October is Cybersecurity Awareness Month, with the theme this year of “Secure Our World.” The Ohio Attorney General’s Office is proud to support this annual awareness effort by promoting four steps to improved security in cyberspace when using smartphones, tablets, computers and other internet-connected devices.
1.
Multifactor authentication (MFA): MFA is already available on many of your online accounts, apps and programs. It adds an extra layer of security by requiring you to verify your identity in addition to entering your password, usually by sending a code to your mobile device via an email or text message. To authenticate your identity, some MFA systems use biometrics such as facial recognition or a fingerprint. Activating MFA on as many accounts as possible can significantly reduce the risk of unauthorized access. To enable it, check the Account Settings, Privacy or a similar option on your accounts.
2.
Passwords: Strong, unique passwords are essential for securing your accounts. Experts recommend using passwords of at least 16 characters – including random combinations of letters, numbers and symbols – and ensuring that you have a unique password for
every account.
To manage multiple passwords, consider using a reputable password manager, which securely stores your passwords and allows you to access them across devices. With a password manager, you need to remember only your master password.
3.
Software updates: Make sure that your online devices have the latest program updates, paying special attention to anti-virus programs and internet browsers. Be on the lookout for notifications about available updates and install those updates as soon as possible. Activating automatic updates whenever offered saves you from having to remember to check for updates.
4.
Phishing: Phishing scams are messages designed to appear to come from a trusted source, such as your bank or credit-card company. Phishing occurs when someone impersonates a legitimate person, business or organization to try to trick victims into revealing private data, typically by luring them to click on a malicious link that leads to a phony website. You can spot phishing attempts by recognizing signs, such as the use of language suggesting that the request is urgent and asking you for financial or other personal information. If a message appears suspicious, don’t click on any links, download any attachments or call any phone numbers included in the request. Report it to the real organization that is being impersonated or to your email provider – and delete the message. If you need to contact an organization to verify a message, contact the organization using information found on its official website or another legitimate source, such as on the back of your bank debit card or on your credit-card statement.
For more information about National Cybersecurity Awareness Month, visit the National Cybersecurity Alliance website at www.staysafeonline.org. For more cybersecurity tips from the Attorney General’s Consumer Protection Section, click here.