2023 Cybersecurity Awareness Campaign
From left to right: Jason Strohbehn, Drew Dilly, Anna Jacknitsky, Kirsten Anderson, Governor Mark Gordon, Aaron Roberts, Jonathan Ojeda, Seth Ulvestad, and Eddie Hunter.
October 18, 2023 - Governor Gordon Recognizes National Cybersecurity Awareness Month with a proclamation signing at the Wyoming State Capitol Building in Cheyenne.
With unwavering commitment, the governor emphasizes the need for heightened awareness and vigilance in the face of evolving cyber threats. This proclamation is a beacon, illuminating the path toward a safer online world.
From mobile to connected home devices, technology is deeply intertwined with our lives. And while the evolution of technology accelerates, cybercriminals are working just as hard to find ways to compromise technology and disrupt personal and business life.
For 20 Octobers and counting, Cybersecurity Awareness Month aims to highlight some of the emerging challenges that exist in the world of cybersecurity today and provide straightforward actionable guidance that anyone can follow to create a safe and secure digital world for themselves and their loved ones.
Starting this year, the new theme of Cybersecurity Awareness Month is Secure Our World, with the main messaging revolving around four key cybersecurity best practices:
Understanding the benefits of using a password manager and dispelling existing myths around password manager security and ease of use.
Turning on multifactor authentication on personal devices and business networks.
Recognizing and reporting phishing – still one of the primary threat actions used by cybercriminals today.
Installing updates on a regular basis and turning on automated updates.
Cybersecurity Awareness Month continues to build momentum and impact with the goal of providing everyone with the information they need to stay safer and more secure online. ETS is proud to support this far-reaching online safety awareness and education initiative which is co-managed by the Cybersecurity and Infrastructure Security Agency and the National Cybersecurity Alliance.
For more information about Cybersecurity Awareness Month 2023 and how to participate in a wide variety of activities, visit cisa.gov/cybersecurity-awareness-month and staysafeonline.org/cybersecurity-awareness-month/. You can also follow and use the hashtag #CybersecurityAwarenessMonth and #SecureOurWorld on social media throughout the month.
Cybercriminals like to go phishing, but you don’t have to take the bait.
Phishing is when criminals use fake emails, social media posts or direct messages with the goal of luring you to click on a bad link or download a malicious attachment.
If you click on a phishing link or file, you can hand over your personal information to the cybercriminals. A phishing scheme can also install malware onto your device.
No need to fear your inbox, though. Fortunately, it’s easy to avoid a scam email, but only once you know what to look for. With some knowledge, you can outsmart the phishers every day.
See it so you don’t click it.
The signs can be subtle, but once you recognize a phishing attempt you can avoid falling for it. Before clicking any links or downloading attachments, take a few seconds (like literally 4 seconds) and ensure the email looks legit. Here are some quick tips on how to clearly spot a phishing email:
Does it contain an offer that’s too good to be true?
Does it include language that’s urgent, alarming, or threatening?
Is it poorly crafted writing riddled with misspellings and bad grammar?
Is the greeting ambiguous or very generic?
Does it include requests to send personal information?
Does it stress an urgency to click on an unfamiliar hyperlinks or attachment?
Is it a strange or abrupt business request?
Does the sender’s e-mail address match the company it’s coming from? Look for little misspellings like pavpal.com or anazon.com.
Uh oh! I see a phishing email. What do I do?
Don’t worry, you’ve already done the hard part, which is recognizing that an email is fake and part of a criminal’s phishing expedition. If you’re at the office and the email came to your work email address, report it to your IT manager or security officer as quickly as possible.
If the email came to your personal email address, don’t do what it says. Do not click on any links – even the unsubscribe link – or reply back to the email. Just use that delete button.
Remember, DON’T CLICK ON LINKS, JUST DELETE.
You can take your protection a step further and block the sending address from your email program. Here’s how to…
Some email platforms let you report phishing attempts. If you suspect an email is phishing for your information, it’s best to report it quickly. If the phishing message came to your work email, let your IT department know about the situation ASAP.
Here’s how to:
You can report a phishing attempt to the Federal Trade Commission here.
One of the easiest ways to boost your cybersecurity is to always keep software and apps updated.
Every day, software and app developers focus on keeping their users and products secure.
They’re constantly looking for clues that hackers are trying to break into their systems, or they are searching for holes where cybercriminals could sneak in, even if they’ve never been breached before.
To fix these issues and improve security for everyone who uses their services, upstanding software companies release regular updates.
If you install the latest updates for devices, software, and apps, not only are you getting the best security available, but you also ensure that you get access to the latest features and upgrades. However, you can only benefit if you update! Don’t fret, updating software is easy, and you can even make it automatic.
Here are four easy-to-remember tips to keep in mind when it comes to updates:
1. Automatic updates make your life easier
You don’t have to check your Settings tab every morning – you can usually set up automatic updates so that updates are downloaded and installed as soon as they are available from the device, software, or app creator.
