Cybersecurity Awareness Month: Time for a Security Check

Sure, it's a cheesy, made-up event. But that doesn't mean you shouldn't lock down your accounts.

Bree Fowler Senior Writer
Bree Fowler writes about cybersecurity and digital privacy. Before joining CNET she reported for The Associated Press and Consumer Reports. A Michigan native, she's a long-suffering Detroit sports fan, world traveler, wannabe runner and champion baker of over-the-top birthday cakes and all-things sourdough.
Expertise cybersecurity, digital privacy, IoT, consumer tech, smartphones, wearables
Bree Fowler
5 min read

October is Cybersecurity Awareness Month and a good time to batten down your online accounts.

Angela Lang/CNET

As far as made-up monthlong observances and holidays go, Cybersecurity Awareness Month lacks both the gravity of something like Women's History Month and the fun of International Talk Like a Pirate Day.

In fact, the October celebration has become known more for inspiring memes that mock it than it has for actually boosting digital security awareness. That said, it never hurts to take a timeout and make sure that you're being cybersmart.

That means setting solid and unique passwords for all your online accounts, enabling two-factor authentication whenever possible and doing your best to keep as much of your private information, well, private.

President Joe Biden last week called on all Americans to do those things in his proclamation officially designating October as Cybersecurity Awareness Month, which also encouraged people to learn to recognize and avoid phishing, as well as update their software regularly.

"As the threat of malicious cyber activities grows, we must all do our part to keep our nation safe and secure," the proclamation reads.

Doing your part doesn't have to mean doing a lot, says Chris Jacob, vice president of threat intelligence engineering for the cybersecurity firm ThreatQuotient.

Following a few basic "dos and don'ts" can go a long way, he says. For example, do make backup copies of your most precious documents so they're protected in case of attack, but don't click on links in emails from people you don't know. 

"It may be a stretch to call some of these things 'cybersecurity,'" he says, but they're still important.

In celebration of Cybersecurity Awareness Month, here are a handful of easy ways to keep your online accounts safe.

Use strong passwords 

Passwords need to be long, random and unique. Once you get up to about 30 characters they become much harder to crack, says Daniel Clemens, CEO of the cybersecurity company ShadowDragon. 

"Cybercriminals are often playing the numbers with their targeted victims," Clemens said. "If you put up any fight or make things difficult, they will move on to an easier target."

To make your passwords easier to remember, you can use a passphrase of a handful of unrelated words strung together, such as "GrandmafootballCheeseburgerhat" or "lamppostParisHotsaucetrophyhat."

Avoid personal details that can easily be guessed. Your dog's name, the model of your first car or the university you graduated from may be important to you, but they're bad password material. Don't recycle your passwords and use them on multiple accounts -- no matter how good you think they are. That way, you limit the fallout if one of your passwords is compromised.

That also goes for the personal questions and answers you use to reset those passwords, says Brianna Groves, a security engineer for CyberGRX.

There's no requirement to tell the truth when picking your answers, Groves says, adding that whether they're true or not you should never use the same questions for multiple accounts.

"The questions are usually general, and rely on data that was never meant to be kept secret in the first place" she said. "It might be easier than you think to figure out your mother's maiden name, the name of your high school and your brother's nickname."  

If all that seems daunting, sign up for a password manager. It'll keep all your logins organized and secure. Using the password generator and manager built into your browser is OK, too. While some of those options have been clunky in the past, they've gotten better. For example, you can now use Google's Chrome browser to autofill passwords into apps on an iPhone, as well as auto-generate new ones.

Always use 2FA when available

If your password does get compromised, a second layer of protection will go a long way toward protecting your account. Two-factor authentication, also called 2FA, multifactor authentication and two-step verification, requires that someone trying to access your account enter a second form of identification before getting in.

2FA works in a host of different ways. It could be a code generated by an app, a biometric like a fingerprint or Face ID, or a physical security key that you insert into your device. Yes, 2FA slows down the login process. But if 2FA is available, turning it on is a must.

One word of warning: If you can, avoid 2FA systems that text a code to your smartphone. Why? SIM swapping, in which cybercriminals steal your phone number by calling your wireless provider and having it switch your number to a new phone and SIM card. It does happen, and if criminals take over your phone number, they'll get that text message, too.

Beware of phishermen

These days, many cyberattacks and data breaches – both big and small – start with a phishing attack. While most of them still show up as emails, phishing also now comes in the form of social media posts, text messages (smishing) and even QR codes (quishing).

Attackers could be pretending to be a charity looking for donations to help the victims of the recent hurricanes. Past scams have tried to take advantage of the war in Ukraine, as well as demand for COVID testing kits. They also could masquerade as a member of your office's IT team or a friend who wants you to check out a great deal at your favorite retailer.

Regardless of their form, the objective is usually the same: The attackers are looking to steal credentials, money or personal information.

Work-related logins are some of the most sought out by cybercriminals, because they could potentially be used to access corporate systems and their data, but even the logins for your personal emails and social media accounts have value. If compromised, they could put you in danger of financial fraud or identity theft, or be used down the road in another scam.

To avoid being scammed, experts say, ignore emails and other messages from people and groups you don't know, and don't open any attachments. They could contain computer viruses. If you're concerned about an email's authenticity, pick up the phone and call the person who supposedly sent it.

Consumers should be particularly careful when it comes to cryptocurrency. Though banks might be able to make you whole in cases of credit card fraud, the same doesn't go for crypto, which is designed to be largely anonymous and untraceable.

Use AV software and keep it (and everything else) updated

Good antivirus software can go a long way toward protecting you, but it needs to be kept updated so it protects you against the latest threats.

That goes for all of your devices, too. Laptops, smartphones and your vast collection of internet-connected devices all need to stay up to date. The easiest way to do this is to enable automatic updates. That way you'll get the latest patches without ever having to think about it.

Don't forget about your router. It's the front door to your home network, so best to make sure it's locked.