October, as you already know it, is cybersecurity awareness month. Yes! October isn’t just a breast cancer awareness month, it is also a cybersecurity awareness month. This is the time
we sensitize people on how to use the internet responsibly and stay safe too. As the month rounds up, it is important to remember that it is possible to stay safe online all year around and not just in October.
It is recommend that individuals follow the four steps that have been approved and vetted by the Certified Information Systems Auditor (CISA) to ensure their safety online. CISA is the authority in charge of critical infrastructure security in the US, so if they say you can stay safe online through these four steps then it is definitely true.
Have a strong password management system in place.
Having a strong password means keeping a strong password ethic when creating new passwords for your online account and using a password manager. Let us dive a little deeper into this step.
1.1- Creating Strong Passwords
- Length matters.
The longer your password, the harder it is to crack. Always aim for 12 characters and nothing less. Know that choosing fewer characters compromises your account and digital security.
- Complexity is key.
Endeavour to use a mix of uppercase and lowercase letters, numbers, and special characters like !, @, #, or %.
- Avoid personal information.
Don’t use easily guessable information like your name, birthdate, name of school, name of pet or best friend. Your password should not contain words that can be traced back to you.
- Unique for each account.
Ensure that you never reuse the same password across multiple accounts. Each account should have its unique password as much as possible.
Consider using passphrases when you run out of passwords. A passphrase is a sequence of random words put together to form another sentence. It doesn’t have to make sense to anyone just you! Passphrases can be both strong and easier to remember even strong when numbers and special characters are included.
1.2- Password Management
- Use a password manager.
A password manager is a secure tool that stores and manages your passwords. It takes on the burden of remembering all your passwords. It can also generate strong, unique passwords for each account you create.
- Master password.
Your password manager will have a master password. You must ensure this master password is extremely strong and memorable, as it’s the key to your entire password vault. As such, something as valuable as this should not be taken lightly. You can also follow the instructions in step 1.1 to create a strong MASTER PASSWORD.
- Auto-Login and Auto-Fill.
Another advantage of having a password manager is that password managers can automatically enter your credentials on websites, making logging in fast and secure.
- Secure backup.
Many password managers offer secure backup and recovery options to ensure you don’t lose access to your passwords. The chance of losing access to your passwords is 0.01%
Turn on your multi-factor authentication (MFA).
MFA is a security feature that adds a layer of protection to your accounts by requiring multiple forms of verification before granting access. There are currently three forms of verification. There is something you know (password), something you are (fingerprint) and something you have (an SMS notification). A combination of any 2 or all 3 forms of verification gives you an MFA. Here’s what you need to know about enabling an MFA.
2.1- Using MFA
- MFA is essential because it significantly enhances the security of your online accounts and strengthens your digital security. Even if someone gets hold of your password, they won’t be able to access your account without the secondary authentication factor.
2.2- Enable MFA on the following accounts
The process of enabling MFA can vary depending on the platform or service you’re using. Here are the steps to enable MFA on some common platforms.
- Email accounts.
For email services like Gmail, Outlook or Yahoo, first go to your account settings, find the security or privacy section, and turn on the MFA feature.
- Social media.
For social media platforms like Facebook, Twitter, Instagram, LinkedIn and Whatsapp, first access the security settings in your profile. Then locate the security and sign options tab and turn on your MFA or Two-Factor Authentication (2FA) options. Lastly, attentively follow the setup instructions to set up an MFA for your social media account.
- Financial and Shopping sites or apps.
Many financial institutions like banking apps and online shopping sites like Jumia offer MFA for added security. Check their security settings or contact their customer support for guidance on enabling MFA.
Update your software.
This is a critical aspect of maintaining the security of your computer and applications. Here’s everything I know about updating software.
3.1- Software updates patches vulnerabilities
- Software updates often include patches for known vulnerabilities. Vulnerabilities are the loopholes used by online attackers to hack your online accounts or phones. These loopholes can evolve and become sophisticated over time. The only way to deal with these loopholes (vulnerabilities) is to consistently update your phone or computer’s OS to patch these loopholes (vulnerabilities). Ignoring that software update of your phone’s OS or that of our computer will put your phone, computer and all your other sensitive information stored on your devices at risk.
3.2- Best practices for Software updates
Set up a schedule for checking and installing updates. Don’t wait for your phone or computer to prompt you. Proactiveness and consistency are key to maintaining security.
Before major updates, especially operating system updates, it’s advisable to back up your data to avoid data loss in case of unforeseen issues. You can never tell, can you?
- Verify Authenticity
Ensure that you’re downloading updates from official and verified sources. Avoid downloading software from unverified websites or just anywhere, you could be downloading a virus disguised as an update.
Identifying and reporting phishing emails is crucial for protecting your personal information and digital security.
Here’s everything you need to know about recognizing and reporting phishing emails.
4.1- Identifying Phishing Emails.
- Check the sender’s mail address.
Examine the sender’s email address carefully. Phishers often use email addresses that appear similar to legitimate sources but may have slight variations or misspellings.
- Look for generic greetings.
Phishing emails often use generic salutations like “Dear Customer” or “Dear User” instead of addressing you by name.
- Beware of urgent language.
Phishing emails often create a sense of urgency, pushing you to take immediate action. This may include warnings of account closures or security breaches.
- Check for spelling and grammar errors.
Many phishing emails contain spelling and grammatical mistakes, which are a sign of an unprofessional source.
- Examine links and URLs.
Hover over links in the email without clicking to see the actual URL. Look for inconsistencies, misspellings, or odd characters that indicate a malicious site.
4.2- Report Phishing Emails.
- Do not respond.
Do not engage with the phishing email in any way, including clicking on links or replying to the sender.
- Forward the email.
Forward the suspicious email to your email service provider’s abuse or security team; in this case, which will be UGCS.
- Educate yourself and others.
Share your experience with friends and family to raise awareness about phishing scams and the importance of reporting them. It is worth noting that these steps are the basic steps to staying safe. It is important to stay updated on emerging security trends. You can sign up for technology newsletters that write on cybersecurity tips and emerging news. Bloomberg technology is a very good option you can consider. Sign up here: https://link.mail.bloombergbusiness.com/click/33218345.8457/aHR0cHM6Ly93d3cuYmxvb21iZXJnLmNvbS9hY2NvdW50L25ld3NsZXR0ZXJz/62824947ecd7073c41065f49B1b02d5de.
You can also sign up for my blog on Medium. I share cybersecurity tips and cybersecurity career tips too. Sign up here – https://medium.com/@theresaaasiedugyamfi
Article by : Theresa Asiedu Gyamfi | univers.ug.edu.gh