
Overview:
October is Cybersecurity Awareness Month. Here are some important tips and reminders to keep you safe while using technology on all your devices.
Key Points:Blog Post: Cyber Security Awareness Month – Tips and Reminders:
Since October is Cyber Security Awareness Month, we thought a few tips and common reminders would be helpful. We also wanted to highlight some of the recent breaches and what they remind us about security.
In the news (Q3 notable breaches):
You may have heard of one or more of these breaches listed below. The number and frequency of breaches do not seem to be slowing. We have included hints and tips if you were affected by these breaches.
Here are some of the companies affected by security breaches so far in Q3 2023:
MGM
What we learned – Remember to train your helpdesk teams how to vet users in a secure way.
Caesars
What we learned – This was basically due to a phishing email, so stay alert for phishing emails.
Tips:
- What should you do? If you have an account at/with any of these companies, you should change your password if you have not already. You should strengthen it and not just make it similar with a different number, character, or symbol. Completely change the password and make it at least 16 characters long using letters in both upper-case and lower-case, a number, and special character(s) if allowed by that website/application.
- Not sure if your password for these or any other site has been breached? Use this site to check:
- https://haveibeenpwned.com/
- Check your email(s)
- Not sure how to make an easy to remember, but hard-to-guess password – see the reminder below.
Password Security Reminders:
- Best security practices suggest you have 16 characters long, including a mix of uppercase letters, lowercase letters, numbers, and special characters.
- Best to not just use dictionary words, but first letters of a phrase – so they are not dictionary words – so perhaps pick a favorite song and use the first letters of each word – so “somewhere over the rainbow skies are blue” becomes “Sotrsab” to use as part of your password. You could then use another phrase from a different source like a book: “It was the best of times, it was the worst of times” This becomes “iwtbotiwtwot” It would be easy to remember, but harder to guess.
- Then add some numbers and special characters: So now you have “Sotr57sab!iwtbotiwtwot” and now you have a very long, very strong password that is easy to remember. Please don’t use this exact one – since this is a post – many people will have seen it, including perhaps some attackers. So use your own song/book/poem, etc.
- Remember, don’t share that password with anyone. Don’t write it down on a sticky note under your keyboard or laptop, don’t send passwords in email – as email is not secure, same with Instant messaging, and other similar messaging apps.
- Want an easier solution, if you don’t want to remember all of these passwords, you can use a password manager application. Then, you only have to remember one long and strong password to get into that application. It then fills in your different passwords for each application. If you are picking a password manager password – it should be 20 characters or more.
Security Best Practices for:
- Surfing the Web
- Reading and Responding to:
- Emails
- Texts
- Instant Messages
Remember that the bad guys want you to click on links or open attachments – that is how they “phish” you. If the email/text/instant message seems odd – don’t click on the link, don’t open the attachment. If it says it is from your “bank”, “Amazon”, “UPS”, “IRS”, “FBI”, “USPS”, etc. – don’t click on those – these are common “phishing” scams – wanting you to worry or be curious and then open them. Others will simply send you a text or instant message that simple says:
- Check this out: {vague but malicious link here}
- Did you see this? {vague but malicious link here}
- Shipping confirmation required: {vague but malicious link here}
- Account will be locked, confirm information here: {vague or malicious link here}
Instead – if you are expecting something from Amazon, just login to your normal Amazon account like you normally would. (Don’t use the link in the email/text/IM.) Best to bookmark your main locations, like your bank, amazon, etc. so you know they are the correct links. If it says it is from a bank or credit card company, you can always call the number on your bill or the back of your credit card.
Privacy Awareness Reminder:
There has been a lot of activity on the privacy side of the house as well. As you surf the web, be sure you look at privacy statements. Read the details, determine where your data is going, and more importantly, understand what data will be captured and how it will be used. Also ensure you are looking at cookie settings. Pick the ones that you want. Don’t just accept all or go with the default. It’s your data, be deliberate!