Note that you might have to restart your device for the updates to fully install. It is best to do this right away, but you can often schedule this to happen during times when you aren’t using your device, like the middle of the night.
Plenty of us stay lazy and secure – although you probably should check your software update settings every so often (quarterly is good) to ensure everything is set to your liking!
2. Get updates from the source
Before downloading anything, especially software and app updates, be sure you know the source.
Only download software to your computer from verified sources, and only download apps from your device’s official app store.
The device, software, or app developer itself should be sending you updates, not anyone else. And remember, pirated, hacked, or unlicensed software can often spread malware, viruses, or other cybersecurity nightmares to your network.
Ruining your computer, phone, tablet, or other device isn’t worth it!
3. Don't fall for fakes!
On the web, you’ve probably come across suspicious pop-up windows that urgently demand you download a software update.
These are especially common on shady websites or if there is malware already on your machine. These are always fake – they are attempts at phishing.
Don’t click any buttons on these pop-ups and close your browser. Many web browsers will warn you if you are attempting to visit an unsecure web address or one that could contain malware.
Heed these warnings and don’t take the bait!
4. Make it a habit
Even if you don’t have automatic software updates turned on, make updating your device, software, and apps a regular habit. Oftentimes, you will be notified that updates are available. Even if it is a pain to close out of your programs and restart your device, it is worth it to do this right away, especially if the update patches an urgent security flaw.
You should check your app and device settings on a regular basis, and you should check monthly if you don’t have automatic updates turned on (although weekly is better).
Remember that updates are part of our digital lifecycle, and if you embrace them, you’ll have more peace of mind, the latest security, and the best new features!
Update your devices and software with these direct links:
Creating, storing and remembering passwords can be a pain for all of us online, but the truth is that passwords are your first line of defense against cybercriminals and data breaches.
Also, it has never been easier to maintain your passwords with free, simple-to-use password managers.
With a few moments of forethought today, you can stay safe online for years to come.
Long, Unique, Complex
No matter what accounts they protect, all passwords should be created with these three guiding principles in mind:
Every one of your passwords should be at least 12 characters long.
Each account needs to be protected with its own unique password. Never reuse passwords. This way, if one of your accounts is compromised, your other accounts remain secured. We’re talking really unique, not just changing one character or adding a “2” at the end – to really trick hackers, none of your passwords should look alike.
Each unique password should be a combination of uppercase letters, lower case letters, numbers and special characters (like >,!?). Again, remember each password should be at least 12 characters long. Some websites and apps will even let you include spaces.
How often do I change my password?
If your password is long, unique and complex, our recommendation is that you don’t need to ever change it unless you become aware that an unauthorized person is accessing that account, or the password was compromised in a data breach.
This recommendation is backed up by the latest guidance from the National Institute of Standards and Technology.
For many years, cybersecurity experts told us to change our passwords every few months. However, this constant change isn’t helpful if your passwords are each long, unique and complex.
In fact, if you change your passwords often, you risk reusing old passwords or falling into bad habits of creating similar or weak passwords
But remembering all my passwords is so hard!
You probably have a lot of online accounts. And because all your passwords should be unique, that means you have a lot of passwords. But the fact remains that using long, unique and complex passwords remains the best way to keep all of your digital accounts safe. There are many free and easy-to-use tools out today that makes managing your library of unique passwords a snap.
Today, the truth is that you don’t have to remember your passwords. If you use the latest tools, you don’t need to rack your brain at every login screen. You just need to remember the one password that unlocks your password manager vault.
Don't take a pass on password managers
As our lives expand while we do more online, we’ve gone from having just a couple of passwords to today, where we might manage upwards of 100 or more. If you’re like most people, you’re probably using the same password for most of your accounts—and that’s not safe. If your one password gets stolen because of a breach, it can be used it to gain access to all your accounts and your sensitive information. But no need to fret, password managers are easy to use and make a big difference.
We’ve all probably used one password to secure multiple, maybe even all, of our digital accounts. But that’s not safe, and it becomes even more unsafe as time goes on. If your one password gets stolen because of a breach, it becomes a skeleton key for your whole cyber life. This compromised password can be used it to gain access to all your accounts and your sensitive information.
Here’s where password managers really shine. Password managers are pieces of software that often take the form of apps, browser plugins or they might be included automatically in your browser or computer operating system. With a few clicks, you can generate new, secure passwords that are long, unique and complex. These passwords managers automatically store your passwords and can autofill them when you arrive at the site.
You can fill in all your passwords at once, or just add a few passwords for your key accounts (email, banking and social media, for example) and add more over time.
Many times, when you log into a site, your password manager will ask if you want to store the password – click yes, and, boom, another account is secured. And to keep your password manager extra safe, secure it with multi-factor authentication (MFA).
It's safe to ditch the notebook
A password manager is like a combined security guard and butler who tags along as you surf the web, safely carrying your passwords like a ring of keys.
A password manager is best the way to create and maintain strong passwords for the every increasing number of online accounts we log into. These programs store your usernames and passwords in a secure, encrypted database. When you need a new password, you can get a hyperstrong suggestion that is automatically stored in the password manager.
