City of Bryan a Champion of Cybersecurity Awareness Month 2023
Cybersecurity Awareness Facts and Tips
Week 1: Always enable multi-factor authentication
Also known as two-factor authentication and two-step verification. No matter what you call it, multi-factor authentication, or MFA, is a security measure that requires anyone logging into an account to navigate a two-step process to prove their identity. It makes it twice as hard for criminals to access an online account. When it’s available, always turn it on because it’s easy to do and greatly increases your security.
How does MFA work?
By adding one more simple step when logging into an account, multi-factor authentication greatly increases the security of your account. Here’s how it works. Just like logging into your account, the first step is giving your password or passphrase. The second step is to provide an extra way of proving that you’re you, like entering a PIN code or texting/emailing a code to your mobile device, or accessing an authenticator app.
MFA can include
- An extra PIN (personal identification number)
- The answer to an extra security question like, “What’s your favorite pet’s name?”
- An additional code either emailed to an account or texted to a mobile number
- A biometric identifier like facial recognition or a fingerprint
- A unique number generated by an “Authenticator App”
- A secure token, which is a separate piece of hardware (like a key fob that holds information) that verifies a person’s identity with a database or system
What types of accounts offer MFA?
Not every account offers MFA, but it’s becoming more popular every day. It’s seen on many accounts that usually hold either valuable financial or personal information like banks, financial institutions, online stores, or social media platforms. Any place online that is storing your personal information (especially financial information), or any account that can be compromised and used to trick or defraud someone else should be protected with MFA. So, basically everything. Simply put, use MFA everywhere!
Week 2: Passwords are the keys to your digital castle
Just like your housekeys, you want to do everything you can to keep your passwords safe.
Passwords can be made ironclad with additional authentication methods, such as multi-factor authentication (MFA).
Creating, storing and remembering passwords can be a pain for all of us online, but the truth is that passwords are your first line of defense against cybercriminals and data breaches. Also, it has never been easier to maintain your passwords with free, simple-to-use password managers. With a few moments of forethought today, you can stay safe online for years to come.
Long, unique, complex
No matter what accounts they protect, all passwords should be created with these three guiding principles in mind:
- Long: Every one of your passwords should be at least 12 characters long.
- Unique: Each account needs to be protected with its own unique password. Never reuse passwords. This way, if one of your accounts is compromised, your other accounts remain secured. We’re talking really unique, not just changing one character or adding a “2” at the end – to really trick up hackers, none of your passwords should look alike.
- Complex: Each unique password should be a combination of upper case letters, lower case letters, numbers and special characters (like >,!?). Again, remember each password should be at least 12 characters long. Some websites and apps will even let you include spaces.
How often do I change my password?
If your password is long, unique and complex, our recommendation is that you don’t need to ever change it unless you become aware that an unauthorized person is accessing that account, or the password was compromised in a data breach.
This recommendation is backed up by the latest guidance from the National Institute of Standards and Technology. For many years, cybersecurity experts told us to change our passwords every few months. However, this constant change isn’t helpful if your passwords are each long, unique and complex. In fact, if you change your passwords often, you risk reusing old passwords or falling into bad habits of creating similar or weak passwords.
But remembering passwords is so hard!
You probably have a lot of online accounts. And because all your passwords should be unique, that means you have a lot of passwords. But the fact remains that using long, unique and complex passwords remains the best way to keep all of your digital accounts safe. There are many free and easy-to-use tools out today that makes managing your library of unique passwords a snap.
Today, the truth is that you don’t have to remember your passwords. If you use the latest tools, you don’t need to rack your brain at every login screen. You just need to remember the one password that unlocks your password manager vault.
Don’t pass on password managers
As our lives expand while we do more online, we’ve gone from having just a couple of passwords to today, where we might manage upwards of 100 or more. If you’re like most people, you’re probably using the same password for most of your accounts—and that’s not safe. If your one password gets stolen because of a breach, it can be used it to gain access to all your accounts and your sensitive information. But no need to fret, password managers are easy to use and make a big difference.
We’ve all probably used one password to secure multiple, maybe even all, of our digital accounts. But that’s not safe, and it becomes even more unsafe as time goes on. If your one password gets stolen because of a breach, it becomes a skeleton key for your whole cyber life. This compromised password can be used it to gain access to all your accounts and your sensitive information.
