Cyber Security Month week 1: Are you practising basic cyber security hygiene?

October 1^st marks the beginning of European Cyber Security Month (ECSM) and its sister campaign National Cyber Security Awareness Month (NCSAM) in the USA.

The awareness campaigns aim to promote the importance of good cyber security practices in a modern world where we’re online 24/7. With our phones filled with social media channels and online messaging services glued to our hands, our office jobs reliant on the internet and even smart home features like connected thermostats: we’re always exposed to the internet, and that means we’re always exposed to cyber-threats.

CyberSecMonth is broken up into four different themes, one for each week of the campaign. The first is pretty straightforward: are you practising basic cyber security hygiene?

There are a huge number of ways in which you can improve your online safety and security. The hard part is knowing where to start. Here are our tips on protecting yourself that will primarily cover your personal cyber security, but that should definitely be applied in business, too.

Use strong passwords

A strong password (or rather, multiple strong passwords) is one of the most crucial tenants of cyber security, yet there’s evidence that the majority of people’s passwords simply aren’t up to scratch.

I was surprised to learn that over half of digital natives – those aged between 18-25 that fall into either the millennial or Gen Z generation – reuse passwords. Can we really call ourselves digital natives if we’re falling at the first hurdle?

Reusing passwords is like giving cyber criminals the key to all, or at least some, of your online accounts. With the sheer volume of data breaches involving login credentials that have occurred in the last few years, chances are your reused password is in the hands of a hacker. And if you use the same email address or username (which, let’s be honest, is more logical), it’s game over.

It’s not just password reuse that’s a problem. Recommended password advice is severely outdated; how many of your online logins require you to add capital letters, numbers and sometimes even punctuation into your passwords to make them “strong”? I’d guess that the majority do, much to the ire of users…

Sorry, but your password must contain an uppercase letter, a number, a haiku, a gang sign, a hieroglyph, and the blood of a virgin.

— Captain Morgan (@MorganJ7) December 27, 2012

What this outdated advice fails to take into account is the proliferation of password crackers that know all of your little quirks. Do you replace As with 4s and add an exclamation point to the end of your password? I hate to break it to you, but that’s not secure. True password security comes not from complexity, which research suggests makes them more insecure as they’re harder to remember and therefore get written down, but from length. A 20-character password with only lowercase letters will protect you far better than an 8-letter password with complex characters. You can read more in our security expert Grant’s blog.

Employ 2-factor authentication (2FA)

In addition to sloppy password practices, I was amazed to hear that the majority of Gmail users haven’t set up 2FA on their accounts.

2-factor authentication adds another level of security to your most important accounts – think those with personal information and contacts like Facebook, or accounts with financial information like your Amazon account – to prevent hackers, who may have access to your credentials, from logging in.

A second passcode is generated and can be texted to you, or you can use a verification app like GAuth that is attached to your account and will auto-generate a new passcode every 30 seconds.

2FA will be available on your most valuable accounts like social media, email and most accounts that hold your financial information. This means a hacker won’t be able to get in and cause you reputational damage or use your credit card to make purchases.

You should be able to set up 2-factor authentication in the account, settings or security sections of your accounts. We strongly recommend you take this additional step to protect your information – and it never takes more than a few minutes, so there’s really no excuse not to.

Keep your software and apps updated

If you’re anything like me, you’ve got a ton of apps on your phone, most of which will harass you to update them regularly. Sometimes it can feel like apps require an update just for the sake of it, but you should always heed the notifications.

App developers are constantly updating their software to keep out the latest cyber security threats. In this day and age, software can become outdated at the drop of the hat. Hackers are always finding holes in software, so developers are constantly putting plugs in those holes to make sure you don’t fall victim.

In addition to keeping your devices and data secure, you’ll also get bug fixes and access to new and innovative features immediately. So, with all of this in mind, why wouldn’t you update your apps as soon as possible?

Stay tuned

We’ll be blogging each week in CyberSecMonth on the themes for 2018. Look out for next week’s blog on digital education and how you can educate your staff on essential cyber security practices.