Held each October, Cybersecurity Awareness Month is a collaboration between the Cybersecurity & Infrastructure Agency (CISA), National Cybersecurity Alliance (NCA), and the private sector aimed at empowering everyone to protect their personal or company’s data from cyber criminals. This year marks the 20th Cybersecurity Awareness Month, and the momentum and effort to expand the information has grown each year. At CrossFirst Bank, we participate annually through various activities such as guest speakers, email communications, and internal interactive trivia games. This year, we are focusing on four key behaviors. These behaviors are simple to implement and provide a strong foundation for cybersecurity defense for both individuals and businesses.
- Creating Strong Passwords and Using a Password Manager
- Enabling (and using) Multifactor Authentication (MFA)
- Updating Your Software
- Recognizing and Reporting Phishing (or Smishing or Vishing)
Below, we provide valuable insight into each of these areas and some helpful tips to guide you toward becoming more cyber-secure.
Creating Strong Passwords & Password Managers
Did you know, the average person has more than 100 passwords at any given time? In many cases, 99 or 100 of those passwords are the same. Avoid this common pitfall in order to protect your online accounts and personal data, or your company’s data and network—it’s an absolute must! The key to remembering all your passwords is to implement password manager software instead. There are several advantages to using password manager software, but a few of the primary ones are:
- Generate long, complex passwords – Let the software come up with a random combination of letters, numbers, and characters and save it to its secure database. When you need it, unlock the software to find the correct password for the account you are logging in to, then lock it back up when you’re done.
- Identify weak passwords – These applications will usually notify you when your password is weak and can easily be guessed or cracked. This helps you prioritize the accounts that need attention to better secure your digital life. In many cases, the software will detect usernames and passwords found on the dark web as part of breaches and alert you to take prompt action.
- Convenience – These applications can be used across multiple platforms such as computers and mobile devices, as well as multiple internet browsers such as Google Chrome, Microsoft Edge, Safari, and more. You will have access to your passwords when you need them. In addition, you can auto-fill login boxes with credentials for the site or application you are using, saving time and making the login process more efficient.
Enabling Multifactor Authentication (MFA)
Passwords are the frontline gatekeepers of your online world. Multifactor authentication provides a second layer of defense, doubling the fortification of your accounts. In a recent study by the NCA, 57% of respondents had heard of MFA, but did not realize just how important MFA is to enhance the protection of their online accounts. MFA can be a combination of three main elements:
- Something you know – A password or answers to security questions
- Something you have – An ID badge, or your phone to receive a code via app or text
- Something you are – Biometrics such as fingerprint, face identification, or voice recognition
The most popular forms of MFA are text message or an authenticator app, such as Google Authenticator, Microsoft Authenticator, or Duo Mobile. There should be no question about setting up MFA on accounts that contain sensitive information such as healthcare information, financial accounts, and online stores where your credit card information is stored. Most websites offer MFA, and some require it, and it should be simple to setup. MFA isn’t perfect, and there are ways hackers can get past it (i.e., MFA Fatigue) but it is a big step in the right direction toward better securing your online life.
Updating Your Software
One very easy way to bolster your security on devices is to keep your software updated. Any device connecting to the internet is vulnerable to threats and risks. These three easy steps will help you stay up-to-date on the latest security patches and updates to keep your devices more secure:
- Check for notifications – Devices such as computers and mobile devices, as well as the applications installed on them, will usually provide a notification or alert when a newer version of the software is available. It’s also a good idea to check manually on occasion. It’s important to install all updates for operating systems, web browsers, and antivirus/antimalware software.
- Install updates as soon as possible – When updates become available, especially critical updates, install them as soon as possible. The bad guys are likely already aware of the vulnerabilities in the software and are working to compromise the system. The sooner you implement the fix, the better!
- Turn on automatic updates – When automatic updates are enabled, the updates are installed once they become available. It’s the easiest way to stay updated – set it and forget it! Just remember, if you get a prompt to restart to install updates, don’t wait. Most updates require a device reboot to fully install the updates.
Recognizing and Reporting Phishing
One of the most common problems for individuals and businesses of all sizes is phishing. It has become increasingly difficult to detect with the rise of Generative AI tools that assist a fraudster with crafting emails designed to trick people and prey on human emotions. There are various attack vectors, whether it’s phishing (email), smishing (SMS phishing, or text message), or vishing (voice phishing, or phone call). Here are some tips to help identify these types of attacks. Remember to always Think Before You Click!
- Recognize red flags – Is the email suggesting urgency or using alarming language to pique your interest? Is it requesting financial information, private personal information, or for you to login to a site to verify information? Inspect the sender information to confirm it makes sense – is it from a random email address you do not recognize?
- Report the message – If you suspect a phishing attempt at work, make sure you understand your company’s procedures for reporting the message. This may be a button to report it to security teams or simply forwarding it to an email address. If it’s your personal email, most consumer email platforms provide options to report spam and phishing messages.
- Delete the message – when in doubt, delete the message. If there may be some legitimacy to it, look up known contact information for the company or individual and call to confirm. In almost every case, you will not receive an email request to provide sensitive information.
Take time this month to educate yourself on cybersecurity best practices and incorporate the best practices into your normal routines so that your online presence is better protected all year long. Click here to read additional tips and the latest scams from CrossFirst Bank.