Cybersecurity Awareness Month

Laptop and a hand holding a locked smart phone

With October being Cybersecurity Awareness Month, it's a good time to review your cybersecurity awareness. Staying diligent against online threats is crucial as cybercrime continues to increase and bad actors get more creative in their attempts to scam consumers.

Launched in 2004, Cybersecurity Awareness Month is a campaign aimed  at helping Americans be more safe and secure online. This year’s theme is See Yourself In Cyber, which emphasizes that everyone can make a difference during Cybersecurity Awareness Month — because even practicing cybersecurity basics can go a long way toward protecting yourself. 

This month-long effort is a collaboration between the Department of Homeland Security and the National Cybersecurity Alliance. The National Cybersecurity Alliance is a nonprofit organization that aims to create a more secure, interconnected world by advocating for the safe use of technology and educating people how to protect themselves, their families, and organizations from cybercrime. 

And this year, Cybersecurity Awareness Month is focusing on four key behaviors that can help people stay more safe online:

  • Enabling multi-factor authentication
  • Using strong passwords and a password manager
  • Updating software
  • Recognizing and reporting phishing 

Hopefully, you are already practicing all of these behaviors in some form or another. However there’s no better time than now to review them — and understand how they can keep you safe.

1. Enable Multi-factor authentication (MFA) 

Also known as two-factor authentication, MFA requires anyone logging into an account to go through a two-step verification process. Whenever you have the option to enable MFA, you should — because it makes it twice as hard for criminals to access your account. 

In addition to your normal account password, MFA will require another step to access your account such as a PIN number, a security question, an additional password that’s emailed or sent via text message. 

2. Use strong passwords

We get it, remembering passwords can be hard. Especially if you have more than a handful of online accounts. But it’s crucial that you use a different password for each of your accounts. Otherwise, a cybercriminal could gain access to multiple of your accounts. 

Here’s a few tips for creating strong passwords:

  • Passwords should be at least 12 characters long.
  • Passwords should be unique to their accounts. Never reuse passwords. Also, changing a few characters here and there isn’t good enough. A good rule of thumb: None of your passwords should look similar.
  • Passwords should be complex, meaning they should consist of a combination of letters, numbers, and special characters such as !<,. 

If you have a lot of passwords to remember, you should strongly consider a password manager like LastPass. Think of a password manager as a vault of passwords that requires one master combination (password). 

Not only are all your passwords stored in one place that’s more secure than a notebook or post-it note, but password managers can generate long, complex passwords for you! They are also easy to set up and maintain. Learn more.

3. Make sure your apps, hardware, and software are up to date

When vendors release updates, they not only contain new features and bug fixes. They also can include important security updates that can keep you one step ahead of cybercriminals. When possible, enable automatic updates so you don’t have to worry about updating things manually. 

Just make sure you are downloading updates from legit sources. There’s a lot of fake sites out there. 

4. Recognize phishing scams

Cybercriminals will stoop to any length to cause chaos and gain access to your accounts. That includes using fake emails, social media posts, and even direct messages to lure you into clicking on malicious links or downloading harmful attachments. Fortunately, phishing scams are easy to spot once you know some of the common signs to look for:

  • Sender’s email doesn’t match the company it’s coming from. Look for subtle misspellings.
  • Uses a generic or ambiguous greeting
  • Presents an offer that’s too good to be true
  • Copy contains misspellings and poor grammar
  • Uses language that’s urgent or threatening
  • Includes requests for personal information

If you receive an email like this, don’t click on any links, even the unsubscribe link. Doing that will confirm that your email address is real and in use — and you’ll probably end up receiving more scam emails. Report the email as spam and then delete it. If you receive one at your work address, report it to your IT department.

The best way to fight fraud is to report it. Fraud can happen to anyone. If you believe you have been the victim of fraud, contact your local law enforcement and call us at 1-800-258-3115 or after hours at 1-866-272-4481. You can report fraudulent transactions here (https://www.twinstarcu.com/help/how-report-fraudulent-transactions). You can also report scams to the FTC at ftc.gov.

If you ever receive something suspicious claiming to be from TwinStar, contact us so we can verify its legitimacy. We will never request personal information via email or over the phone. Read about five things we will never ask you (https://www.twinstarcu.com/content/what-we-wont-ask-you-over-phone).

Protecting yourself from online threats doesn’t have to be complicated. Using common sense and having a basic understanding of cybersecurity practices can go a long way.