For over 18 years, the President and Congress have declared October to be Cybersecurity Awareness month, "helping individuals protect themselves online as threats to technology and confidential data become more commonplace." This has been a forward-thinking initiative as cyber-threats have become one of the nation's top security risks, affecting both American businesses and individual consumers. This year's theme, "See Yourself in Cyber," is meant to appeal to the general public in an effort to inform individuals that cybersecurity is about making "smart decisions whether on the job, at home or at school – now and in the future". A recent LinkedIn post by Jamil Farshchi, EVP and Chief Information Security Officer at Equifax, stated there are two guarantees in Cybersecurity: one, we will always face risks, and two, we can solve anything together. Cybersecurity isn't just the responsibility of big industry; it's everyone’s responsibility to do their part to prevent cyberattacks. This month, we share four critical actions your account holders can take and how they can see themselves in cyber. Check out the other resources provided by the Cybersecurity and Infrastructure Security Agency to help you and your account holders "See Yourself In Cyber."
If You Do Anything This Month, Let It Be These Four Things
It's October, and while it can be a frightening month for some, you have nothing to fear! This month, we are going to share the four things you should do right now to protect your digital self. Why? Because it's Cybersecurity Awareness Month! It's time to remind ourselves that cybersecurity isn't just the responsibility of large companies with massive amounts of customer data, it's also our responsibility - mine, yours, and all of ours. In all situations it's critical to be aware of and attempt to prevent cyber threats. It sounds daunting, but it really doesn't have to be.
This year, the Cybersecurity and Infrastructure Security Agency (CISA) is calling for the general public to "See Yourself in Cyber." The mission is to help individuals protect themselves online as threats to technology and confidential data become more commonplace. The theme "See Yourself in Cyber" demonstrates that while cybersecurity may seem like a complex subject, ultimately, it’s really all about people. This October, we are working together to make smart decisions on the job, at home, and at school to become more cyber-aware. The best part is that instead of rolling out a lengthy to-do list, CISA is asking that we focus on four key steps to do our part this month. Share these objectives with your family, friends, and community to become part of the solution during Cybersecurity Awareness Month.
Four steps you can take to see yourself in cyber.
Step 1: Enable Multi-Factor Authentication (MFA)
Multifactor authentication is login process to make it more difficult for an unauthorized person to access your accounts. It requires two or more independent credentials, such as something you know, a password, and something you have, your mobile phone. Before a login is complete, a code is sent to your mobile device and requires you to input the code, thus proving you have access to the registered device. MFA has other variations and is one of the top ways that financial institutions, companies, and security experts provide consumers with the ability to protect their information online, which would require hackers to not only steal your password, but also your phone, or to gain access to another account, such as email, to break through your cybersecurity walls. This additional layer of security makes it exponentially more difficult for the bad guys to access your personal information and accounts. Using MFA is a simple step that can keep you from becoming the next victim. MFA is generally available to protect financial accounts, email accounts, and social accounts but is often optional, so if you don't use MFA, check to see if it is available and be sure to enable it!
Step 2: Use Strong Passwords
Passwords are quite literally the key to your personal information. It is the safeguard to your online profiles and the often highly sensitive information that you provide in order to engage with online businesses. The problem is that criminals are intent on discovering your passwords, even using sophisticated technology to try to "crack" the code. The best way to ensure your account is difficult to crack is to have a complex password (i.e. upper and lower case letters, numbers, and symbols) that does not include things like your name, your date of birth, or the word "password." It is shocking how frequently these easily guessable words are included. The average American consumer has over 100 web services that require a password. Typically, this means they are using the same passwords over and over, across a myriad of platforms. If there is a breach of a single vendor website and your password becomes known to the criminal black market, it can be used to try to hack into your other accounts. Having a unique password that is full of seemingly random letters, numbers, and symbols is the best way to ensure hackers can't get into your accounts using data they can easily find on the internet. Further, changing and updating your passwords on a more frequent basis can help ensure your accounts remain secure. Check out this article from the Federal Trade Commission to better understand the importance of strong and diverse passwords. As explained above, in addition to a password make sure you have Multi-Factor Authentication enabled on your online accounts whenever available.
