Held every October, Cybersecurity Awareness Month (CSAM) is a collaborative effort between government and industry to ensure every American has the resources they need to stay safe and secure online while increasing the resilience of the Nation against cyber threats.
Now in its 19th year, Cybersecurity Awareness Month continues to build momentum and impact with the ultimate goal of providing everyone with the information they need to stay safer and more secure online. SUNY College of Optometry is proud to support this far-reaching online safety awareness and education initiative which is co-led by the National Cyber Security Alliance (NCSA) and the Cybersecurity and Infrastructure Security Agency (CISA) of the U.S. Department of Homeland Security.
Cybersecurity Awareness Month’s overarching theme for 2022 is: “See Yourself in Cyber”.
This year’s theme demonstrates that while cybersecurity may seem like a complex subject, ultimately, it’s really all about people. This October will focus on the “people” part of cybersecurity, providing information and resources to help educate and ensure all individuals and organizations make smart decisions whether on the job, at home or at school – now and in the future.
Cybersecurity has become one of the biggest hot topics both inside and outside of technology circles over the last two years. From securing learning devices due to a rise in digital learning during the COVID-19 pandemic, to coping with the fallout of high-profile breaches of national infrastructure such as the Colonial Pipeline, there is a seemingly endless newscycle dedicated to cybersecurity mishaps and concerns. And with this onslaught of negative news, it can be easy for everyday individuals to become overwhelmed and to feel powerless in the face of the “insurmountable” threats posed by cybersecurity. But in actuality nothing could be further from the truth.
With all of the jargon that is typically thrown around in relation to cybersecurity there is a longstanding misperception that cybersecurity is beyond everyday people and that it should be left to the professionals. Moreover, there is a prevailing sense among the public that breaches are simply a fact of life and that we should just learn to deal with them. But this just isn’t true. In fact, everyday people have a huge role to play in cybersecurity threat prevention, detection, and remediation. For example, according to IBM, 95% of breaches have human error as a main cause. Therefore, everyday day technology users are very much the first line of defense when it comes to thwarting cybercrime. Unfortunately though, many individuals are not aware of some of the best practices for boosting cybersecurity and how easy they are to use.
This year, the Cybersecurity Awareness Month’s main focal areas revolve around four key fundamental cybersecurity best practices that everyday people can implement today to enhance their own cybersecurity and create a more secure world for everyone:
Recognizing and reporting phishing – still one of the primary threat actions used by cybercriminals today.
Understanding the benefits of using a password manager and dispelling existing myths around password manager security and ease of use.
Enabling multi-factor authentication on personal devices and business networks.
Installing updates on a regular basis and turning on automated updates.
Phishing is when criminals use fake emails to lure you into clicking on them and handing over your personal information, or installing malware on your device. It’s easy to avoid a scam email, but only once you know what to look for.
The signs can be subtle, but once you recognize a phishing attempt you can avoid falling for it. Here are some quick tips on how to clearly spot a fake phishing email:
Don’t worry, you’ve already done the hard part which is recognizing that an email is fake and part of a criminal’s phishing expedition.
If you’re at the office and the email came to your work email address, report it to your IT manager or security officer as quickly as possible.
If you’re at home and the email came to your personal email address. Do not click on any links (even the unsubscribe link) or reply back to the email and JUST DELETE IT. You can take your protection a step further and block the sending address from your email program, too.
Some email platforms let you report phishing attempts. If you suspect an email is phishing for your information, it’s best to report it quickly.
Phishing Tip Sheet (CISA)
Phishing Infographic (NCSA)
To Click or Not To Click: That is the Question (NCSA)
Attack Spotlight: Microsoft Office 365 Credential Phishing (ProofPoint)
Attack Spotlight: OneDrive Phishing Campaign (ProofPoint)
Attack Spotlight: Scammers Mimic Real Banking Emails (ProofPoint)
How to Recognize and Avoid Phishing Scams (FTC)
Spotting a Vaccine Phishing Scam: Can You Find the Red Flags? (NCSA)
As our lives expand while we do more online, we’ve gone from having just a couple of passwords to today, where we might manage upwards of 100 or more. If you’re like most people, you’re probably using the same password for most of your accounts—and that’s not safe. If your one password gets stolen because of a breach, it can be used to gain access to all your accounts and your sensitive information. But no need to fret, password managers are easy to use and make a big difference.
So the best way to manage unique passwords for the ever-increasing amount of online accounts we own is through a password manager application. A password manager is software created to manage all your online credentials like usernames and passwords. It stores them in a safe, encrypted database and also generates new passwords when needed.
Because the password manager stores all your passwords, you don’t need to memorize hundreds of passwords or keep that secret password paper in your drawer. Now, you only need to remember one to unlock your password vault in the manager app, so it makes things so much easier.
Password managers not only let you manage hundreds of unique passwords for your online accounts, but some of the services also offer other advantages as well.
Cybersecurity Basics: Passwords & Password Management tipsheet (CISA)
Passwords Infographic (NCSA)
Using Strong Passwords and a Password Manger (NCSA)
Tips for Better Passwords (Consumer Reports)
It’s as easy as learning a new dance move and your online accounts will thank you. Multi-factor authentication, or MFA, is a security measure that requires anyone logging into an account to navigate a two-step process to prove their identity. It makes it twice as hard for criminals to access an online account. When it’s available, always turn it on because it’s easy to do and greatly increases your security.
By adding one more simple step when logging into an account, multi-factor authentication greatly increases the security of your account. Here’s how it works. Just like logging into your account, the first step is giving your password or passphrase. The second step is to provide an extra way of proving that you’re you, like entering a PIN code or texting/emailing a code to your mobile device, or accessing an authenticator app.
Not every account offers MFA, but it’s becoming more popular every day. It’s seen on many accounts that usually hold either valuable financial or personal information like banks, financial institutions, online stores, or social media platforms. Any place online that is storing your personal information (especially financial information), or any account that can be compromised and used to trick or defraud someone else should be protected with MFA. Simply put, use MFA everywhere!
Enabling Multi-Factor Authentication (NCSA)
Nail The Basics Of Cybersecurity With Multi-Factor Authentication (Forbes)
One of the easiest ways to keep your information secure is to keep your software and apps updated.
Always keep your software updated when updates becomes available and don’t delay. These updates fix general software problems and provide new security patches where criminals might get in. You can be sure the bad guys are always looking for new ways to get to your data through software, so updating your software is an easy way to stay a step ahead.
When downloading a software update, only get it from the company that created it. Never use a hacked, pirated or unlicensed versions of software (even if your friend gave it to you). These often contain malware and cause more problems than they solve.
Software from legitimate companies usually provides an option to update your software automatically. When there’s an update available, it gives a reminder so you can easily start the process. If you can’t automatically update it, remind yourself to check quarterly if an update is available.
Maybe you’ve seen these pop-up windows when visiting a website or opening software that urgently asks you to download something or fill out a form? These are always fake and should not be followed. A browser will only warn you not to move forward or stay on a specific web address because it might not
be secured or it could contain malware.
Cybersecurity 101 Tip Sheet (CISA)
Why is Cybersecurity Important? (CISA)
Software Updates Infographic (NCSA)
Software Updates (NCSA)
Understanding Patches and Software Updates (CISA)
The Cybersecurity Awareness Month Champions represent those dedicated to promoting a safer, more secure and more trusted internet.
Champions include companies and organizations of all sizes, schools and school districts, colleges and universities, nonprofits, government organizations and individuals.
Additional information and resources on cyber issues and implementing sound cyber security practices are also available at the following websites: