Strengthen Your Online Defenses: Best Practices for Cybersecurity Awareness Month

Published on October 4, 2024



Founded in 2004, Cybersecurity Awareness Month, held each October, is the world’s foremost initiative aimed at promoting cybersecurity awareness and best practices. Now in its 21st year, Cybersecurity Awareness Month 2024 is highlighting the growing importance of cybersecurity in our daily lives and encouraging individuals and businesses to take important cybersecurity steps to stay safe online.

From mobile to connected home devices, technology is deeply intertwined with our lives. And while the evolution of technology accelerates, cybercriminals are working just as hard to find ways to compromise technology and disrupt personal and business life.

UMACHA is once again partnering with CISA and the National Cybersecurity Alliance (NCA) to promote the Secure Our World campaign, with the main messaging revolving around four key cybersecurity best practices:

1. Recognize & Report Phishing. Phishing often tries to get us to open a harmful attachment or share personal information. Learn what to look for to avoid the "phish hook."

2. Use Strong Passwords. Using strong passwords and a password manager are some easy ways to protect ourselves from someone logging into an account and stealing data or money. 

3. Turn on MFA. Multifactor authentication means using more than a password to access an app or account. With MFA, we might be asked to enter a text code or use a fingerprint. It makes us much safer from someone accessing our accounts.

4. Update Software. Don't delay software updates. Flaws in software can give criminals access to files or accounts. Programmers fix these flaws as soon as they can, but we must install updates for the latest protection!

Recognize and Report Phishing
Phishing attacks have become an increasingly common problem for organizations of all sizes and can be very difficult to spot. It’s important that every individual stops and thinks before clicking on a link or opening an attachment and knows how to spot red flags.

Phishing occurs when criminals try to get you to open harmful links or attachments that could steal personal information or infect devices. Phishing messages or “bait” usually come in the form of an email, text, direct message on social media, or phone call. These messages are often designed to look like they come from a trusted person or organization to get you to respond. The good news is you can avoid the phish hook and keep accounts secure!

Use these tips to keep yourself safe from phishing attempts:

1. Recognize the common signs of phishing:

   1. Urgent or alarming language

   2. Requests to send personal and financial information

   3. Poor writing, misspellings, or unusual language

   4. Incorrect email addresses, domain names, or links (e.g. a link to amazan.com instead of amazon.com)

2. Report possible phishing attempts.

   • Know your organization’s guidance for reporting phishing. If your organization offers it, you may find options to report via the “report spam” button in your email toolbar or settings.

   • For personal email accounts, you may be able to report spam or phishing to your email provider by right-clicking on the message.

3. Delete the message.

   • Don’t reply or click on any attachment or link, including any “unsubscribe” link. Just delete.

Use Strong Passwords and a Password Manager
As our online lives expand, the average user has gone from having just a few passwords to now managing upwards of 100. That’s 100 unique passwords to remember, if you’re using strong password habits. Password managers can save users the trouble of having to remember multiple passwords and make accounts safer by recommending strong, unique passwords and storing them all in one place.

Use these tips to strengthen your passwords:

1. Longer is stronger: Passwords with at least 16 characters are hardest to crack.

2. Hard to guess: Use a random string of mixed-case letters, numbers, and symbols. If you need to memorize a password, create a memorable “passphrase” of 5 – 7 unrelated words. Get creative with spelling and/or add numbers or symbols.

3. One of a kind: Use a unique password for each account.

Remembering long, unique passwords for every account in our lives is impossible. Rather than writing them down or reusing weak passwords, use a password manager. Password managers generate complex and unique passwords for you, store them all in one place, and tell you when you have weak, re-used passwords, or compromised passwords. They can also automatically fill credentials into sites and apps using a secure browser plugin. You only need to remember one master password—the one for accessing the password manager itself. (Tip: Create a memorable long “passphrase” as described above and NEVER write your master password down.)

Turn on Multifactor Authentication
In a recent National Cybersecurity Alliance survey (off-site), 81% of respondents said they have heard of multifactor authentication (MFA), but actual usage remains varied across generations. Millennials and Gen Z demonstrate higher awareness but lower regular use compared to older generations, who report more consistent adoption of MFA.

MFA provides extra security by providing a secondary method confirming your identity when logging into accounts. MFA usually requires you to enter a code sent to your phone or email, or one generated by an authenticator app. Push notifications are also common methods of MFA. This added step prevents unauthorized users from gaining access to your accounts, even if your password has been compromised.

Follow these steps to turn on MFA:

1. Open your app or account settings.

   • It may be called Account Settings, Settings & Privacy, or something similar.

2. Turn on multifactor authentication.

   • It may also be called two-factor authentication, two-step authentication, or something similar.

3. Confirm your settings.

   • Select an MFA method to use from the options provided. Common examples include receiving a code by text or email, using an authenticator app that generates a new code every 30 seconds or so, or using biometrics like facial recognition or fingerprints to confirm your identity.

Update Your Software
A recent National Cybersecurity Alliance survey (off-site) reported the majority know how to install updates (62%), a notable number either delay (16%) or avoid doing so (20%). This discrepancy is particularly pronounced among younger generations, such as Gen Z. Despite the convenience of automatic updates, only 45% have enabled them.

One of the easiest ways to protect accounts and information is to keep software and applications updated. Updates are periodically released to fix software problems and provide security patches for known vulnerabilities. This Cybersecurity Awareness Month, don’t hit the “remind me later” button. Take action to stay one step ahead of cybercriminals.

Follow these steps to make sure you keep your software up to date:

1. Check for notifications.

   • Devices and applications will usually notify you when the latest software updates become available, but it’s important to check periodically as well. Software updates include devices’ operating systems, programs, and apps. It’s important to install ALL updates, especially for web browsers and antivirus software, or apps with financial or sensitive information.

2. Install updates as soon as possible.

   • When a software update becomes available, especially critical updates, be sure to install them as soon as possible. Attackers won’t wait, and you shouldn’t either!

3. Turn on automatic updates.

   • With automatic updates, devices will install updates as soon as they become available—Easy! To turn on the automatic updates feature, look in the device settings, usually under Software or Security.

Additional Resources
As your key partner, UMACHA is always looking for ways to share knowledge to help create peace of mind. You can help spread the word about Cybersecurity Awareness Month and the cybersecurity best practices discussed by reviewing the free Secure Our World Resources & Cybersecurity Awareness Month 2024 Toolkit (off-site).

The toolkit includes sample social media posts, an infographic, presentations, posters, and more!



Stay connected with UMACHA on LinkedIn!