Cybersecurity Awareness Month: 4 Cybersecurity Behaviors To Adopt
In 2023, cybercrime is expected to cost the world $8 trillion, according to a report by Cybersecurity Ventures. Yes, you read that right.
Cybercrime is a fact of life in our digital world. But there’s still a lot you can do to protect yourself. And it doesn’t have to be complicated. In this article, we’ll cover the National Institute of Standards and Technology’s (NIST’s) four key cybersecurity behaviors:
- Enabling multifactor authentication
- Using strong passwords
- Updating software
- Recognizing and reporting phishing attempts
Enable multifactor authentication
Multifactor authentication (MFA) adds a layer of security to your online accounts. Instead of just relying on a username and password, MFA uses a second form of verification. This might be a fingerprint scan or a one-time code texted to your cellphone. You’ve likely used MFA before, especially if you use services like mobile banking.
While MFA is well worth the extra step, it can be hacked. This sometimes happens when users approve unsolicited requests. (For example, you get an unexpected text message asking if you attempted to log in to your mobile bank account and you click “Yes” to make the message go away.)
Never approve unexpected or unknown access requests. Instead, contact the platform using trusted contact information, like the number on the back of your credit card. Don’t call the contact number or click the link in the message. Hackers fake contacts as part of their scams. And remember to change your password right away.
This brings us to the importance of strong passwords.
Use strong passwords
Passwords are your primary defense, so make them strong. A strong password is:
- Long. Use at least 12 characters.
- Unique. Use a different password for each account.
- Complex. Include uppercase and lowercase letters, numbers and special characters.
Passphrases are one example of passwords that are hard to guess but easy to remember. Instead of “Cats!” use “I_AM_a_c@t_fan!”
While you may have been told to change your passwords often, NIST now says not to change your passwords unless you believe they’ve been compromised. That’s because constantly changing your passwords can lead to reusing or creating weak passwords. Instead of changing your passwords, focus your energy on creating strong passwords that are hard to crack.
Another best practice is to use a password manager. A password manager does what it sounds like; it manages your passwords, so you don’t have to remember them all. If you use a password manager, you only have to remember one master password.
Update your software
Updating your devices’ software regularly ensures you’re running the latest versions. Software updates often include security patches to repair vulnerabilities.
Setting up automatic updates can help ensure your software is always up to date. Just make sure the updates come from verified sources. Never download updates from pop-ups on websites. These could be phishing attempts masquerading as updates.
Software updates may be inconvenient, but they’re an effective tool for defending against cybercrime. Hackers exploit vulnerabilities to access data.
Recognize and report phishing
Phishing is when hackers pose as trustworthy entities to access sensitive information. Phishing can be done through emails, texts, phone calls, social media posts or direct messages.
To recognize phishing, it helps to know the red flags. The National Cybersecurity Alliance says to look for suspicious elements like:
- Unrealistic offers
- Urgent or threatening language
- Bad grammar or misspellings
- Generic greetings
- Requests for personal information
- Unexpected hyperlinks or attachments
- Bizarre business requests
- Inconsistent information (For example, the email address doesn’t match the alleged sender.)
If you receive a suspicious message, don’t respond directly or click on any links or attachments. Instead, look up the number or website for the alleged sender. Then verify the authenticity of the message.
Finally, report suspected phishing emails. If the phishing attempt was sent to your work email, report it to your company’s IT security department. If it was sent to your personal email, report it to the Anti-Phishing Working Group (a partner of the United States Computer Emergency Readiness Team).
Make cyber hygiene a habit
Being vigilant about cybersecurity can go a long way toward protecting you against cybercrime. Good cyber hygiene like setting strong passwords may be inconvenient now, but it can save you a major headache in the future.