This article was published by the Cybersecurity & Infrastructure Security Agency and the original article can be found here.

Cyber scams are nothing new. Every day, con artists are looking for the best “marks.”

Think you’re not worth being the target of online predators? Think again!

Hackers don’t need to know how much is in your bank account to want to get into it. Your identity, your financial data, what’s in your email…… it’s all valuable. And cyber criminals will cast as wide a net as possible to get to anyone they can. They’re counting on you thinking you’re not a target.

So how can you reduce the chances of falling for the scams? Learn the signs!

Let’s start with the basics of “cyber hygiene,” easy and common-sense ways to protect yourself online.

Here are the  4 things you can do:

  • Implement multi-factor authentication on your accounts and make it significantly less likely you’ll get hacked.
  • Update your software. In fact, turn on automatic updates.
  • Think before you click. More than 90% of successful cyber-attacks start with a phishing email.
  • Use strong passwords, and ideally a password manager to generate and store unique passwords.
Let’s start with turning on Multifactor Authentication   

It goes by many names: Two Factor Authentication. Multifactor Authentication. Two Step Factor Authentication. MFA. 2FA. They all mean the same thing: opting-into an extra step when trusted websites and applications ask you to confirm you’re really who you say you are.

Your bank, your social media network, your school, your workplace…. they want to make sure you’re the one accessing your information.

So, industry is taking a step to double check. Instead of asking you for a password – which can be reused, more easily cracked, or stolen – they can verify it’s you by asking for two forms of information:

  • They’ll ask for something you know …. like a PIN number or your sister’s middle name, along with
  • Something you have …. like an authentication application or a confirmation text on your phone, or
  • Something you are …. like a fingerprint or faceID

That second step is a lot harder for a hacker to fake. So, prove it’s you with two … two steps, that is.

Now that you know what it is, you’ll see prompts for multifactor authentication all over. So opt-in. Start with your email account, then financial services, then social media accounts, then online stores, and don’t forget your gaming and streaming entertainment services!

Update your software. In fact, turn on automatic software updates if they’re available  

Bad actors will exploit flaws in the system. Network defenders are working hard to fix them as soon as they can, but their work relies on all of us updating our software with their latest fixes.

Update the operating system on your mobile phones, tablets, and laptops. And update your applications – especially the web browsers – on all your devices too.   Leverage automatic updates for all devices, applications, and operating systems.

Think before you click   

Have you ever seen a link that looks a little off? It looks like something you’ve seen before, but it says you need to change or enter a password. Or maybe it asks you to verify personal information. It could be a text message or even a phone call. They may pretend to be your email service, your boss, your bank, a friend…. The message may claim it needs your information because you’ve been a victim of cybercrime.

It’s likely a phishing scheme:  a link or webpage that looks like a legitimate, but it’s a trick designed by bad actors to have you reveal your passwords, social security number, credit card numbers, or other sensitive information. Once they have that information, they can use it on legitimate sites. And they may try to get you to run malicious software, also known as malware. Sadly, we are more likely to fall for phishing than we think.

If it’s a link you don’t recognize, trust your instincts and think before you click. We all need to Phight the Phish!

Use strong passwords  

Did you know the most common password is “password”? Followed by “123456”? Using your child’s name with their birthday isn’t much better.

Picking a password that is easy is like locking your door but hanging the key on the doorknob. Anyone can get in.

Here are some tips for creating a stronger password. Make sure it’s:

  • long – at least 15 characters,
  • unique – never used anywhere else,
  • and randomly generated – usually by a computer or password manager. They’re better than humans at being random.

Make sure you’re not recycling the same password across all your apps and websites. You can use a password manager to store all of your passwords. That way you don’t have to remember them all! If you go this route, make sure your master password is strong and memorable, and secure your password manager account with MFA!

Being cybersmart is contagious. 

Our world is increasingly digital and increasingly interconnected. So, while we must protect ourselves, it’s going to take all of us to really protect the systems we all rely on. Being cyber smart is contagious. Take the four basic steps outlined above and help two friends do the same.

For more information, visit CISA’s Cybersecurity Awareness Month Resources page