Here’s where password managers really shine. Password managers are pieces of software that often take the form of apps, browser plugins or they might be included automatically in your browser or computer operating system. With a few clicks, you can generate new, secure passwords that long, unique and complex. These passwords manager automatically store your passwords and can autofill them when you arrive at the site.
Password managers literally take a few minutes to download and get started with.
You can fill in all your passwords at once, or just add a few passwords for your key accounts (email, banking and social media, for example) and add more over time. Many times, when you log into a site, your password manager will ask if you want to store the password – click yes, and, boom, another account is secured. And to keep your password manager extra safe, secure it with multi-factor authentication (MFA).
It’s safe to ditch the notebook
A password manager is like a combined security guard and butler who tags along as you surf the web, safely carrying your passwords like a ring of keys.
A password manager is best the way to create and maintain strong passwords for the every-increasing number of online accounts we log into. These programs store your usernames and passwords in a secure, encrypted database. When you need a new password, you can get a hyperstrong suggestion that is automatically stored in the password manager.
A password manager frees you from keeping a confusing notebook of passwords in a drawer, or a messy sticky note with all of your most important passwords stuck on your computer. Now you only need to remember the single password that unlocks your password manager vault.
Password manager advantages
Password managers not only let you manage hundreds of unique passwords for your online accounts, but some of the services also offer other advantages:
- Saves time
- Works across all your devices and operating systems
- Protects your identity
- Notify you of potential phishing websites
- Alerts you when a password has potentially become compromised
Understanding password managers
We learned in our Oh Behave! Survey that even though password managers are the best way to keep your information safe, Americans have many misconceptions about them. About 65% of Americans don’t trust password managers!
Why is this? There are a couple of reasons, but many are afraid that storing all their passwords in one place means they are at risk if a hacker breaches your vault.
This line of thinking, however, is misguided. Password managers today are safer than ever before, and they are much safer than using a physical notebook, storing passwords in a Notes app or reusing passwords that are easy to remember.
Compare your options and look for a quality password management system – you have a lot of choices! Here is why a password manager is the best for keeping your passwords safe:
- Encryption: Quality password managers encrypt all of the passwords stored on them, no matter whether the passwords are stored on your device or on the company’s servers. This means that your passwords would be basically impossible to decode if a hacker tried to breach your password manager. The only access to your passwords on a password manager is with a password only you know.
- Multi-Factor Authentication: Because your password vault on a password manager is so valuable, the best password managers require multi-factor authentication for you to log in. This means that anyone trying to view your passwords from unfamiliar device will need to log in multiple ways. This can include a facial ID, fingerprint scan, inputting a code you get in an SMS text message or approving the log-in attempt on a separate app. This builds another wall around your passwords, so you know they are kept extra-secure.
- Zero Knowledge: As the name suggests, zero knowledge means a password manager does not know what your password is – the company does not store the keys needed to decrypt the main password that unlocks your vault. This means that your main password is never kept on the system’s servers. You are the only one who knows it, so you should make it strong and protect it with MFA.
Password manager options
There are many different free or paid password managers available for personal or business use. Some examples include:
- Keeper
- Bitwarden
- 1Password
- NordPass
- Dashlane
- LastPass
Week 3: One of the easiest ways to keep your information secure is to keep your software and apps updated
Update often
Always keep your software updated when updates become available and don’t delay. These updates fix general software problems and provide new security patches where criminals might get in. You can be sure the bad guys are always looking for new ways to get to your data through software, so updating your software is an easy way to stay a step ahead.
Get it from the source
When downloading a software update, only get it from the company that created it. Never use a hacked, pirated or unlicensed versions of software (even if your friend gave it to you). These ; these often contain malware and cause more problems than they solve.
Make it automatic
Software from legitimate companies usually provide an option to update your software automatically. When there’s an update available, it gives a reminder so you can easily start the process. If you can’t automatically update it, remind yourself to check quarterly if an update is available.
Watch for fakes
Maybe you’ve seen these pop-up windows when visiting a website or opening software that urgently asks you to download something or fill out a form? These are always fake and should not be followed. A browser will only warn you not to move forward or stay on a specific web address because it might not be secured or it could contain malware.
Week 4: Cybercriminals like to go phishing, but you don’t have to take the bait
Phishing is when criminals use fake emails, social media posts or direct messages with the goal of luring you to click on a bad link or download a malicious attachment. If you click on a phishing link or file, you can hand over your personal information to the cybercriminals. A phishing scheme can also install malware onto your device.