Step 3: Recognize and Report Phishing
It can be hard to tell if you are the victim of a phishing scam until it's too late. Many companies are providing training to their employees to help mitigate this type of attack in the corporate world, and those same tips apply to your personal accounts. In this article, the Federal Trade Commission offers some examples of the types of emails and text messages that you should look at with a critical eye before taking any action, including:
Messages that say they’ve noticed suspicious activity or log-in attempts on your online accounts
An email claims that there’s a problem with your account or your payment information
A message that says you must confirm personal information
Any message that includes a fake invoice or other document
A request to click on a link to make a payment
Messages that say you’re eligible to register for a government refund
While these messages can be legitimate, it's important to stop and look at them critically first. Further, the United States Cybersecurity and Infrastructure Security Agency has stepped up their ability to track down these types of scams. The Anti-Phishing Work Group has been created to report suspicious messages. They also have great resources to help businesses and consumers identify scams such as these.
Step 4: Use Biometric and Passwords to Protect your Devices and Keep your Software Up to Date
Computers, tablets, and phones can open the door to large amounts of personal information including our online activities, credentials for logins, and banking and financial information. Unfortunately, it's this information that can make us vulnerable to attacks. Imagine using MFA to protect your accounts, only to lose your phone - leaving just a single password between a thief and your email, apps, and personal photos and files. If you set up facial or fingerprint recognition on your device, or you require a password to open your phone you have put another obstacle in between you and a fraudster intent on doing you harm. In addition, make sure you frequently update software on your phone, tablets, and computer to help keep your personal data secure. Thieves don't rest. They are constantly looking for new and more successful ways to steal your information. In order to keep up, software providers must push out frequent updates to thwart criminal activity. Allowing software to automatically update or enabling reminder notifications will help you maintain the most up-to-date software, protecting your devices and your identity!
“See Yourself in Cyber” is a challenge to look inward to examine your safety in the cyber world, no matter where you fit. It’s important to take basic steps to protect yourself online. As an individual, check your passwords, ensure you have enabled MFA where available, keep your software up to date, and be on the lookout for phishing scams. If you own a business, put cybersecurity measures in place to protect yourself and your employees as well as your clients and customers. For those who operate critical infrastructure, learn how your role impacts others and what you can do to protect those you serve. And if you are interested in exploring a new career field, the future holds a massive demand for workers with technical skills to solve existing and upcoming cybersecurity issues. Look into where your interests might overlap with this ever-expanding opportunity.
As always, if you feel that your personal information has fallen into the hands of a thief, call us immediately to speak to one of our Identity Theft Recovery Advocates. Quickly recognizing and addressing the issue will minimize damage to your accounts and your identity. As an <EMBEDDED ACCOUNT> holder, you have 24/7 access to specialists who can answer your questions, address your concerns, and help you get back on track as quickly as possible.
Social Media Content
Use the social posts below during the month of October to educate your account holders about cybersecurity awareness. This might prevent one of your valued clients from falling victim to asset loss and identity theft, and in the process limit losses to your institution.
Post #1: October is #CyberSecurityAwarenessMonth. This month we ask you to take four simple actions to protect your devices and your personal information. Check out our article (include link to article) and start protecting yourself today! #SeeYourselfInCyber #YourProtectionPartner
Post #2: Did you know that regularly updating the software on your devices isn’t just about bug fixes, but also enhances your devices’ security to protect your personal information? Get in the habit of checking for updates to devices and apps, and while you’re at it, make sure you have MFA enabled and your passwords aren’t easy to crack! #CybersecurityAwarenessMonth #SeeYourselfInCyber #YourProtection Partner
Post #3: Do you know how to recognize and report phishing scams? Sometimes a text or email that claims to have detected suspicious activity on your account is actually the suspicious activity itself. Never click on email links to make payments unless it’s a link you’ve specifically requested. Check out this article (include link to article) for this and other tips to keep your cyber self safe! #CybersecurityAwarenessMonth #SeeYourselfInCyber #YourProtection Partner