October marks the 20th anniversary of Cybersecurity Awareness Month—the joint initiative between the U.S. Department of Homeland Security and National Cybersecurity Alliance that first launched in 2004.

One of the recurring themes for the month, both this year and last, is that it’s easy to stay safe online. 

While some cybersecurity experts suggest it’s actually easier said than done—including Grobstein Teeple’s own Erik Rasmussen and Michael Garlie—a major component of this year’s campaign is simply putting some practices into place that make Americans safer online.

To that end, Cybersecurity Awareness Month 2023 is focused on four key behaviors designed to help protect your data and maintain your cybersecurity. 

What are those behaviors—and what do they mean in a practical sense?

1. Use strong passwords and a password manager

The first behavior listed by Cybersecurity Awareness Month may seem like an obvious one, but a strong password is the first line of defense against unauthorized access to your personal data.

The use of weak or easily guessed passwords remains a major vulnerability for many users. Simple words, phrases, or patterns are susceptible to brute-force attacks, where attackers systematically try all possible combinations until they stumble upon the right one.

To mitigate the risk of brute-force attacks, keep the following factors in mind:

Complexity is key. Your password should ideally be a mix of upper and lowercase letters, numbers, and special symbols, such as an @, ! or # character.

Length matters. A longer password generally means a stronger password. Aim for at least 12 characters, wherever possible.

Avoid personal information. Never use easily accessible information like birthdays, places, or names as part of your password.

Regularly change passwords. Periodically updating passwords ensures that even if a password does fall into the wrong hands, the lifespan of its usefulness is limited.

Use a password manager. Remembering a multitude of complex passwords for various online accounts can be challenging. This is where password managers play a vital role. They can generate, retrieve, and store complex passwords for multiple accounts, requiring the user to remember only one strong master password.

2. Turn on Multifactor Authentication (MFA)

Even the most robust passwords can be compromised—which is where Multifactor Authentication (MFA) adds an extra layer of protection. 

As a security mechanism, MFA requires users to provide two or more verification factors to gain access to an online app, personal account, or even a Virtual Private Network (VPN).

The most common types of MFA responses include:

Something you know (such as a password or Personal Identification Number)

Something you have (such as a smart card or mobile device)

Something you are (making use of biometrics, like fingerprints or facial recognition)

If an attacker does manage to steal your password, they still can’t access the account without the second verification factor—making MFA one of the most important tools you can add to your cybersecurity toolkit.

3. Recognize and report phishing

According to the Federal Bureau of Investigation, Americans lost more than $52 million to phishing scams in 2022 alone. 

Phishing attacks, where cybercriminals attempt to deceive individuals into revealing sensitive information, are becoming more and more common. 

They can take the form of emails, phone calls, or text messages that appear to come from trustworthy sources but aim to trick users into divulging personal data, such as passwords, credit card numbers, or other financial data.

To protect yourself from falling victim to a phishing scam, always remember to:

Be skeptical of unsolicited communication, especially if they urge immediate action. The most sophisticated phishing scams can even spoof correspondence from trusted sources, such as text messages and emails, so it pays to remain vigilant. 

Check for telltale signs of phishing, such as generic greetings, spelling mistakes, or unfamiliar sender addresses.

Never click on suspicious links or download attachments from unknown sources.

When in doubt, contact the entity directly using a trusted method—such as a phone call, or separate email—rather than responding to the initial communication.

Report suspected phishing attempts to the respective organization or appropriate authorities.

4. Update Software Regularly

When Cybersecurity Awareness Month first started in 2004, it was suggested to update your antivirus software twice a year to coincide with changing the batteries in your smoke alarms.

That advice now seems demonstrably outdated given how frequently software is updated these days. These updates, while sometimes viewed as an inconvenience, play a vital role in cybersecurity.

That’s because developers regularly patch vulnerabilities and address security gaps in newer versions of their software. As such, failing to update can leave your systems exposed to known vulnerabilities, making it much easier for attackers to gain unauthorized access.

Next time you see a prompt to update your software, don’t forget the key role it plays in cybersecurity. And don’t forget this axiom can apply to mobile devices and tablets as well.

Just how easy is it to stay safe online?

One of the central themes of Cybersecurity Awareness Month is that it’s easy to stay safe online. 

That’s true to an extent—and is helped by following the best practices listed above—although the prevalence of smart devices and ‘always on’ technology adds a degree of complexity.

“We have everything, everywhere,” explained Grobstein Teeple’s Head of e-discovery and Forensic Technology Solutions, Michael Garlie.

“A smartphone, for example, is really only secure when it’s locked.

“If you have your phone in your hand and someone walks by and snatches it from you, it’s going to remain unlocked.

“And whoever snatched it will have access to all the material stored on your phone.

“So when it comes to cybersecurity, we really do have the actual security of data at one end of the spectrum, and convenience at the other end.”

It’s a sentiment echoed by Grobstein Teeple’s Global Head of Cybersecurity and Risk Management Solutions, Erik Rasmussen, who believes that of the four best-practice behaviors listed by Cybersecurity Awareness Month campaigners, multifactor authentication and awareness of phishing scams are the two most important.

“That’s the end user,” Rasmussen explained. “That’s what encourages proper end user behavior, like applying patches and software updates,” he said.

“People need to know how to apply updates… but if you’re the Head of Human Resources or the Director of Marketing, or you’re the Chief Executive Officer or Chief Operating Officer, you’ve got a lot more to worry about than just whether your computer is updated.

“That’s really someone else’s job. But that doesn’t mean you can’t stay informed and be part of the solution.”

Need help with your cybersecurity?

Grobstein Teeple offers a comprehensive range of cybersecurity solutions—both proactive and reactive—and the professional know-how and expertise to handle any issue. 

We recently helped UHY Consulting obtain PCI PFI certification and can do likewise for your firm.

Our in-house team of highly-qualified experts can assist with any element of your cybersecurity and e-discovery needs, including digital forensics, risk management, forensic data collection, and electronically stored information.

We’re experts in cybersecurity—and you can hear more of Erik Rasmussen’s professional insights on the Future of Cyber Risk podcast.

If you need help with your cybersecurity or e-discovery, simply get in touch to book a call.