No need to fear your inbox, though. Fortunately, it’s easy to avoid a scam email, but only once you know what to look for. With some knowledge, you can outsmart the phishers every day.
See it so you don’t click it
The signs can be subtle, but once you recognize a phishing attempt you can avoid falling for it. Before clicking any links or downloading attachments, take a few seconds (like literally 4 seconds) and ensure the email looks legit. Here are some quick tips on how to clearly spot a phishing email:
- Does it contain an offer that’s too good to be true?
- Does it include language that’s urgent, alarming, or threatening?
- Is it poorly crafted writing riddled with misspellings and bad grammar?
- Is the greeting ambiguous or very generic?
- Does it include requests to send personal information?
- Does it stress an urgency to click on an unfamiliar hyperlinks or attachment?
- Is it a strange or abrupt business request?
- Does the sender’s e-mail address match the company it’s coming from? Look for little misspellings like pavpal.com or anazon.com.
Uh oh! I see a phishing email. What do I do?
Don’t worry, you’ve already done the hard part, which is recognizing that an email is fake and part of a criminal’s phishing expedition.
If you’re at the office and the email came to your work email address, report it to your IT manager or security officer as quickly as possible.
If the email came to your personal email address, don’t do what it says. Do not click on any links – even the unsubscribe link – or reply back to the email. Just use that delete button. Remember, DON’T CLICK ON LINKS, JUST DELETE.
You can take your protection a step further and block the sending address from your email program.
Here’s how to:
- Block a sender on Outlook.
- Block a sender on Gmail.
- Block a sender on Mac Mail.
- Block a sender on Yahoo! Mail
Report phishing
Some email platforms let you report phishing attempts. If you suspect an email is phishing for your information, it’s best to report it quickly. If the phishing message came to your work email, let your IT department know about the situation ASAP.
Here’s how to:
- Report a phish on Outlook.
- Report a phish on Gmail.
- Report a phish on Mac Mail.
For the eighth straight year the City of Bryan is proud to announce its participation as a Champion of Cybersecurity Awareness Month for 2023. We join an ever expanding global effort among businesses, government agencies, colleges and universities, associations, nonprofit organizations and individuals to promote the awareness of online safety and privacy.
A multi-layered and far-reaching campaign held annually in October, Cybersecurity Awareness Month was created as a collaborative effort between government and industry to ensure all digital citizens have the resources needed to stay safer and more secure online while also protecting their personal information. As an official Champion, the City of Bryan recognizes its commitment to cybersecurity, online safety and privacy.
Since its original inception under leadership from the U.S. Department of Homeland Security and the National Cyber Security Alliance (NCSA), Cybersecurity Awareness Month has grown exponentially, reaching consumers, small and medium-sized businesses, corporations, educational institutions and young people everywhere. Now in its eighteenth year, it continues to build momentum and impact co-led by NCSA and the Cybersecurity and Infrastructure Agency (CISA).
Local Awareness
As digital citizens, we have the responsibility to stay safe and secure online while protecting our personal information. It is important to know the ins and outs of online security and be aware of potential threats, particularly threats using coronavirus lures to steal personal and financial information. Seven to 10 percent of the U.S population are victims of identity fraud each year, and now more than ever, it is crucial to be careful and alert.
For more information about Cybersecurity Awareness Month 2023, the Champion program and how to participate in a wide variety of activities, visit staysafeonline.org.
About NCSA
NCSA is the nation’s leading nonprofit, public-private partnership promoting cybersecurity and privacy education and awareness. NCSA works with a broad array of stakeholders in government, industry and civil society. NCSA’s primary partners are DHS and NCSA’s Board of Directors, which includes representatives from ADP; Aetna; AT&T Services Inc.; Bank of America; CDK Global, LLC; Cisco; Comcast Corporation; ESET North America; Facebook; Google; Intel Corporation; Logical Operations; Marriott International; Mastercard; Microsoft Corporation; Mimecast; NXP Semiconductors; Raytheon; RSA, the Security Division of EMC; Salesforce; Symantec Corporation; TeleSign; Visa and Wells Fargo. NCSA’s core efforts include Cyber Security Awareness Month (October); Data Privacy Day (Jan. 28); STOP. THINK. CONNECT™; and CyberSecure My Business™, which offers webinars, web resources and workshops to help businesses be resistant to and resilient from cyberattacks. For more information on NCSA, please visit staysafeonline.org/about-us.