October 2023 marks the 20th annual observation of Cybersecurity Awareness Month, an annual declaration from the U.S. Congress and the White House intended to remind individuals and business owners of the importance of cyber security. The month exists to acknowledge that all of us can, and should, do more to stay safe online and to protect our businesses and communities from cyber attacks.
There are two sad but true realities about Cybersecurity Awareness Month. First, if you worry about cyber security, your are not alone. Second, if you take some time to protect yourself, you are in the minority. Norton reported in 2021 that 53% of the people it surveyed did not know how to protect themselves from cyber crime, even though 58% were worried about becoming a victim.
Thinking about cyber security is good, but doing something about it is even better. To help you get Cyber Security Awareness Month started in the right direction, here are 5 very simple things you can do right now, if you have not already, to improve your cyber security.
#1 Enable two-factor authentication on a single account. Despite its incredible effectiveness in blocking attacks and preventing phishing attacks, two-factor or multi-factor authentication use remains spotty, with only 13% of employees at small businesses required to use it, according to Zippia.
If you are among the 1.8 billion Gmail users, you know that two-factor authentication is mandatory, and that is generally unobtrusive and simple to use. Nearly every online service offers some form of two-factor authentication. Pledge to activate at least one of them before the end of October. If you have two-factor authentication on some logins, such as banking apps, but not others, pledge to turn on at least one more during the month. You will gain a very significant boost in your cyber security in exchange for a few seconds of your time. Ultimately, any time you spend responding to two-factor requests will be far less than the time you could spend worrying about your online safety.
#2 Cancel one service you no longer use. Did you sign up for a newsletter you no longer read, or subscribe to a game you no longer play? Most people have a few recurring subscriptions nibbling at their bank account balances each month, even though they never use the service. Is it really worth ending that $1 monthly charge that gives access to the gym?
The answer is yes. Not only do those charges siphon money you could put to better use, they also expose you to cyber risks. Cyber security professionals often discuss the “threat surface,” which is the number of possible routes an attacker can take to gain access to data or passwords. Good cyber security practices limit the threat surface by eliminating any unnecessary logins or access points to accounts.
Older, forgotten subscriptions and logins are ripe for attack because you may not notice activity coming from them or perceive it as a threat. It only takes a few minutes to cancel a subscription and reduce the size of your threat surface.
#3 Change one password. Your password has been stolen. This is not a hypothetical statement. Nearly every password has been stolen and now circulates on the Dark Web. This is another reason to strongly consider two-factor authentication.
You might think that a criminal gets your password, tries to log in once with it, then throws it away if it does not work. In some cases this is true, but in others, that password gets attached to a profile of you that criminals build from information stolen or scraped from a variety of sources. This is the same kind of profile that companies like Alphabet and Meta build from the data you share with them, but without your authorization and with criminal activity in mind.
There are two types of people who tend to attract this kind of criminal attention. The first group knows that they are targets, because they have access to significant online systems or large amounts of money or data. The second group has no idea that they are vulnerable, because they are soft targets.
Soft targets never change passwords, use the same password in multiple places and rarely activate security features like two-factor authentication. It is very easy for criminals to find soft targets. When they harvest a database of new information, they compare logins and passwords to what they already have. If they see the same passwords again and again associated with the same email address, they know they have a soft target.
Changing a password makes you a harder target. For many people, that can be enough to reduce criminal interest and attention.
#4 Uninstall one app. Is your phone clogged with icons from apps you no longer use? Uninstall one and reduce a bit of digital clutter. For added security, delete your account from that unused app before you uninstall it, which will help to reduce your threat surface.
As a cyber security awareness bonus, think of this when you uninstall that app: Every time you open an account or download an app, you are trusting the cyber security of the company that provides that app or service. Ask yourself if they appear to take security seriously. Ask yourself what happens to your security, and your data, if that company stops supporting the app or goes out of business. If you think about these things while you delete an unwanted app, there is a good chance you will think about them the next time you download an app.
#5 Update one piece of software. Whether its your browser, your smart phone’s operating system or a plugin on your website, make a point to check for updates and update one thing. If it’s been some time since you updated, you may notice two things: First, you have a lot of updates pending. Second, updates happen in seconds with almost no fuss.
A common theme runs across these five Cyber Security Awareness Month tips: Each is a simple step that will take no more than a few minutes of time and make you more secure online. The hope is that if you do this once, you will see how easy it is and repeat the process until everything is secured, updated or deleted. Remember that every small step you take contributes to stronger overall security.
If you think your personal cyber security awareness needs a boost, consider our Online CSI Protection Certification program. Through a series of videos presented by our Head Trainer Robert Siciliano, you will learn how to recognize and stop cyber attacks, as well as how to approach online interactions with security in mind. You can complete the course at your own pace, and you will retain access to the videos for review whenever you need it, and gain access to additional cyber security support resources. Try our free course on email safety to experience the program for yourself.