE TO TAKE THE BAIT!
Phishing is when criminals use fake emails, social media posts or direct messages with the goal of luring you to click on a bad link or download a malicious attachment. If you click on a phishing link or file, you can hand over your personal information to the cybercriminals. A phishing scheme can also install malware onto your device.
No need to fear though! Fortunately, it's easy to avoid a scam email, but only once you know what to look for. With some knowledge, you can outsmart the phishers every day.
???? it but don't click on it!
The signs can be subtle, but once you recognize a phishing attempt you can avoid falling for it. Before clicking any links or downloading attachments, take a few seconds (like literally 4 seconds) and ensure the email looks legit.
Here are some quick tips on how to clearly spot a phishing email:
- Does it contain an offer that's too good to be true?
- Does it include language that's urgent, alarming or threatening?
- Is it poorly written, riddled with misspellings and bad grammar?
- Is the greeting ambiguous or very generic?
- Does it include requests to send personal information?
- Does it stress an urgency to click on an unfamiliar hyperlink or attachment?
- Is it a strange or abrupt business request?
- Does the sender's email address match the company it's coming from?
Uh oh! I see a phishing email. What do I do now?
Don't worry, you've already done the hard part, which is recognizing that an email is fake and part of a criminal's phishing expedition.
If you're at the office and the email came through to your work email address then report it to your IT manager or security officer as quickly as possible.
They will more than likely then tell you to block the sender on Outlook - here's how it's done:
- Right-click a message from the sender you want to block and then click Junk > Block Sender.
- The blocked person can still send you mail, but if anything from his or her email address makes it to your email account, it's immediately moved to the Junk Email folder. Future messages from this sender will go straight to your Junk Email folder.
You can also report phishing to Outlook:
- In the message list, select the message or messages you want to report.
- Above the reading pane, select Junk > Phishing > Report to report the message sender.
Note: When you mark a message as phishing, it reports the sender but doesn't block them from sending you messages in the future. To block the sender, you need to add them to your blocked sender's list.
If the email came to your personal email address e.g. your gmail account, don't do what it says. Do not click on any links - even the unsubscribe link - or reply back to the email. Just hit that DELETE button.
Remember, DON'T CLICK ON LINKS, JUST DELETE.
You can also take a further protection step and block the sending address from your gmail inbox.
It's very easy to do:
- Open up the email.
- To the right hand side of the mail there are 3 dots.
- Click on this and then scroll down to "Block xxx" and block.
TIP 4: #PASSWORD ARE THE KEYS TO YOUR DIGITAL CASTLE
Just like your house keys, you want to do everything you can to keep your passwords safe.
Passwords can be made ironclad with additional authentication methods e.g. multifactor authentication, #MFA.
Creating, storing and remembering passwords can be a pain for all of us online but the truth is that passwords are your first line of defense against cybercriminals and data breaches.
Also, it has never been easier to maintain your passwords with free, simple-to-use password managers. Some tips on passwords....
LONG, UNIQUE, COMPLEX
No matter what accounts they protect, all passwords should be created with these three guiding principles in mind:
- Long - Every one of your passwords should be at least 12 characters long.
- Unique - Each account needs to be protected with its own unique password. Never reuse passwords. This way, if one of your accounts is compromised, your other accounts remain secured. We're talking really unique, not just changing one character or adding a "2" at the end - to really trick hackers, none of your passwords should look alike.
- Complex - Each unique password should be a combination of upper and lower case letters, numbers and special characters (like >,!?).
Some websites and apps will even let you include spaces.
HOW OFTEN DO I NEED TO CHANGE MY PASSWORD?
If your password is long, unique and complex, our recommendation is that you don't need to ever change it unless you become aware that an unauthorized person is accessing that account, or the password was compromised in a data breach.
BUT REMEMBERING ALL MY PASSWORDS IS SO HARD!?
You probably have a lot of online accounts. And because all your passwords should be unique, that means you have a lot of passwords. But the fact remains that using long, unique and complex passwords remains the best way to keep all of your digital accounts safe. There are many free and easy-to-use tools out today that makes managing your library of unique passwords a snap.
If you use the latest tools, you don't need to rack your brain at every login screen. You just need to remember the one password that unlocks your password manager vault.
If you're like most people, you're probably using the same password for most of your accounts-and that's not safe! If your one password gets stolen because of a breach, it can be used it to gain access to all your accounts and your sensitive information.
#Passwordmanagers are easy to use and make a big difference! We definitely recommend them!