This year marks the sixteenth annual observance of National Cyber Security Awareness Month. The commemoration, which is sponsored by the National Cyber Security Alliance and the Cybersecurity and Infrastructure Agency, promotes the idea that protecting data is a shared responsibility. It isn’t something only the trained experts can do successfully without our help. Instead, protecting data is a shared effort, one which requires everyone’s cooperation and thoughtful participation.
This year’s tagline is “Own IT. Secure IT. Protect IT.” Each of us shares one Internet, so the actions we take and the risks we incur potentially impact all of us. To “Own IT” means that we use the services of the Internet responsibly: we think before we click, we limit the apps we use to a trusted few, and we update our privacy settings on social media and our devices to ensure we aren’t sharing more than we really want to share. To “Secure IT” means that we update our passwords, use a different password on every site, avoid clicking on links in emails, and employ two-factor authentication when it is available, so that we don’t rely on passwords alone to protect us. To “Protect IT” means avoiding using open Wi-Fi, using VPNs to encrypt our data whenever possible, and treating the data others entrust to us respectfully and with an eye toward guarding it as stringently as we protect our own information.
The systems Computer Scientists and other cybersecurity experts build for us can provide only so much protection. That is the surprising and rather disappointing reality cybersecurity experts face. Because the Internet serves human beings with all their foibles and imperfections, whether data systems are kept secure fundamentally depends on the care and competence of the humans who access that data. Cybersecurity professionals design the systems and incorporate technical controls into them that aim to keep us safe, but those controls aren’t foolproof. It is up to us to help such systems and controls function effectively by obeying best practices for using and sharing data and systems and vigilantly watching against attempts to compromise them.
Indeed, the National Cyber Security Awareness Month is one for us to define. Let us commit this month to forming habits that keep us – and by extension – everyone – safer online. Habits are practices we do without thinking. While bad habits slowly weaken and endanger us, good habits – even small good habits – can yield compounding improvement. Imagine if everyone committed some time this month to adopting just one new positive habit related to our computer usage. Taken together, those small steps would create a much more difficult landscape for hackers to navigate, and a much safer online environment for all of us.
Consider adopting one of these habits during the month of October.
- When you see a link in an email, hover over it without clicking it. Click on it if and only if it is an address you are sure you recognize. When in doubt, resist the urge to click.
- Remove personal information from your social media profiles, including your birth date and year. If you give away too much information about yourself, hackers can piece together an alarmingly clear picture of you. Nothing good can possibly come of that. So, remove all traces of personal information from your profile.
- Don’t tag places you’ve been. No one needs to know the places you frequent, because that tells them both where you live and what you like.
- Make sure every password you use for the various sites you visit is different and sufficiently unpredictable. This website can help you craft strong passwords.
- Use a password manager like LastPass to make it easier to use a different and hard-to-guess password for every site.
- Use two-factor authentication like Duo on sites where it is available. Two-factor authentication combines something you know (like your password) with something you have (like your phone) to provide extra assurance that you are actually the person logging into a site and not someone simply pretending to be you.
- Lock your computer before you walk away from it. To lock a Windows computer, for example, just press the Windows Key + L.
- When you store passwords or other secret information in a file or application, encrypt or encode it. For example, Evernote, a popular note-taking tool, enables you to right-click on a selection and choose “Encrypt”. Even if such a feature isn’t available, come up with some standard way to encode sensitive data that you can readily figure out but others could not.
- Don’t use open Wi-Fi. Instead of using open Wi-Fi at a coffee shop, for example, use your phone as a mobile hotspot, or use a VPN such as NordVPN to protect your communications in a layer of encryption.
Adopting just one or two of these practices so thoroughly over the course of the next month that they become good long-term habits you follow instinctively can help keep you much safer online. And that means the rest of us will be much safer as a result.