A password manager frees you from keeping a confusing notebook of passwords in a drawer, or a messy sticky note with all of your most important passwords stuck on your computer. Now you only need to remember the single password that unlocks your password manager vault.
Password manager advantages
Password managers not only let you manage hundreds of unique passwords for your online accounts, but some of the services also offer other advantages:
Works across all your devices and operating systems
Protects your identity
Notify you of potential phishing websites
Alerts you when a password has potentially become compromised
Understanding password managers
Even though password managers are the best way to keep your information safe, many people are afraid that storing all their passwords in one place means they are at risk if a hacker breaches your vault.
Password managers today are safer than ever before, and they are much safer than using a physical notebook, storing passwords in a Notes app or reusing passwords that are easy to remember.
Compare your options and look for a quality password management system – you have a lot of choices! Here is why a password manager is the best for keeping your passwords safe:
Quality password managers encrypt all of the passwords stored on them, no matter whether the passwords are stored on your device or on the company’s servers. This means that your passwords would be basically impossible to decode if a hacker tried to breach your password manager. The only access to your passwords on a password manager is with a password only you know.
2. Multi-Factor Authentication
Because your password vault on a password manager is so valuable, the best password managers require multi-factor authentication for you to log in. This means that anyone trying to view your passwords from unfamiliar device will need to log in multiple ways. This can include a facial ID, fingerprint scan, inputting a code you get in an SMS text message or approving the log-in attempt on a separate app. This builds another wall around your passwords, so you know they are kept extra-secure.
3. Zero Knowledge
As the name suggests, zero knowledge means a password manager does not know what your password is – the company does not store the keys needed to decrypt the main password that unlocks your vault. This means that your main password is never kept on the system’s servers. You are the only one who knows it, so you should make it strong and protect it with MFA.
Wouldn’t it be nice if you could protect your password with another password? Multi-factor authentication gives you this power – think of it like placing your house keys in a safety deposit box that can only be opened by a facial scan. In some cases, this metaphor isn’t far off from reality.
What is Multi-Factor Authentication?
Multi-factor authentication is sometimes called two-factor authentication or two-step verification, and it is often abbreviated to MFA. No matter what you call it, multi-factor authentication is a cybersecurity measure for an account that requires anyone logging in to prove their identity multiple ways. Typically, you will enter your username, password, and then prove your identity some other way, like with a fingerprint or by responding to a text message.
Why go through all this trouble? Because multi-factor authentication makes it extremely hard for hackers to access your online accounts, even if they know your password.
It might seem like a lot of work, but once you have multi-factor authentication set up, proving your identity usually adds just a second or two to the log-in process. And the peace of mind multi-factor authentication provides is well worth it.
How does it work?
When you turn multi-factor authentication on for an account or device, your log-in process will require a bit more verification. You will be asked for your username and password.
If these are correct, you will then be prompted to prove your identity another way. You might be able to set up your smartphone, for example, to use a facial scan as verification. Other online accounts might send your phone number or email address a one-time use code that you must enter within a certain frame of time. Some accounts will require you to approve access with a standalone authenticator app like Duo or Google Authenticator.
Different forms of multi-factor authentication
Multi-factor authentication can take several different forms, including:
Inputting an extra PIN (personal identification number) as well as your password
The answer to an extra security question like “What town did you go to high school in?”
A code sent to your email or texted to your device that you must enter within a short span of time
Biometric identifiers like facial recognition or fingerprint scan
A standalone app that requires you to approve each attempt to access an account
An additional code either emailed to an account or texted to a mobile number
A secure token – a separate piece of physical hardware, like a key fob, that verifies a person’s identity with a database or system.
What types of accounts offer multi-factor authentication?
Not every account and device offers multi-factor authentication, but it is becoming more common every day. You might already have it set up for your devices, like if you use a Face ID or fingerprint scan to unlock your phone or laptop. multi-factor authentication is now often found in many workplaces and universities, too.
Here are some types of accounts that often offer multi-factor authentication. Check to see if you can turn multi-factor authentication on:
Multi-factor authentication adds an entire layer of security on your important accounts beyond your password. Your data is precious and important – multiplying its protection is a great idea. Let’s use multi-factor authentication everywhere!
Can multi-factor authentication be hacked?
While multi-factor authentication is one of the best ways to secure your accounts, there have been instances where cybercriminals have gotten around multi-factor authentication. However, these situations typically involve a hacker seeking multi-factor authentication approval to access an account multiple times and the owner approving the log-in, either due to confusion or annoyance.
Therefore, if you are receiving multi-factor authentication log-in requests and you aren’t trying to log in, do not approve the requests! Instead, contact the service or platform right away. Change your password for the account ASAP. Also, if you reused that password, change it for any other account that uses it (this is why every password should be unique).
Don’t let this deter you, though. multi-factor authentication is typically very safe, and it is one of the best ways you can bolster the security of your data!