October was National Cybersecurity Awareness Month. Throughout the month, New York City (NYC) Emergency Management agency shared information to help community members take steps to safeguard their personal information. As the frequency and complexity of cyberthreats continue to increase, it is more important than ever to stay vigilant online. This vigilance should not be confined to a single month, but rather integrated into communities across the country and around the world 365 days a year.
With the COVID-19 pandemic forcing a large portion of employees to work remotely, it is more important than ever to learn how to protect against cyberattacks, which are malicious attempts to access or damage a computer system. Cyberattacks can lead to loss of money, theft of personal information, as well as damaged reputation and safety. They can also disrupt business and infrastructure. Common cyberattacks include: phishing, which utilizes human interaction to obtain or compromise information; and man-in-the-middle attacks, which involve a cybercriminal inserting themselves into a two-party transaction – possibly capturing sensitive personal information including passwords, usernames, and credit card details.
While companies and organizations take preventative measures to secure their networks, there are also steps individuals can take to protect personal information. In October 2020, NYC Emergency Management Director of Technology Toney Lewis provides the following advice:
COVID-19 has dramatically changed how people work and how children attend school. Remote work means accessing cloud services, juggling video meetings, and accessing your company’s network from home. Cybersecurity for remote workers involves protecting three things: Your account, your devices and your connection to the internet. Use strong passwords and multifactor authentication whenever possible to protect your account. Perform software updates regularly and use security software to protect your device. Keeping these things in mind can help protect you from cyberattacks.
According to the Cybersecurity & Infrastructure Security Agency (CISA), one of the first steps to protecting online information is creating strong and unique passwords for various accounts. Passwords should be difficult to guess and should not include names or other information attackers can find using a basic search or through scanning social media. Having unique passwords for various accounts helps prevent cybercriminals from gaining access and compromising personal information. Simple steps to creating strong passwords include:
- Get creative – A password does not need to be an actual word. Making deliberate misspellings in passwords can help keep accounts safe from hackers. Individuals should also ensure their passwords are not easy to guess. This may include incorporating shortcut codes and acronyms.
- Keep passwords secret – It sounds obvious, but only the person creating the password should know it. Be mindful of attackers using emails or calls to trick users into revealing their passwords. Legitimate companies will not request usernames and/or passwords from users via email. An email from a company requesting personal information such as passwords may be a phishing attack, so it is important not to respond.
Avoid Public Wi-Fi
Though it may seem harmless to connect to the free Wi-Fi at a local coffee shop or during a daily commute, it could potentially increase vulnerability to a cyberattack. Public networks can be dangerous because cybercriminals often use such opportunities to attempt to steal private information. CISA advises individuals to avoid connecting to free or public Wi-Fi even if it is on a secured network. Experts suggest utilizing tethering or hotspots on cellular devices instead of a public Wi-Fi network. Other simple steps include:
- Disconnect from Wi-Fi – Change the settings on devices so that they do not automatically connect when they sense an open Wi-Fi network. Public Wi-Fi can include phony rogue networks created solely to attempt to steal personal information. Always turn off Wi-Fi, Bluetooth, and file sharing capabilities when not in use.
- Guard devices – Never leave electronic devices unattended while in a public place. Having physical access to a device can make it easier for an attacker to steal personal information.
As cyberattacks have become more sophisticated, the need to take additional measures to protect personal security is evident. Although having a strong password can significantly decrease the chances of falling victim to a cyberattack, there are also other preventative measures to take, including utilizing multifactor authentication.
Multifactor authentication or two-factor authentication is a security process that requires more than one method of authentication from independent sources to verify the user. An example of multifactor authentication includes users entering a username and password, which would generate a unique code that is required to enter an account. Multifactor authentication is vital because it offers additional layers of protection and can keep accounts secure even if passwords are compromised.
If a cyberattack is suspected, take steps to limit the damage. Change passwords for all online accounts and monitor finances for unauthorized purchases. If the attack occurred over a company or organizational network, immediately inform the IT department.
For more information about staying safe online visit, https://www.cisa.gov/national-cyber-security-awareness-month
You can also check out the latest episode of “Prep Talk,” NYC Emergency Management’s podcast series. On this episode, the hosts talk with NYC Emergency Management’s director for information technology, Toney Lewis, about how listeners can reduce cybersecurity risks and protect themselves online. Lewis provides tips that can help create strong passwords, protect personal devices, identify the most common cyberattacks, and ensure social media accounts are secure. This episode is available on SoundCloud, iTunes, and Spreaker.