Stay Safe and Secure Online During Cybersecurity Awareness Month — and All Year

As Cybersecurity Awareness Month winds down for 2023, we’ve  released a cornucopia of information about security and privacy in the digital world — including four blog posts from NIST experts whose work focuses on developing best practices for staying safe and secure online. 

What are the main things you as a consumer can do to protect your own security and privacy? Here’s what our four blog authors had to say. 

Enable multifactor authentication, or MFA, to prove you are who you say you are online. MFA uses a combination of:
•    something you know, such as a password;
•    something you have, such as an authentication application on your phone; and/or
•    something you are, such as fingerprint or face recognition. 

“Multifactor authentication has proven to be extremely effective to protect against modern automated cyberattacks,” said NIST’s David Temoshok in his post, because “it takes more than a password to secure your accounts online.” Not every account or organization you encounter online offers MFA, but you will often see it used with banking, email, social media and online stores. Activate MFA whenever possible. The extra few seconds it takes adds a lot of security to your online life. 

Use strong passwords and a password manager. Passwords should be long, unique and hard to guess — characteristics that can make them hard to keep track of if you have a lot of them (as most of us do nowadays). Creating effective passwords does not always come naturally and can create security and privacy problems for people  of all ages, as NIST’s Yee-Yin Choong and Meghan Anderson discuss in the second Cybersecurity Awareness Month 2023 NIST Blog Series post. People tend to create passwords using concepts reflecting the state of their lives, such as movie titles, video games, or pets’ names. If these concepts turn up elsewhere in their online social media posts, it could compromise an individual’s security and privacy. Children often get their earliest exposure to technology under parental supervision, so adults should learn good password creation and protection strategies, and then pass these strategies along to their kids.

Use software that gets regular updates. Software is nearly everywhere. It’s not just in your computer, but also in smart appliances and Internet of Things (IoT) devices that connect to networks — making all these devices attack targets. Software updates not only deliver new features to a device, but they also help keep its cybersecurity defenses current. In their post, NIST’s Michael Ogata and Paul Watrobski recommend seeking out and using software that either gets updated automatically or that you can update manually. “One of the simplest actions you can take to improve the protection of your finances, data, safety, etc. is to install software updates as soon as they are available,” they write. “If you don’t, you’re putting yourself and your company at greater risk.”

Learn to recognize and report phishing attacks. You’ve (hopefully) realized that a Nigerian prince doesn’t have a princely sum he wants to deposit in your bank account, but writers of phishing emails are always looking for new ways to convince you they have a legitimate need for you to click a link or provide some sensitive information. Their strategies are always changing. NIST’s Shanée Dawkins and Jody Jacobs focus on helping organizations train employees to recognize and report phishing emails. Stay updated on your organization’s training, and then help people you know to practice good cyber hygiene. “For phishing threats, people can be a target via our work email, personal email, text messages, even phone calls,” they write in their post. “We want to help people recognize phishing threats so that they remain vigilant with their technologies.”

For even more usable guidance about all four of these tips, check out NIST’s page on Cybersecurity Awareness Month.