It’s Cybersecurity Awareness Month – What You Should Know
October 1st, 2022 – by Eric Lonsinger
October is Cybersecurity awareness month. Now is a great time to take a few minutes and learn how a few easy steps can make a huge difference in your risk profile.
Don’t be fooled by the headlines, most cybersecurity incidents are not high profile data breaches but instead target small businesses and even individuals. Some of the most common (and preventable) attacks in today’s world include:
Phishing attacks are the most common attack used to target small businesses, some estimates cite that 90% of all data breaches are due to them. Phishing is a strategy used by hackers to solicit a user to willingly provide their password through some form of fraudulent communication. Often this comes in the form of an email with a malicious attachment or link that may look legitimate prompting you to login to a fake site. Once the hacker has your password, they can then use it to access your accounts and data.
Malware is another common attack used by hackers which aims to install malicious software on your computer or cell phone. People often think of viruses as loud, blatant software that will crash your device in an instant, this is far from the truth.
The Sophisticated malware of today will more often than not try to run silently in the background either collecting data from your computer, or sitting idle until a hacker decides to use your computer for some nefarious reason such as participating in a Denial of Service attack (where many computers overload a target server and shut it down).
Ransomware on the other hand is an aggressive and obvious attack that has been gaining popularity in recent years.
This attack, like malware and phishing is generally introduced when you unintentionally install software either through visiting a compromised web site or through an email. Once installed, the ransomware will encrypt (lock) the files on your computer and demand you pay the hacker money to unlock them – which there is no guarantee will happen. What is guaranteed is that your files cannot be accessed again without the key that the hacker holds.
Security isn’t something you buy, it’s something you do
What Can You Do to Protect Yourself?
Luckily there are a few simple steps you can take to improve the cybersecurity of your home and your business against these common attacks.
MFA (Multifactor Authentication)
One of the most powerful tools you have at your disposal is Multifactor Authentication. MFA requires you to provide more than just your password and will typically ask for:
- Something you know (like a PIN or password)
- Something you have (like an authenticator app or text message on your phone) and
- Something you are (like a fingerprint or faceID)
Most websites and services you use will support MFA and it’s worth a visit to your account settings to turn it on. Once enabled, even if your password falls into the wrong hands they won’t be able to access your account.
“Password” and “1234” may be easy to remember but they are also easy to guess and today’s powerful hardware can crack these in a matter of seconds. MFA is the gold standard, but you should combine that with strong passwords to be as secure as possible.
What makes a strong password? In a word, complexity. The longer it is, and more types of characters (think numbers, letters, symbols, capitalization etc.) it has, the harder it will be to guess or crack and more often then not a would be hacker will just skip it or give up and move on to easier prey.
You should never re-use passwords for multiple accounts. Ideally every password is a random string of characters and you would use a password manager to keep track (like Roboform, Dashlane or Keepass)
CAREFUL WHERE YOU CLICK
This is a hard one, even the best of us start multitasking and oops, without thinking open that email attachment that smelled of week old seafood. Try to slow down and remind yourself to look at the sender, think about the context and not click on anything until you have really thought about what it is you’re about to open. It is also important to ensure you have some form of endpoint protection (i.e. antivirus) installed as well – even the baked in Windows Defender is decent at detecting and blocking malware, just make sure it is enabled and up to date.
KEEP UP TO DATE
Now this is an easy one, there is a reason software comes with updates – sure it’s nice to get the latest features but security enhancements are also commonly included. Developers are people too and just like people they can’t possibly foresee the future. Software vulnerabilities are found everyday and once made aware application developers usually go back and plug the hole, then issue an update. If you are regularly (or better yet automatically) updating your software then you will benefit from this latest and greatest protection. If not, well you can likely complete this sentence.
It’s time to take cybersecurity seriously, you know what they say? An ounce of prevention is worth a pound of cure.
This content is for informational purposes only and not for the purpose of providing professional, financial, medical or legal advice. You should contact your licensed professional to obtain advice with respect to any particular issue or problem.