October marks Cybersecurity Awareness Month, a collaborative effort between the public and private sectors to raise awareness about the importance of cybersecurity.
This year, we celebrate the 20th anniversary of this campaign – a testament to the enduring importance of security. As a Champion of Cybersecurity Awareness Month, we are proud to join the global effort to promote cybersecurity awareness and individual cyber hygiene.
The 2023 theme, Secure Our World, urges everyone to take four key actions year-round:
1. Use strong passwords and a password manager
Did you know that compromised passwords are responsible for 81% of hacking-related breaches? It’s a reminder that using strong passwords is one of the easiest ways to protect your accounts and keep your information safe.
Here are some essential password security best practices:
- Create a strong password: If you’re still using a weak password like “password,” consider it breached. Hackers can crack this easy-to-guess password in less than one second. Instead, create passwords that are at least 16 characters long and uniquely complex. Avoid using sequential strings (ABCD, 1234, qwerty) and easily identifiable information like names and birthdays as part of your passwords. Your password should be a riddle even Sherlock Holmes would find puzzling!
- Avoid password reuse: Think of your passwords as fingerprints; each one should be unique. Reusing passwords makes you vulnerable to cyberattacks like brute-force attacks and credential stuffing. Creating a unique password for each account limits the fallout in the event of a breach.
- Use a password manager: Password managers free you from the hassle of sticky notes or the guessing game of passwords. The only thing you need is one password to sign into your password manager. They can create, store, and fill passwords automatically and help generate complex combinations.
2. Enable multi-factor authentication (MFA)
According to Microsoft, enabling MFA can make you 99% less likely to get hacked. Why? Because MFA requires a combination of two or more authenticators to verify your identity before you’re granted access to your account. Even if a hacker cracks your password, they need to meet the second authentication requirement in order to gain access to your account.
MFA asks for:
- Something you know – a PIN number or a password
- Something you have – an authentication application or a confirmation text on your phone
- Something you are – a fingerprint scan or facial recognition
Note that not all MFA methods offer the same level of protection. Phishing-resistant MFA is the standard industry leaders should strive for, but any MFA is better than no MFA.
3. Update your software
Before you instinctively hit the ‘remind me later’ button, it’s important to understand the importance of software updates. Technology providers issue software updates to patch urgent security flaws, and failing to keep your software up-to-date could leave you unprotected.
Here’s what you need to keep up-to-date:
- Operating System (OS)
- Web browser and extensions
- Third-party apps
- Antivirus
To make these updates more convenient, set up automatic updates so that they are downloaded and installed as soon as they are available. Remember to only download software and apps from verified sources and official app stores. The device, software, or app developer itself should be sending you updates, not anyone else.
4. Recognize and report phishing
Phishing involves malicious actors sending messages pretending to be a trusted person or entity, and is the most common form of cybercrime. If something seems suspicious, trust your instinct.
Telltale signs of phishing include:
- Urgent or emotionally appealing language
- A sense of urgency to click right away
- Requests to send personal or financial information
- Unexpected attachments
- Untrusted shortened URLs
- Email addresses that do not match the supposed sender
When encountering a suspicious message, use the “report spam” feature. In cases where the message impersonates an organization you trust, notify the organization using the contact information found on their official website.
Lastly, delete suspicious messages. Don’t reply or click on any attachment or link, including the “unsubscribe” link, which could carry a link used for phishing.
Next Steps
As we kick off Cybersecurity Awareness Month, we implore you to not just consider – but actively implement – the suggestions shared. At Check Point, we believe that it’s not only possible, but prudent, to prevent cyberattacks before they can do any damage. We will continue to share tips and best practices throughout the month so that together, we prevent bad actors from getting anywhere near your data.