Posted by Tom Paul on Oct 27, 2023
October is cybersecurity month. More than ever, we depend on our technology to help us achieve our goals. This dependence makes us the targets of cybercriminals who steal our information for profit or to cause chaos.
Think you're not the target of cybercriminals? Think again! Cybercriminals may not target you specifically, but we are all vulnerable to scams that exploit weak security, confusion, and complacency.
 
Did you know many organizations are moving away from traditional passwords and 2-step authentication? Called "passkeys", the next generation of authentication is more straightforward and secure. Before we talk about passkeys, let's look at things you should do today to protect yourself. Read below about some things you can do today to fight against cybercriminals.
 

Multi-factor Authentication

If you only do one thing today to protect yourself, enable multi-factor authentication on all your applications. Sometimes known as 2-factor authentication, it is a process that confirms you are the legitimate person trying to access an application. When you log into a website or app, you are asked to authenticate yourself by entering a one-time code or by confirming your identity from another device that already knows you.

Even if your username and password were stolen, multi-factor authentication will add an additional layer of security. You should enable multi-factor authentication on everything that lets you. At the very least, you should enable it on:

  • banking
  • email
  • social media

Learn more about multi-factor authentication here.

Strong Password

You should have a different strong password for every login you have. Yes, we mean every login. The reasons are obvious. If a hacker finds the password you use for everything, they can quickly access everything. Did you know that many applications and websites (including banks) are the victims of hackers who steal usernames, passwords, and more? There is a high chance your information is available on the dark web. If you use the same username/email and password for many applications, you are placing yourself at risk.
 
What is a strong password?
  • 8+ charters (longer the better)
  • includes lowercase, uppercase, numbers, and symbols
  • never use personal information (Thoma$)
  • change it regularly

Too many passwords? Many legitimate and safe apps help you create, store, and input passwords. Some premium apps have other features, including monitoring the dark web for your information.

Learn more about Password Manager Apps here.

We are not joking about being on the dark web. A member completed a scan of the dark web for personal information. Here are only some examples out there right now on that member:

  • May 2023 - online sunglasses store - name, email, phone number, home address
  • Oct 2021 - LinkedIn hack - name, phone number, email address, gender
  • Jan 2020 - Facebook hack - name, phone number
  • Oct 2016 - LinkedIn hack - email, password

The Future of Password - Passkeys

Strong passwords and multi-factor authentication are effective but can be tedious and complex for users. The future is passkeys, and they are coming soon! Learn more here: 
 
 
 

Update Software

This seems simple, and it is. Keep your devices up-to-date with the latest security updates. Turn on automatic updates if you can. Every device has vulnerabilities. When they are found, they need to be patched before hackers can take advantage. 

Learn more about updating software here.

Phishing

Phishing is when cybercriminals send fake emails that lure you into clicking on dangerous links. Following these links could expose your device to malware or fake websites that appear legitimate.

Be suspicious of every email and text message that seems odd.

  • content too good to be true
  • written in a way that seems uncharacteristic for the sender
  • ambiguous greetings
  • unrecognized sender address (rotaryhalifaxharbour@OddDomain...)

Be suspicious. Some emails look very authentic.

DO NOT REPLY OR CLICK ON LINKS ON SUSPICIOUS EMAILS. Reach out to the sender using other methods, like a phone call. Report or delete it using your email provider if it is not legitimate.

Here are some examples of spam text and emails.