By Kent Yang | Observer Staff Writer
Last month marked the 20th anniversary of Cybersecurity Awareness Month. This campaign was created in 2004 by the Department of Homeland Security and the National Cybersecurity Alliance to ensure every American has the resources needed to stay safe and secure online. This year, the focus of Cybersecurity Awareness Month was on four critical cybersecurity practices.
The first of these practices includes enabling Multi-Factor Authentication (MFA), a tool which adds another layer of protection to your account by requiring a security token or code to verify your login. This token is usually sent via text, email, or through an app like Google authentication, depending on the user’s selection or preference at the time of setting the MFA up.
The second practice is using strong, varied passwords. A good rule of thumb for passwords is to use uppercase, lowercase letters, numbers, and symbols. Password length should be at least 12 characters. Avoid using common phrases and words in your password. A reliable password manager is essential. Consider reputable password managers such as LastPass, 1Password, and NordPass.
The third practice is keeping your software up to date. Keep your device and software up to date to prevent zero-day attacks and vulnerabilities.
Lastly, the fourth practice is recognizing and reporting phishing. To recognize phishing, check the sender’s email address and ensure the domain or what is between the emailname@____.xxx is spelled correctly. Beware of the use of urgent language as phishers may try to invoke fear and urgency to trick users into clicking on their links. Avoid clicking on links and downloading attachments in emails unless you’re absolutely sure it’s legitimate. You can hover on a link to see where they will really lead to before clicking. Check for misspellings and grammatical errors. Do not send sensitive information such as passwords, credit card numbers, or social security numbers through email.
While most email providers have the option to report spam and phishing or to block and report senders, there are other channels that deal with phishing, too. Refer to your organization on reporting procedures. For MWCC students and staff, if you’ve received a suspicious email and are not sure if it’s legitimate, do not click on any attachments. Instead, report the email to the MWCC IT Help Desk at helpdesk@mwcc.edu by using the forward function or call 866-520-7129 (option 1). If you’ve already clicked on the attachments, please change your account password immediately and report the incident to the MWCC IT Help Desk as soon as possible. They are available 24/7.
Comments are closed.