By Dave Hatter
Special to the NKyTribune

November marks the end of the 20th annual National Cybersecurity Awareness Month (NCSAM) but our dependence on technology continues to grow, and we are all facing increasingly frequent and increasingly devastating cyberattacks. According to the FBI’s 2023 Internet Crime Report, the FBI’s Internet Crime Complaint Center (IC3) has received an average of 652,000 complaints per year over the last five years for a total of 3.26 million complaints and a staggering total loss of $27.6 billion dollars.

These mind-boggling losses are accelerating, and no organization or individual is too small to have their money and/or their data stolen. With more people working remotely in environments that are typically less secure than a corporate office, and spending more time online for work, education, shopping and entertainment, it’s never been easier for bad actors to attack, so it’s never been more important to safeguard your information and digital assets.

In the 2023 Microsoft Digital Defense Report, Microsoft said that “basic security hygiene still protects against 99% of attacks.” Here are ten essential cybersecurity tips that cover most of the basic security hygiene items and will help you protect yourself, your family and your organization year-round.

Create and Use Strong, Unique Passwords

Passwords such as “password123”, “123456” or anything that is easily guessed or learned from your online presence is an open invitation to cybercriminals. Long (12 characters or more), complex passwords that include a combination of letters, numbers, and special characters are very secure, but hard to remember. A “passphrase” – a series of random words – is typically a better choice because it’s easy to remember but hard to crack. For example, “0rangePlatypusG0ettaC0ney” would be easy to remember, hard to guess and virtually uncrackable. You should also ensure that every account has a unique, strong password to prevent a data breach on one platform from compromising your entire digital identity. I know this sounds painful, so let’s look at the next tip.

Use a Password Manager

There are many excellent free or low-cost password managers that allow you to create and manage strong, unique passwords securely across all your devices. Once you have a password manager, you only need to know one password – the master password – for the password manager. The password manager will then make it easy to create and manage extraordinarily strong passwords for all your sites and apps. Once you get accustomed to using a password manager, you’ll be much more secure and wonder how you ever got by without one. I like 1Password, but there are many excellent choices, you can see reviews of several popular password managers here. If you use a password manager (and you should) ensure that you have a very strong, unique passphrase for your password manager and ensure that you apply the next tip to your password manager.

Implement Multi-factor Authentication (MFA)

MFA, aka Two-factor authentication (2FA) or Two-step verification adds an extra layer of security by requiring a second method of verification, typically something you have (like a text message or authenticator app code) or something you are (like your fingerprint) in addition to your username and password (credentials) when you log in. Enabling MFA significantly reduces the risk of unauthorized access to your accounts because an attacker will need the MFA code to login even if they obtain your credentials. Most online services offer this capability, and you should enable it everywhere you can, especially for online banking and shopping and anywhere you are accessing or sharing sensitive information such as your health insurance. While MFA is not foolproof, using MFA will make it much more difficult for bad actors to access your accounts.Turn on MFA for all your accounts today.

Apply Software Updates Promptly

Regularly updating the software in your devices including computers, phones, tablets and so called “smart” devices such as TVs, webcams, etc. is critical to ensure that hackers can’t exploit software vulnerabilities to access and control your devices. It’s essential that you don’t overlook your Internet of Things (IoT) “smart” devices, they must also get regular software updates because they are connected to your network and create an access point for cybercriminals. Whenever possible, enable automatic updates to ensure you are always protected from the latest threats.

Use Antivirus/Antimalware Software

Running current, reputable antivirus/antimalware software, sometimes called end point protection (EPP) software, is essential to protect your devices from viruses, ransomware, and other types of malware (malicious software). EPP software constantly scans your system for threats and in many cases will prevent malware from infecting your devices and causing damage. It’s critical to keep your EPP software updated so it can effectively identify and remove the latest threats so configure your EPP software to get daily updates from the vendor.

Lock Down Your Wi-Fi Network

A poorly secured Wi-Fi network is an open invitation for cybercriminals. Use the highest level of Wi-Fi encryption supported on the router to keep them out. On most newer devices this will be WPA3 encryption, but you should choose the highest encryption standard available to protect your network from unauthorized access. Ensure that you change the default administrator password to a strong, unique password and use a strong, unique password for the Wi-Fi network connections. Also, configure your router to get software updates from the manufacturer automatically. You should be able to visit the manufacturer’s website for guidance on how to accomplish these things.

Back Up Your Data Regularly

Data loss can and does occur for assorted reasons, including hardware failures, accidents and malware attacks. To protect your important data, you should regularly make and test backups. Ideally you should follow the Backup Rule of 3-2-1: three copies of your data on two different mediums, one of which is offsite. In simple terms, you can use local backups on inexpensive, easy to use and readily available external hard drives and cloud-based solutions for added security. With this approach, you can quickly recover your data in the event of an incident. Learn more about popular consumer-oriented backup solutions here.

Beware Phishing

Unfortunately, virtually anything in digital form can be “spoofed” which is nerd speak for faked, including email, text, messaging, social media and websites. Phishing attacks often rely on spoofing and remain one of the most prevalent online threats. Phishing in its various forms (email, text, voice) is used to fool victims into divulging sensitive information or downloading malicious software. Understand that an email address, phone number, text message or even a whole website can be spoofed and couple that with a healthy dose or skepticism to ensure that you are extremely cautious when clicking on links, especially from unsolicited emails or unknown sources. In your web browser, you can mouse over a link without clicking it to see where it goes. This gives you the opportunity to see if what it says on the screen is where it goes when you click it. If what it says on the screen is not where it goes when you mouse over it, this is a huge red flag. If something seems suspicious, stop, report it to your email provider or the appropriate authorities such as the IC3 and use another verifiable source to authenticate it.

Educate Yourself About Ever-Changing Online Scams

Unfortunately, cybercriminals are highly creative and devious, and are constantly developing new tactics. They will come at you via any digital means available. They can make enormous amounts of money, are rarely caught, and almost never prosecuted. This means staying informed about the latest scams and threats is vital to protect yourself, your family, and your organization. Consider following reliable cybersecurity blogs, websites, or official sources to stay up to date with the latest threats and best practices. You can follow me on X (formerly Twitter) for a steady stream of timely and helpful cybersecurity information and advice @DaveHatter.

Safe Online Shopping

Online shopping has become a routine part of our lives, especially since the pandemic. When shopping online, look for the padlock icon or “https” in the URL to ensure a website is using encryption to protect your data before entering sensitive information such as credit card details. And understand that any website, even those that are not legitimate, can use encryption, so the presence of the padlock or “https” in the URL is not a guarantee that a site is legitimate. It’s always best to be skeptical and stick to known reputable websites that you visit directly by typing in the URL. You should also avoid making purchases on public Wi-Fi networks because they are more susceptible to eavesdropping. Additionally, a credit card dedicated to online purchases can limit financial damage in case of a data breach.

Technology continues to advance rapidly, and we are increasingly required to rely on it in every aspect of our lives. Make a commitment to implement these ten important cybersecurity tips to protect your digital life today, your future self will be glad you did.

Dave Hatter, CISSP, CISA, CISM, CCSP, CSSLP, PMP, ITIL, is the Director of Business Growth at Cincinnati based Managed Services Provider Intrust IT. Dave has more than 30 years of experience in IT and has been an adjunct professor teaching programming at Cincinnati State for nearly 20 years. He lives in Fort Wright.