In today’s technology-driven world, Cybersecurity Awareness Month serves as an important reminder of the proactive steps we can all take to safeguard ourselves, our families, and our businesses from online threats.
This year’s theme, Secure Our World, underscores the idea that staying safe online doesn’t have to be complex—and the measures we take both at work and at home make a big difference. By focusing on just four simple actions, you can greatly enhance your digital security and protect what matters most.
Let’s dive into these top four ways to protect yourself online:
Use Strong Passwords and a Password Manager
We’ve all heard the advice: use strong passwords. But how many of us truly follow it? The reality is that weak or reused passwords remain one of the most significant vulnerabilities in online security. A strong password should be unique, long, and hard to guess—no “123456” or “password” here!
As the National Cybersecurity Alliance suggests, passwords should be long, unique, and complex.
-
Long—passwords should be at least 12 characters long—and even longer, if possible
-
Unique—Never reuse passwords or even use similar ones across accounts; it’s critical that each separate account is protected by a unique password that is not iterative (sequential characters, numbers across passwords) in nature
-
Complex—Each password should be a combination of upper case, lower case, numbers and special characters—but ideally not meaningless, random strings of characters
Password managers can be a lifesaver, especially when juggling dozens of logins. By securely storing your passwords, they allow you to create strong, unique passwords for each account without needing to remember them all. This not only strengthens your security but also saves you from the hassle of resetting passwords constantly.
Password managers save time, usually work across all devices and operating systems, notify you of potential phishing sites, and alert you when a password has become compromised.
Turn On Multifactor Authentication (MFA)
Multifactor authentication (MFA) adds an extra layer of protection by requiring more than one distinct identity factor for authentication.
Identity factors can include:
-
Something you know—usually a password or secret that you share with the party authenticating you
-
Something you have—usually a mobile phone or a USB authentication key
-
Something you are or that is inherent to you—biometric factors like fingerprints or temporary factors your current location are most common here
While an attacker may be able to get ahold of a password, they’re less likely to be able to get ahold of both a password and your mobile phone, or a password and your fingerprint.
Think of MFA as a double lock on your front door. It’s quick to set up and can dramatically reduce the likelihood of your accounts being compromised.
Recognize and Report Phishing
Phishing attacks—fraudulent emails or messages that appear legitimate but aim to steal sensitive information—are among the most common online threats.
They often trick people into clicking on malicious links or providing login credentials, revealing sensitive information such as passwords, credit card numbers, or personal information. This is usually done by masquerading as a trustworthy entity, often through seemingly legitimate emails, websites, or messages.
Phishing attacks prey on human psychology, relying on emotions like fear, urgency, or curiosity to manipulate recipients into taking actions that compromise their security.
The key to staying safe is to scrutinize email and message, especially if they ask for—or deliver you to an page or app that asks for—personal or financial information. If something seems off, don’t engage—report it to your IT team or service provider.
The National Cybersecurity Alliance offers these tips to spot a phishing attempt:
-
Does it contain an offer that’s too good to be true?
-
Does it include language that’s urgent, alarming, or threatening?
-
Is it poorly crafted writing riddled with misspellings and bad grammar?
-
Is the greeting ambiguous or very generic?
-
Does it include requests to send personal information?
-
Does it stress an urgency to click on an unfamiliar hyperlinks or attachment?
-
Is it a strange, abrupt, or unsolicited business request or interaction?
-
Does the sender’s e-mail address match the company it’s coming from? Look for little misspellings like pavpal.com or anazon.com
If any of these are true, suspect phishing and scrutinize email more closely—or consult with a member of your information security team—before taking action.
Keep Your Software Updated
Put simply, outdated software generally has vulnerabilities that cybercriminals routinely exploit. Software updates exist in part to address these vulnerabilities as they are discovered.
Many a user has bemoaned the frequency of software updates while waiting for one to complete—but this frequency of updates speaks to how many vulnerabilities are discovered and quickly addressed.
Unforunately, because updates can be inconvenient, introduce change, or even just be difficult to remember to perform on manually-updated systems, updates are often left until will after their initial release, or in some cases not performed at all.
Avoid these kinds of delays, because of stats like these:
-
A fifth of network vulnerabilities are due to unpatched applications
-
Breaches through IT vulnerability exploitation almost tripled during 2023, with 14% of all breaches resulting from vulnerability exploits
The good news is that most updates take only a few minutes, and you can often schedule them for when you’re not using your device. Regularly updating your operating system, apps, and antivirus software is a simple but critical way to keep hackers at bay.
Use Cybersecurity Awareness Month as Year-Round Inspiration
Cybersecurity doesn’t have to be overwhelming or costly, and this year’s themes are simpleyet fundamental to staying safe in today’s digital world.
By implementing and staying focused on them throughout the year, you can make a significant impact on your security posture, protecting yourself and those around you from online threats. ■