What is cybersecurity awareness? and why is there a whole month dedicated to it? Well, it’s all about individuals and organisations raising awareness through the creation of content, discussions, debates, training and more. In 2004, the United States were the first to declare October as ‘Cyber Security Awareness Month,’ and since then plenty of other countries have followed suit and provided cyber professionals and enthusiasts with an important educational platform. For now, we’re going to let you in on some tips and insights which will boost your own cybersecurity awareness: What is cybersecurity, and why is it important? When we say cyber, we basically mean computers. To some, it may be obvious why cybersecurity is important. If we understand that to stay safe at night we need to introduce physical security measures in our homes, it makes sense that to stay safe and secure in cyberspace (on our computers and online accounts) we need to introduce cyber security measures. For years, in all sorts of organisations around the world, there’s been a dangerous yet understandable neglect when it comes to investing in cybersecurity. Dangerous because it can lead to reputational damage, financial loss, prosecution and public harm. Understandable because cybersecurity is a relatively modern concern, particularly among smaller organisations, and to this day even experts are learning some hard lessons. Over the last year or so, 39% of UK businesses identified a cyber attack ( DCMS, 2022). The most common type of cyber attack was phishing. And if you think that phishing, malware and other attacks affect businesses only once in a blue moon, think again. Of the percentage of businesses reporting cyber attacks, 31% said they were attacked at least once a week. What you can do As an individual, you might not think there’s much you can do to help yourself and your employer. But one thing that’s been demonstrated consistently over the years is that people – beginners and experts alike – are the main cause of successful cyber attacks. However, individuals themselves cannot and should not shoulder all of the blame for what is a broader issue in many organisations: a lack of investment in cybersecurity implementation, training and leadership. Luckily, though, there are signs of improvement: Around four in five (82%) of boards or senior management within UK businesses rate cyber security as a ‘very high’ or ‘fairly high’ priority, an increase on 77% in 2021. By identifying how you can improve your own cybersecurity practices and understanding, you can make a real difference – maybe the difference between avoiding a cyber attack and falling victim to one. Here are five things you can do right now to better protect yourself and your organisation. Don’t click on links in emails …Unless you’re sure you can trust the sender and the email. Common indicators of phishing include spoofed domains in the sender’s address (focebook.com, googie.com), a sense of urgency and poor grammar e.g. ‘Click hear now to confirm you’re bank accounts details!’. If in doubt, delete! Or at the very least, flag the email as suspicious and report it to your IT department in a safe manner, such as showing them visually (not by simply forwarding the email). Use a password manager There are many password managers, and every person has their preference due to licensing, compatibility, ease of use, features and cost. However, most popular password managers offer free accounts to individuals, and these are great for testing the waters and becoming more familiar with password management as a concept. Some examples include LastPass, Bitwarden and KeePassXC. Just make sure you seek approval before installing password management software on a work device or creating an online account. And that leads us nicely to the next recommendation… Use only trusted software, and keep it updated Whether it’s a password manager, email client or project management app, ensure you only install software that’s been approved. This will most likely involve your IT department reviewing the trustworthiness and potential risks associated with the software. It can be inconvenient to seek this approval; you may just really need that one tool to carry out that one quick task – but never chance it. It’s precisely what attackers are counting on you doing! With your devices running only trusted software, keep it all up to date. Usually this will be handled automatically in the background. But it’s always a good idea to perform manual checks between updates. You can usually do this by clicking ‘Check for updates’ inside the app. Never reuse passwords With password managers making it easy to generate and store many unique passwords, there’s really no excuse for reusing one. The beauty of a password manager is in the way you can leave the difficulty of remembering potentially thousands of long, strong and random passwords entirely up to the password manager itself (Computers are really good at remembering extremely complex things. Humans, not so much…). All you have to do is ensure you have one strong and memorable password/passphrase which will secure all of the other passwords in the password manager. Your master password will be your ‘key to the kingdom’. However, you can and should take things one step further to secure your password managers – and any other accounts where this feature is available… Enable multi-factor authentication (MFA) Today, it’s not enough for us to just create a password for an account and then forget about it. Many attackers are incredibly resourceful when it comes to cracking passwords or finding ways around them, especially if they’ve shown up in data breaches. Multi-factor authentication (MFA), also known as two-factor authentication (2FA), makes it significantly more difficult for these attackers to gain access to our accounts. Without diving too deep into how it all works, the most common type of MFA which will be available to you – and the one I’d recommend for most users – is the time-based one-time password (TOTP). Once you’ve linked an MFA app such as Google Authenticator or Microsoft Authenticator to your account, after entering your password, you’ll be required to enter the unique six-digit code displayed in the app. What makes a good password? One of the great questions in life! You probably already know that a good password is a strong one. But wait… How do we make our passwords stronger? This is a debatable subject, but most cybersecurity and information theory experts will agree that the key to a password’s strength lies in its length as well as its level of entropy (randomness). Take a look at the comic below. Don’t worry if you don’t understand everything mentioned. It’s just a satirical take on the benefits of using the ‘diceware’ method to generate strong, truly random passphrases. In the next section, you’ll get to try this for yourself.
How to create your own diceware passphrase
If you’re ready to create a truly strong and random passphrase to use for your password manager?
• a single dice • a diceware word list • a pen and paper.
Roll the dice and write down the number. Do this five times, so that you end up with a random five-digit number, for example, 36634.
Look for this number in the long word list provided. For example, 36634 is “marine”. This would be the first word in your passphrase.
Repeat these steps so that you end up with at least four words, which will make up your complete passphrase. Below are a few complete four-word examples. Note that computers interpret a space as a character, so they can also be included in passphrases to make them that little bit stronger.
• unchanged console sinister kennel • starry remnant maggot sterling • childhood unfunded scorebook snowy
Once you’ve memorised your own passphrase, ensure you securely dispose of the piece of paper so that no one else can read the words or numbers.
If you’d like to learn more about how diceware passphrases work, check out this video explainer: ‘Why Diceware is Best for Strong Passwords’.