Author: Jeslyn Guo

As October rolls around, it’s once again time for National Cybersecurity Awareness Month. In 2021, we celebrate the eighteenth year that this national campaign has been run in an effort to increase awareness about the importance of cybersecurity. The Cybersecurity and Infrastructure Security Agency (CISA) and National Cyber Security Alliance (NCSA) work in collaboration to ensure that people have adequate resources to be safe and interact securely online.

Created by the NCSA and US Department of Homeland Security in 2004, cybersecurity awareness month has undergone rapid expansions and evolutions as technology and online interactions increase. The theme for this year is ‘Do your part. #BeCyberSmart’, aiming to empower individuals and organizations to be conscious of their role in protecting our cyberspace. The idea of this theme is that in spreading awareness about cybersecurity, we can ensure that everyone does their part to protect the interconnectedness of our nation. Through secure online engagement and educating those in our communities, each individual can contribute to a safer cyberspace. From students to employees to large companies, strong cybersecurity practices truly apply to all.

The CISA and NCSA have outlined four main topics of focus for this month, with one focus per week. They are as follows:

  • Week 1: Be Cyber Smart
  • Week 2: Phight the Phish!
  • Week 3: Explore, Experience, Share
  • Week 4: Cybersecurity First

In this article, we will focus on the goals highlighted in Week 1 and Week 2. Week 1 focuses on the general message of this month, which is interconnectedness and general practices for maintaining online safety. By creating strong passwords, using multi-factor authentication, regularly updating software, and much more, we can exponentially increase online safety.

Social media is a place where we often see these practices intersect with each other. It is essential to create strong passwords (the more variety in characters, the better!) to all accounts. By enabling multi-factor authentication, in which a user must provide two or more instances of identity verification to gain access to an account or resource, an extra layer of security is added. Despite having strong passwords, this single level of defense is not foolproof. It is not a 100% guarantee that your account will be secured since passwords can be stolen or guessed. By using multi-factor authentication, each level makes it exponentially harder for a hacker to gain access to your information.

Week 2 is about the increasing gravity of phishing attacks. Especially since the beginning of the COVID-19 pandemic, these types of attacks have grown rapidly. Phishing accounts for almost 80% of security incidents today, and can take the form of spam emails, text messages, or suspicious links. Here are some tips on how to phight the phish!

  • When in doubt, never open an email from an organization or individual you do not know. If the address is unfamiliar, proceed with caution when opening the message and pay careful attention not to click suspicious links or attachments.
  • If the email is poorly written, has frequent spelling errors, or generally instills a sense of urgency through a request, it is likely a fraudulent email.

These malicious links will lead to websites that steal login credentials, credit card information, or other sensitive personal data. Downloading attachments can unknowingly install viruses or malware on your device, allowing a hacker access to data on your computer.

This month, as you interact with interfaces online, it is a great time to take advantage of the multitude of resources available about cybersecurity and make note of your online practices. Perhaps this means enabling multi-factor authentication on social media platforms, or perhaps this means changing a weak password you created several years ago and still use today. If you are curious about more ways to protect our cyberspace, feel free to check out our other learning resources or  blog posts where we go in greater depth about cybersecurity.