Cybersecurity Awareness Month

In 2004, the US Government declared October as Cybersecurity Awareness Month to help individuals protect themselves online as threats to technology and confidential data became more common. A national campaign is lead by the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA). This year’s theme is “See Yourself in Cyber”, focusing on each individual’s part in maintaining data security. For individuals and families, this means taking action to maintain basic cyber hygiene such as updating software on devices, utilizing strong unique passwords for each account, and enabling multifactor authentication on every account that offers it and remembering to “think before you click” on links received via email.

As a personal note, I agree that maintaining basic cyber hygiene is crucial to keeping devices secure; however, I also believe it is important to understand why each of these tasks is effective. Understanding why, means learning about how cybercriminals work to compromise your security.

Cybercriminals: Hackers vs. Scammers

There are cybercriminals who focus on hacking and cybercriminals who focus on scamming. Both types of cybercriminals typically work 24-7 to accomplish their goals. Hackers are skilled coders who spend their time scanning through device software looking for potential weaknesses that they can exploit. When they find weaknesses in the software, they develop malware or viruses that exploit those weaknesses to gain access to devices. Alternatively, scammers are those who focus on the exploiting the people who use the devices. They develop phishing emails and fake login websites that look almost identical to legitimate websites, to trick people into providing their login credentials. Using those login credentials, they can access those people’s accounts.

Significance of Updating Software

When hackers successfully find a way to hack into software and computers, it is typically through a weakness they have find in the software. When the security teams are alerted of the weakness that is being exploited by hackers, they issue a security patch, which patches up the weakness in the software. These security patches are included in software updates that are sent to the devices. Therefore, it is crucial to update your device software to maintain the device security.

Many devices offer an “Automatic Software Update” option in the settings. For example, on iPhones, the automatic iOS updates can be turned on in the iPhone Settings. When the setting is enabled, the iPhone will download the iOS update as soon as it is available and send a notification advising that the updates are ready. Then, the installation of the iOS update will occur overnight, but only if the iPhone is charging and connected to Wi-Fi. Enabling the automatic software update option is an efficient way of keeping your devices up to date.

Significance of Strong Passwords

Scammers send phishing emails to try and lure people into providing their login credentials; however, they have other methods of gaining access to user accounts as well. Many people use personal information in their passwords, such as birthday, children’s names, pet’s names, and even favorite sports teams. When finds a scammer finds a target with personal information as a password, they could use a basic Google search to find out personal information and guess the person’s password. Therefore, utilizing a strong password is crucial.

A strong password consists of at least one upper- and lower-case letter, number, and special character, however, a strong password may not be sufficient if the same strong password was used for multiple accounts. If a scammer were to find someone's strong password, the scammer would be able to gain access to each account that utilizes that same password. Thus, a unique password for every account is also essential to maintaining account security. It may be exhausting to have to come up with new, strong passwords for every account, but if you value your account security, it is necessary.

Multifactor Authentication

While strong unique passwords are essential and very helpful in preventing scammers from accessing accounts, multifactor authentication adds a second layer of security. Examples of Multifactor Authentication are biometric scanning (i.e., fingerprint, face scan, eye scan, etc.), would require the scammer to have a copy of your fingerprint. Another multifactor authentication method is entering a code that is provided through another method, such as texted to your phone, sent via email or recited during a phone call, and even sent to a second device or application, etc. These types of multifactor authentication would require the scammer to physically have your cell phone to receive the text message or open the security app or would need access to your email account to obtain the code. Therefore, if for some reason an account password is compromised, the user has the second layer of security protecting their account from the scammer. Not all accounts offer multifactor authentication, but when they do, it is a good idea to enable that extra level of security.

“Think Before you Click”

Many scammers who send phishing emails are skilled at building websites. They are capable of building a fake website that looks almost identical to a real website. Many phishing emails include a link to change your password or update your account settings. When people click the link, they are brought to the scammer’s fake website and prompted to enter their account login credentials. If they proceed by entering their username and password, when the click the “Login” button, they will be given a login error message. However, by clicking the “login” button, they are actually sending the login credentials to the scammer. Additionally, some scammers will buy viruses on the “dark web” and by clicking the link in the email or clicking the “login” button on the fake website, or even downloading a file attached to a scammer’s email, will trigger the virus to download onto your computer