The campaign may last for a month, but we should remember that cybersecurity is a year-round affair.
The month of October is associated with a variety of themes, but it also ushers in the start of autumn and pumpkin-spiced lattes and culminates with one of the scariest days of the year – Halloween. However, beyond the uptick in Starbucks stock prices and the sale of costumes, October is marked as Cybersecurity Awareness Month in the United States and European Cybersecurity Month on “the old continent”.
While the average person may think that they have a fairly decent grasp on cybersecurity with properly developed habits and impeccable cyber-hygiene practices, the reality is that we don’t have to look far for proof of the opposite – the annual roundups of most common passwords paint a rather ghastly picture; just take a look at the worst passwords of 2020, for example.
Additionally, the world has never been more connected when it comes to tech and the number of new digital technologies will just increase over the years; that’s why cybersecurity (and being cyber-smart) matters. By committing to these campaigns, countries are helping foster proper cybersecurity habits in their citizens and so help them protect their valuable data and become more responsible netizens.
After all, better cybersecurity is a collective responsibility, and by adopting proper cyber-hygiene practices, both in our work and personal lives, we are making sure that cybercriminals have fewer entry points into devices, thus shrinking the threat landscape.
The risks of underestimating cybersecurity
If you’re skeptical about how that works, here are a few examples for illustration. If you don’t adopt these habits as part of your personal life and, for example, keep on recycling passwords, in the worst case scenario, a bad actor will gain access to your personal data and could potentially commit identity theft, clean out your accounts, damage your reputation and credit, and that is just the tip of the iceberg. The immediate impact is on you and probably your loved ones.
Moving on to the professional side of things, having lax cybersecurity habits in a work environment can be detrimental to thousands of people. That goes double for people who are part of critical infrastructure. The Colonial Pipeline attack particularly stands out in recent memory; one pilfered password allowed bad actors to get a foothold in the system and shut it down with ransomware. In another case, a hacker attempted to poison the water supply in a city in Florida. And let’s not forget about all the healthcare facilities that were hit by ransomware and couldn’t provide patients with proper treatment.
Most of these incidents could have been averted if proper cybersecurity measures had been implemented and people had been cyber-smart.
How to #BeCyberSmart
So how do you start taking cybersecurity seriously and be cyber-smart? Well, as clichéd as it may sound, one of the best things you can do is getting the basics right.
That means when it comes to passwords, you should definitely opt for a strong passphrase rather than a simple password you can easily memorize, and you should always do your best to avoid the cardinal sins of password creation. If you’re the type of person who has dozens upon dozens of passwords, you’d probably do well to use a password manager, which will simplify the whole task of creating and memorizing passwords to remembering just one.
Once you have your passwords locked down like Fort Knox, you should consider adding an extra layer of security by using multifactor authentication, which can take on various forms from code-generating apps to hardware keys and biometrics.
Securing your devices is another thing you should never underestimate; therefore, always keep them clean, up-to-date by applying all patches in a timely manner, and use a reputable security solution that will protect you against most threats you might encounter.
And while technology can take you far, don’t forget to keep your wits about you. That means that you should approach everything you see online, be it on social media or in your email, with a healthy dose of skepticism. So be wary of clicking on any links or following any offers that seem even remotely off-kilter.
Keep in mind that while these campaigns run just for the duration of this month, cybersecurity awareness is a year-round affair. You should never let your guard down, and make sure to keep applying your cybersecurity knowledge to all online interactions. And now that you’ve got the basics down, you have bigger phish to fry. So, stay tuned for the second week of October where we take a closer look at how you can “phight the phish”. Also, be sure to learn more about the campaign and check out its weekly themes on StaySafeOnline.org.
written by Amer Owaida, ESET We Live Security