This October marks the 20th anniversary of National Cybersecurity Awareness Month (NCSAM), a collaborative initiative between the government and private industry in the United States and European Union aimed at advocating for safe and secure online practices.
Over the past two decades, our cyber footprint has evolved rapidly. Devices—and the people who use them—are everywhere, and security and vigilance are paramount. Digital trust, or confidence in the security of our online interactions, is the backbone of the connected world.
The world has changed a lot since 2003, and it will transform even more by 2043. But what won’t change is the need for establishing trust in our digital footprints.
This year’s NCSAM theme centers around four steps that every consumer can take to protect their cyber footprint, including:
1. Enabling multi-factor authentication (MFA)
2. Using strong passwords
3. Keeping software up to date
4. Recognizing and reporting phishing
Explore our tips below to discover how DigiCert supports this year’s theme.
If we could create a single authentication method that was 100% foolproof and impervious to hacking, we wouldn’t need multi-factor authentication. But MFA offers layers of authentication that serve as an additional safeguard, shoring up potential weaknesses in other layers.
The goal of multi-factor authentication (MFA) is to establish a layered defense strategy by incorporating two or more credentials: something you know (like a password), something you possess (like a security token) and something unique to you (like biometric verification).
Using a combination of multiple factors for user authentication significantly increases the difficulty for unauthorized individuals to gain access to computers, mobile devices, physical premises, networks or databases.
In fact, Microsoft reports that multi-factor authentication has been proven to thwart approximately 99.9% of automated attacks. Learn more about MFA at https://www.digicert.com/blog/a-guide-to-multi-factor-authentication.
Passwords serve as the initial defense against unauthorized access to your personal computer. The strength of a password directly correlates with the level of protection it offers against malicious software and hackers— and it’s crucial to understand that this security method applies to every account you access, whether personal or professional.
To create a robust password, it's essential to adhere to specific criteria, including:
1. A strong password should be a minimum of 8 characters in length.
2. It must not contain any personal information, such as your real name, username or company name.
3. It should differ significantly from previous passwords.
4. Avoid using complete words.
5. A strong password should incorporate various character types, including uppercase letters, lowercase letters, numbers and special characters.
Organizations can also consider a password manager such as Keeper or LastPass. These tools have the capability to generate lengthy, intricate and entirely random passwords, all while ensuring you don't have to remember them yourself. The crucial step here is to establish an exceptionally robust password for the password manager itself (and implement two-factor authentication). This precautionary measure ensures that a malicious actor cannot access all your passwords in one swoop.
Learn more about creating strong password policies at https://www.digicert.com/blog/creating-password-policy-best-practices.
Software updates play a critical role in safeguarding your system against existing vulnerabilities. Developers frequently release updates to address known weaknesses, making it advisable to promptly install them before potential attackers exploit these flaws. You have the option to configure your computers and devices to automatically apply software updates, simplifying the process of keeping your programs current.
It's worth noting that updates offered through pop-up ads or emails might actually harbor malware. Enabling automatic updates ensures you won't need to interact with potentially malicious update requests, minimizing security risks.
Phishing is a type of social engineering attack that manipulates the appearance of web pages, text messages, social media direct messages and emails to deceive users into believing they are engaged in a legitimate and secure online interaction with a trusted entity.
Typically, phishing emails include links to these deceptive websites, which convincingly mimic real ones. However, phishing sites are crafted with the intent to either install malicious software or collect sensitive personal information.
This data may encompass credit card details, personal identification numbers (PINs), social security numbers, banking information and passwords. The perpetrator then utilizes this stolen information for identity theft, financial fraud or other illicit activities.
To safeguard against phishing attempts, organizations can implement Domain-based Message Authentication, Reporting & Conformance (DMARC). DMARC is an email protocol designed to govern email authentication and reporting, enhancing protection against phishing and spoofing.
Once DMARC is activated, organizations have the opportunity to obtain a Verified Mark Certificate (VMC). This certificate empowers them to imprint their brand logo within the sender field of email clients, reassuring recipients that the message has undergone authentication. It's akin to the verification status seen on social media profiles, offering the additional security advantages of validation and DMARC to fortify defenses against phishing.
The 20th anniversary of National Cybersecurity Awareness Month (NCSAM) marks two decades of tremendous technological progress. As we celebrate these advancements and delve into this year's NCSAM theme, we encourage you to be mindful of the responsibility to stay vigilant, adapt to emerging threats and prioritize cybersecurity to better foster digital trust.
Learn more about best practices for securing digital trust on the DigiCert blog.