A study by the National Cybersecurity Alliance (NCA) found that nearly half of people felt frustrated while attempting to stay secure online. This statistic demonstrates the importance of cybersecurity awareness. The good news is, October marks the start of National Cybersecurity Awareness Month (NCAM), and with the campaign underway, we can look toward actionable steps to help individuals and organizations alike feel empowered to protect their data online.
Launched in 2004, the NCAM campaign is an annual collaborative effort by the Cybersecurity and Infrastructure Security Agency (CISA) and the NCA to raise cybersecurity awareness and ensure everyone has adequate resources to stay safe and secure online.
This year’s NCAM theme is Secure Our World, highlighting the growing importance of cybersecurity in our daily lives and encouraging individuals and businesses to take essential cybersecurity steps to stay safe online. BARR joins the initiative again as an official NCAM champion, reiterating our commitment to building a more secure world through cybersecurity education and advocacy.
The 2023 NCAM campaign focuses on four easy steps to stay safe online, including:
- Using strong passwords and a password manager
- Turning on multi-factor authentication (MFA)
- Recognizing and reporting phishing attacks
- Updating your software
Let’s dive deeper into these topics with expert advice from Associate Consultant Devin Olsen, who explains how you can secure our world by taking an active role in online security.
Use Strong Passwords and a Password Manager
“These days, people are managing tens, even hundreds, of online accounts, and it can be tempting to use the same password repeatedly,” said Olsen. “However, that’s not safe practice. It’s important to use a unique password for each account. Otherwise, you’re at risk of compromising a lot of data. Weak or repetitive passwords make you vulnerable to hackers looking for that one password that can access all your sensitive information.”
But how can you remember a unique password for every single account? Olsen added, “That’s where password managers come in. A password manager is software created to store your online credentials in an encrypted database. Password managers make it so you don’t have to memorize each unique password. Instead, you only need to remember one—the password for your password manager.”
The NCAM campaign also recommends creating:
- Long passwords containing at least 16 characters
- Unique passwords that you don’t repeat
- Complex passwords that include upper- and lowercase letters, numbers, special characters, and spaces
Turn on Multi-factor Authentication (MFA)
“MFA is used for accounts that hold valuable information,” said Olsen. “You may see MFA used within accounts like email, online stores, or social media—typically anywhere that holds personal information. It’s a security measure that asks you to take an additional step when logging into your account. This second step proves your identity and can prevent hackers from breaching your account.”
“For example, if you have MFA set up for your Gmail account, you can expect to log in with your username and password and then enter a code sent to your phone. Using MFA is quick and easy—codes are typically sent and processed immediately, so you don’t have to wait around to access your information,” said Olsen.
MFA can also include:
- An authenticator application
- A security key
- Biometrics like fingerprint and facial recognition
Recognize and Report Phishing Attacks
“Phishing is when cybercriminals use a fake email to lure you into providing personal information or installing malware on your device. When at work, it’s important to report phishing emails to your IT department or security officer right away,” said Olsen, adding, “If you experience phishing on a personal device, the best practice is to not click on any links and delete it immediately.”
To recognize phishing emails, the NCAM campaign recommends looking out for these red flags:
- Includes an urgent tone—e.g., Click this link immediately, or your account will be closed.
- Spelling and grammar mistakes
- Requests to send personal information
- The sender’s email address doesn’t match the organization it’s coming—e.g., amazon.com vs. amaz0n.com
- An email you weren’t expecting
Update Software Automatically and Frequently
“Software updates not only fix general issues but also provide security patches for vulnerabilities. A good practice is to set automatic updates often. Regularly scheduled automatic updates will take away the stress of having to schedule manually, and it places you a step ahead of bad actors who are looking for ways to reach your data,” said Olsen.
“It’s also important to download software updates directly from the source and be aware of fake software updates that ask you to download something or enter your information into a form in an urgent manner. Unlicensed software or fake pop-up windows could lead to malware and other security problems.”
Staying safe online can be easy, and awareness is the first step—that’s why participating in the Secure Our World initiative is crucial. There are many free resources online that provide additional guidance, so keep an eye out for more information from NCA, CISA, and BARR that provide cybersecurity advice and best practices.
You can also follow and use the hashtag #CybersecurityAwarenessMonth and #SecureOurWorld on social media throughout the month.
BARR is here to help your organization secure your data through cybersecurity awareness. Contact us for a free consultation with a security and compliance expert.