October is Cybersecurity Awareness Month, an annual reminder that virtually everyone needs to recognize and confront online threats.
Big data breaches, ruthless ransomware attacks, and even cyberwarfare get all the headlines. But most cybersecurity threats are relatively mundane. They’re also easy to avoid if you know and practice a few basics.
Here are four steps you can take to stay safer. Spend 15 minutes right now to bolster your cybersecurity defenses.
Step 1: Enable multifactor authentication
Multifactor authentication protects your online information and identity. It usually involves using your phone to confirm logins to online services.
- Use Two-Step Login with Duo Security for University of Iowa services: Most staff, faculty, and students use the university’s multifactor authentication system to protect academic, employment, and other data. If you’re not using Two-Step, start today.
- Use push notifications to confirm your Two-Step logins: If you’re using phone calls or text messages, switch to push notifications instead. See instructions for adding Duo Mobile to a phone or other device.
- Use other multifactor authentication systems wherever they’re provided: If a social media platform, online banking service, or shopping site offers the option, accept it.
What to do right now: Set up Two-Step Login or switch to push notifications.
Step 2: Strengthen essential passwords
Strong passwords are a critical line of defense—make yours long, unique, and complex. If you follow these practices, you’ll rarely need to change most passwords.
- Use at least 15 characters: Longer passwords are harder to crack.
- Make each password unique: Every site or service you use should have its own unique password. That way, if one gets compromised, the others stay secure.
- Use complex character combinations: Make each password a mix of upper-case letters, lower-case letters, numbers, and special characters.
- Consider a password manager: These applications can generate and store strong passwords.
What to do right now: Learn more about password managers. If you’re using (and re-using) weak passwords, choose five services you depend on and give them strong, unique passwords.
Step 3: Update your software
Computer and phone software updates include security patches that address the latest cyber threats.
- Update your computer: If you manage your own computer, check whether the operating system and applications are current. (If you have questions about university-managed computers, talk to your local tech support contact.)
- Update your phone: Run the same checks on your phone.
What to do right now: Check for updates on devices you manage—it takes just a minute. If you’re not sure how, Google instructions for the device you own.
Step 4: Recognize phishing attempts
Phishing emails, social media posts, and direct messages are among the most common cyber scams. While the university’s systems keep most phishing emails, especially, from reaching your inbox, vigilance remains essential.
- Know the signs of phishing: Most scams are easy to recognize—look for too-good-to-be-true promises, a trumped-up sense of urgency, awkward language or errors, or requests for personal info. Trust your instincts and delete anything that looks suspicious.
What to do right now: Review examples of recent phishing attempts sent to UI email accounts.
Staying safe all year round
Start with these basics today. And keep these practices in mind whenever you create a new account or password, get a software update notification, or receive a dodgy email.
A few minutes right now—and a little ongoing vigilance—can save you the hours of stress that follow a successful cyber-scam.