National Cybersecurity Awareness Month (NCSAM) is a collaborative initiative between the government and private industry in the  United States and European Union aimed at advocating for secure online practices.

In recognition of the importance of taking daily action to reduce risks in our online and connected interactions, the NCSAM theme for 2024 is Secure Our World. Explore our tips below to discover four ways you can help secure the world and protect your cyber footprint.

1. Recognize and report phishing

Phishing is a type of social engineering attack that manipulates the appearance of web pages, text messages, social media direct messages, and emails to deceive users into believing they’re engaging in a secure, legitimate online interaction with a trusted entity.

Phishing emails typically include links to deceptive websites that convincingly mimic real ones. But phishing sites are crafted with the intent to either install malicious software or collect sensitive personal information. The stolen data might include credit card details, personal identification numbers (PINs), social security numbers, banking information, and passwords. The perpetrator will then use that information to commit identity theft, financial fraud, or other illicit activities.

One of the simplest ways to avoid getting phished is to train yourself, your employees, and your loved ones not to click on links received via email. The safer option is to open a new browser page, type in the URL manually, and compare the name of the website in the address bar to the one you were emailed. You can also report suspicious emails to the Anti-Phishing Working Group (APWG) by forwarding them to reportphishing@apwg.org.

But you don’t have to put the full burden of safeguarding against phishing attempts on the shoulders of individual users. Organizations should also implement Domain-based Message Authentication, Reporting & Conformance (DMARC), an email protocol designed to govern email authentication and reporting that enhances protection against phishing and spoofing.

Once DMARC is activated, organizations have the opportunity to obtain a Verified Mark Certificate (VMC) or Common Mark Certificate (CMC). This certificate empowers you to imprint your brand logo within the sender field of email clients, reassuring recipients that the message has undergone authentication. It's akin to the blue checkmark on social media profiles, offering the additional security advantages of validation and DMARC to fortify defenses against phishing.

2. Using strong passwords and a password manager

A good password is your first line of defense against unauthorized access to your personal computer. The strength of a password directly correlates with the level of protection it offers against malicious software and hackers—and it’s crucial to understand that this security method applies to every single account you access, whether it’s personal or professional.

Keep these tips in mind when creating a password:

• A strong password is a minimum of eight characters long.
• The password shouldn’t contain your real name, username, company name, birthday, or other personal information.
• Never repeat a password—each should be significantly different from the other passwords you use.
• Avoid using complete words unless it’s a hard-to-guess word and you’ve replaced some of the letters with numerals or special characters (@ for a, 3 for B, and so on).
• Incorporate various character types, including upper- and lowercase letters, numerals, and special characters.

Security-savvy individuals and organizations also use a password manager like Keeper or LastPass. These tools can generate lengthy, intricate, and entirely random passwords—and the tool stores the passwords so you don’t have to remember them. The key to successfully using a password manager is to implement two-factor authentication (2FA) and establish an exceptionally robust password for the password manager itself. Without these precautionary measures, a malicious actor who cracks the code could access all your passwords in one fell swoop.

3. Turn on multi-factor authentication

If we could create a single authentication method that was 100% foolproof and impervious to hacking, we wouldn’t need multi-factor authentication (MFA). But MFA offers layers of authentication that serve as an additional safeguard, shoring up potential weaknesses in other layers.

The goal of MFA is to establish a layered defense strategy by incorporating two or more credentials: something you know (like a password), something you possess (like a security token) and something unique to you (like biometric verification).

Using a combination of multiple factors for user authentication significantly increases the difficulty for unauthorized individuals to gain access to computers, mobile devices, physical premises, networks, or databases. In fact, Microsoft reports that multi-factor authentication has been proven to thwart approximately 99.9% of automated attacks.

4. Update software

Software updates play a critical role in safeguarding your system against existing vulnerabilities. Developers frequently release updates to address known weaknesses, so it’s smart to promptly install those updates before potential attackers exploit flaws. You have the option to configure your computers and devices to automatically apply software updates, simplifying the process of keeping your programs current. It's worth noting that updates offered through pop-up ads or emails might actually harbor malware. Enabling automatic updates ensures you won't need to interact with potentially malicious update requests, further minimizing your security risks.

The latest developments in digital trust

Want to learn more about topics like cybersecurity, authentication, and digital trust best practices? Subscribe to the DigiCert blog to ensure you never miss a story.