This year marks the 20th anniversary of Cybersecurity Awareness Month, where the National Cybersecurity Alliance (NCA) and Cybersecurity and Infrastructure Security Agency (CISA) share ways that people can protect their personal data and learn more about digital security.
The NCA and CISA have recommended four behaviors that can help you stay safe online. In addition, Dr. Loyce Pailen, senior director of the Center of Security Studies at University of Maryland Global Campus (UMGC), shares her advice on how to best implement these behaviors and how to address emerging cyber threats.
1. Create strong passwords
Having a strong password is the first line of defense when it comes to protecting your information online. Unique passwords prevent hackers from easily accessing data, and you should not use the same password for multiple accounts in case one gets hacked.
“Remember that the strength of your password is crucial for your online security,” says Pailen. “Creating strong, unique passwords for each of your accounts is essential to protecting your digital life from hackers.”
To create a strong password, you should make the password at least 12 characters long, and add complexity by using special symbols (!, @, #, $, %) randomly within the password. In addition, common dictionary words, children or dog’s names and easy patterns (1,2,3) should not be used.
2. Enable multi-factor authentication (MFA)
Multi-factor authentication (MFA) is a powerful tool for safeguarding your online accounts and personal information. It reduces the risk of unauthorized access, and many companies now require users to enable multi-factor authentication to best protect data.
“Multi-factor authentication is vital for enhanced security, even though it may be inconvenient,” says Pailen. “It adds a significant layer of security that goes beyond your username and password. Even if your password is stolen, MFA is still a protective layer.”
To make your account even more secure, enable two-factor (2FA) or multi-factor authentication for your accounts. For example, along with your password, you will be asked to enter a code that will be sent to your email, answer a security question, or scan a fingerprint. This adds an extra layer of security, even if someone manages to guess your password.
“Using multi-factor authentication drives me crazy sometimes as I have to keep my cell phone almost glued to my body when I am online,” says Pailen. “However, it is a price that I am willing to pay to keep my systems safe.”
3. Update your software regularly
Technology is ever evolving, and therefore, software needs to be updated to implement the most up-to-date security. Establishing a regular software update routine is crucial to mitigating the risks of someone hacking into your devices.
“The software on our digital devices sometimes has what are called known security vulnerabilities that hackers look for and exploit,” says Pailen. “They use these vulnerabilities to get access to your systems, sometimes to do nefarious activities. If you don’t update, you open yourself to these threats.”
Updating software has been a longstanding issue for individuals and companies due to how sporadic updates can be. Individuals can update software more easily on their personal devices than organizations, who must be concerned about what upgrades might affect other systems.
“Enable automatic updates where possible, monitor notifications from software vendors, and regularly check for updates manually,” says Pailen. “By staying current with software updates, you can maintain a more secure and efficient computing environment. I find that for personal devices, allowing updates to happen overnight is less annoying than during the day when I am using them.”
4. Recognize and report phishing attempts
Hackers continually evolve their methods to make phishing attempts more convincing and successful. With the rise of artificial intelligence (AI), hackers have begun to utilize AI for phishing operations. AI can assist with creating emails that look more authentic, and it is used to target their audience.
“Hackers are improving at phishing attempts because many individuals and companies are not diligent about defending against these threats,” says Pailen. “While we try to stay smart about phishing attempts it is sometimes hard to stay vigilant, educate ourselves and our employees about phishing risks, and implement robust security practices.”
Ways to protect yourself from phishing attempts include using email filtering tools, enabling multi-factor authentication, and regularly updating security software. There are tools for checking out the authenticity of an email before clicking. Being cautious and verifying the legitimacy of emails, especially those requesting sensitive information or actions, is crucial in the fight against phishing attacks and malware.
Reporting a phishing attempt is crucial for both your own security and the security of others who may be targeted. You can also share your knowledge about phishing attempts with others so that they can become aware of phishing attempts.
“Remember that reporting phishing attempts is a responsible and important step in the fight against cybercrime,” says Pailen. “It helps authorities and organizations take action to prevent further attacks and protect potential victims.”
Don't engage the sender when there is a suspected document the details and report it to your email provider. Some organizations can help, such as the Anti-Phishing Working Group (APWG), PhishTank, and the Federal Trade Commission (FTC). If you are in the United States and criminal activity takes place, you can report it to law enforcement.
How to address other cybersecurity threats
Cyber threats constantly evolve with technology, and cybercriminals continue to find new ways to exploit vulnerabilities. Some newer cybersecurity threats include ransomware, where your system is taken over by a cybercriminal looking for profit. Cybercriminals are using AI and machine learning to optimize their attacks. AI can automate phishing and create convincing social engineering messages.
Another area that individuals are concerned about is how working remotely could introduce new opportunities for cybercriminals to exploit unsecured home networks and personal computers.
“Organizations and agencies have additional threats concerning supply chains, cloud computing, and cryptocurrencies,” says Pailen. “So, the bottom line is that we all need to be aware of what’s happening in the threat landscape and be proactive in keeping our systems up to date.”
As new cyber threats continue to emerge, it is important to stay vigilant with your digital security. Keeping up with the news and official sources about threats and protection methods can help you stay up to date on the latest information.
“For the most part, companies focus on network security well. However, individuals need to know how firewalls, backups, and other network tools help mitigate malicious activity and consequences,” says Pailen. “Often, an email is the first place where intruders get unwanted entrance to systems, so be sure to block malicious emails and always think before you click or download something that doesn’t look right.”
Pursue a career in cybersecurity to help protect yourself and others
University of Maryland Global Campus offers undergraduate and graduate degrees and certificates in areas including cybersecurity technology, cybersecurity management and policy, digital forensics & cyber operations, and cyber operations.
The cybersecurity programs at UMGC focus on emerging technologies to ensure that students receive a comprehensive education tailored to the field. UMGC’s programs include concepts that are relevant to the cyber industry and those that align with industry standards and certification.
Furthermore, UMGC’s MARS cyber learning platform gives students hands-on experience with the offensive and defensive tools they need to gain the prerequisite knowledge for a career in cybersecurity. UMGC also has a globally ranked Cyber Competition Team that gives cyber students experience in penetration testing as well as digital forensics and computer network defense.
“UMGC is a great institution for several reasons, and if you are interested in cybersecurity careers, this is the place,” says Pailen. “Students in our programs can acquire knowledge, competencies, and skills that cybersecurity public and private employers need.”
In addition to offering a variety of degrees and certificates, UMGC’s cybersecurity programs can also prepare you for industry-recognized certifications such as the Certified Ethical Hacker (CEH) and Computer Information Systems Security Professional (CISSP), which can help enhance your career.