Checklist 394: Cybersecurity Awareness Month 2024

Cybersecurity Awareness Month Highlights: Simple Steps Still Key to Avoid Major Breaches

In honor of the 21st annual Cybersecurity Awareness Month, here are this year’s advice from the U.S. Cybersecurity and Infrastructure Security Agency (CISA). Though the tips may seem familiar, their importance cannot be overstated. CISA’s four primary recommendations to “Secure Our World” are:

1. Recognize and Report Phishing
2. Use Strong Passwords
3. Turn on Multi-Factor Authentication
4. Update Software

Ray noted the simplicity of the advice, which The Checklist has been advocating for years, but emphasized how often major breaches result from neglecting these basic steps. Examples included a recent $32 million cryptocurrency theft caused by phishing (as reported by Cryptonews) and the 23andMe breach linked to credential stuffing due to password reuse. Additionally, the Change Healthcare/United Health data exfiltration that impacted nearly half of the U.S. population was traced to the lack of Multi-Factor Authentication on a key server.

These incidents highlight the catastrophic consequences of overlooking basic cybersecurity hygiene. The podcast urged listeners to prioritize these four steps to protect themselves from data breaches and financial loss.

Sources:  Cryptonews

How to Avoid Phishing Scams: Three Simple Tips from SecureMac’s The Checklist Podcast

Phishing scams continue to pose a significant threat, but in a recent episode of The Checklist podcast, Ken Ray offered three straightforward tips to help users protect their data. Phishing messages, which often appear to be from trusted sources, aim to trick recipients into sharing personal information or downloading malicious software. Here’s how to stay safe:

1. Recognize the Common Signs  
   Phishing messages typically use urgent or emotional language to prompt immediate action. Other red flags include requests for personal or financial information, unexpected attachments, untrusted shortened URLs, mismatched email addresses, and poor writing. However, CISA notes that poor grammar is becoming less common, likely due to AI advancements.
2. Resist and Report
   Use the “report spam” feature for suspicious messages. If the phishing attempt impersonates a trusted organization, contact that entity directly using contact information found on their official website.
3. Delete
   Don’t reply or click any links or attachments, including unsubscribe buttons, as these could be phishing traps. It’s best to delete the message entirely.

CISA emphasizes that if a message feels suspicious, it’s probably a phishing attempt. Even if the message seems legitimate, avoid interacting with it directly. Instead, visit the official website of the company or contact the individual via a known phone number to verify the message.

These simple actions can prevent falling victim to phishing scams, safeguarding your personal data and devices from compromise.

Source: CISA Secure Our World Phishing Tip Sheet

Strengthen Passwords to Protect Your Accounts: Three Simple Tips from CISA

Weak passwords remain one of the most common ways cybercriminals gain access to accounts, but following a few simple guidelines can greatly enhance security. In a recent episode of The Checklist podcast, Ken Ray shared three password-strengthening tips recommended by the Cybersecurity and Infrastructure Security Agency (CISA) to help users safeguard their data.

1. Make Passwords Long
   CISA recommends using passwords with at least 16 characters. The longer the password, the stronger the protection.
2. Make Passwords Random
   Opt for either a completely random string of letters (upper and lowercase), numbers, and symbols for maximum security or a memorable passphrase of 5-7 unrelated words. Creative spelling can further increase strength.
3. Make Passwords Unique 
   Never reuse passwords. Every account should have its own unique password to minimize the risk of compromise across multiple platforms.

Password Manager  

Perhaps surprisingly, CISA suggests using a password manager to handle the task of creating, storing, and autofilling strong passwords. By using a password manager, users only need to remember one master password, with the manager taking care of the rest. CISA recommends checking trusted sources like Consumer Reports for top-rated password managers.

Alternatively, Apple has introduced its own password manager, called “Passwords,” in iOS 18, iPadOS 18, and other OS updates. For those who already trust Apple’s ecosystem, this can be a convenient, cost-free option.

By choosing strong, random, and unique passwords, users make it much harder for attackers to steal data, money, or identities.

Source: CISA Secure Our World Passwords Tip Sheet

Update Software Promptly to Avoid Security Risks

Ken Ray emphasized the importance of installing software updates promptly to protect devices from cyber threats. Ignoring or delaying updates leaves security vulnerabilities open for online criminals to exploit. Ray shared tips from the Cybersecurity and Infrastructure Security Agency (CISA) on how to keep devices safe by staying on top of updates.

1. Turn on Automatic Updates  
   To ensure software stays current, users should enable automatic updates. This setting can usually be found in the device’s Software or Security section, or by searching for “automatic updates.”
2. Watch for Notifications
   Not all updates can happen automatically. When notified about updates, especially for mobile phones, tablets, laptops, web browsers, or antivirus software, it’s critical to install them as soon as possible.
3. Install Updates Immediately  
   Delaying updates gives cybercriminals a chance to exploit security weaknesses that could expose sensitive personal information. Software providers release updates to patch these vulvnerabilities, so installing them promptly is essential for protection.

Beyond security, updates can also fix bugs, improve performance, and add new features.

Source: CISA Secure Our World Software Updates Tip Sheet

Spread Cybersecurity Awareness: Protect Everyone’s Information

Ken Ray delivers an important call to action: Share cybersecurity best practices with your loved ones. Many people mistakenly believe their personal information isn’t valuable, but cybercriminals are targeting everyone’s data. Ray highlighted several high-profile breaches—such as a $32M crypto loss from a phishing scam and the DNA-related data exposure from 23andMe—to stress the importance of taking simple security steps.

The key takeaway? You can’t assume the people in your life know how to protect themselves online. Steps like avoiding phishing, using strong passwords, enabling multi-factor authentication (MFA), and keeping software up to date are crucial for everyone.

Ray urged listeners to share this information widely, even if people don’t seem grateful right away. With breaches becoming more common, spreading awareness is more critical than ever.

For those wanting to reinforce these lessons, the Cybersecurity and Infrastructure Security Agency (CISA) offers resources such as posters, games, and PDFs designed to help people stay safe online. Visit https://www.cisa.gov and click on the Cybersecurity Awareness Month section for more tools to “Secure Our World.”

Source: CISA