Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Taking Measure

Just a Standard Blog

Six Small Cybersecurity Steps You Should Take. Today.

cybersecurity padlock illustration
Credit: Tomasz Zajda/

There’s no cybersecurity silver bullet. Be risk-based. Pick low hanging fruit. We’ve all heard lots of clichés about what it means to—here are some more—be cyber aware, keep a clean machine, even Stop.Think.Connect. The bottom line is that protecting online resources and information is difficult, it’s new and it’s rapidly changing.

Compared with other science and engineering disciplines, getting things done digitally is in its infancy. Relative to how long we’ve been building things like finely crafted bridges (think Roman aqueducts), protecting networks, computers and mobile devices is a brand new phenomenon. We’re making great progress, but in many ways we’re just starting to understand the environment … all while it keeps changing before our eyes.

As we start National Cybersecurity Awareness Month this year, we need to maintain the perspective that, even though we know that sometimes things will go wrong, individual users, businesses and their employees can all make a difference. And while we work together to solve information security concerns on a larger scale, it’s our daily actions that matter most.

In the thick of the day-to-day and with a continual barrage of bad news in the world of cybersecurity, it might be hard to see just how much progress we’ve made over the last several years. For example, 63 percent of confirmed data breaches in 2015 took advantage of leveraging weak, default or stolen passwords. But public awareness around the limitations of passwords is increasing and people are turning to multi-factor authentication (MFA) as a tool to secure accounts. A recent survey showed that 86 percent of people who use MFA feel that their accounts are more secure. And the number of websites offering MFA as an option is also increasing.

These improvements, more than anything, occur every day, individuals—not just experts—take steps to do the right thing. Here are a few of the simple steps you can take to make a difference:

  • Close old accounts. If you don’t use them, close them.
  • Secure your active accounts. Many websites now offer additional ways for you to access your account easily while making it hard for others to get in. Today, most large internet sites offer multi-factor authentication. If they don’t, you can ask for it.
  • Protect your information. Avoid sharing too much personal information online (like your full name, address, birthday, etc.). You can check a website’s privacy options to ensure you have enabled them at the highest level since those options may change frequently.
  • If it looks fishy, it’s probably ‘phishy.’ Links in fraudulent emails, website comments, tweets, posts and online advertisements are often how cybercriminals do their dirty work.
  • Secure your mobile device. Don’t make it any easier for thieves to gain unauthorized access to your accounts. Use lock screen authentication for mobile devices, whether it’s a passcode, biometric or some other means.
  • Update. Update. Update the software on your devices regularly. While there are sometimes glitches with new updates, many are specifically designed to address vulnerabilities in software that can leave you open to attacks.
Cyber cat says 'mmmm, that email smells phishy
The NIST Cyber Cat is very wise, and furry.
Credit: Olga Bilevich/ Webber/NIST

For many of us at NIST and everyone on the National Strategy for Trusted Identities in Cyberspace team, our everyday lives revolve around improving our society’s ability to deliver and consume services, to interact and share, and to do all that we do in our indispensable digital lives. We hope you’ll join us in recognizing National Cybersecurity Awareness Month by taking the time to secure your devices and data, and by encouraging friends and family to do the same.

Even taking these measures, things won’t always go right, but these are proven, effective ways to lower risk—the digital equivalent of checking your blind spot and wearing your seat belt. As with anything in life, doing the little things can make a big difference.

About the author

Mike Garcia

Mike Garcia is, in no particular order, former director of NIST's Trusted Identities Group, a proud Buckeye, and an advocate of the Oxford comma. When he's not remodeling his house or being bossed around by his cat, Mike's fighting the good fight to foster an identity ecosystem in which individuals and organizations utilize secure, efficient, easy-to-use, and interoperable identity solutions to access online services in a manner that promotes confidence, privacy, choice, and innovation. He is a Ph.D. economist, Federal 100 award-winning cybersecurity expert, and winner of an intraoffice beard-growing competition.

Related posts


Helpful advice but I suggest get key points nearer the top of the article. I persevered through the Roman aqueducts .... just!

Add new comment

Enter the characters shown in the image.
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.
Please be respectful when posting comments. We will post all comments without editing as long as they are appropriate for a public, family friendly website, are on topic and do not contain profanity, personal attacks, misleading or false information/accusations or promote specific commercial products, services or organizations. Comments that violate our comment policy or include links to non-government organizations/web pages will not be posted.