October is traditionally the scariest month of the year, with Halloween decorations adorning homes and horror movies at the theater. This October, the federal Cybersecurity & Infrastructure Security Agency (CISA) is providing information addressing a topic that has been outright frightening for local governments and school districts: cybersecurity threats.
October 2023 is the 20th anniversary of the first Cybersecurity Awareness Month, which aims to educate the public on the risks associated with cybercriminals. Accordingly, CISA has provided examples of how to remain safe online by improving your “cyber hygiene.”
For this year’s Cybersecurity Awareness Month, CISA is encouraging you to:
Use strong passwords and a password manager. Longer is stronger! CISA recommends each account have a distinct password that is more than 16 characters long. The four different types of characters (uppercase, lowercase, numbers and symbols) should be randomly used. Using a passphrase — multiple words as part of a password — is a good way to lengthen a password. Finally, password managers are excellent tools that can create distinctive, robust passwords and store them.
Turn on multifactor authentication (MFA). MFA means using another method (besides just a password) to verify your accounts, such as email, social media and financial accounts. With MFA, you would log in with not just a password, but also a one-time passcode sent to your email or phone. MFA requires organizational dedication, but it is the single most important action available to improve an organization’s cybersecurity posture.
Recognize and report phishing. Phishing is the most common (yet low-tech) form of social engineering attack. With phishing, individuals usually receive unsolicited emails or text messages, often appearing to be from recognized contacts (your boss or co-workers) or accounts (phone numbers or email addresses). Those messages attempt to look reputable, but often have a glaring red flag, such as poor grammar, misspellings or an unknown phone number or email address. The cybercriminal then lures unsuspecting victims to share sensitive information, click on links or download attachments. Always be conscious if messages you receive seem odd or suspicious. Do not share your credentials or send money if you suspect a phishing incident, and report the account to the appropriate authorities or your IT department.
Update software. One way cybercriminals breach systems and networks, potentially accessing organizational accounts, is by exploiting security vulnerabilities. The most effective way to address security vulnerabilities is by updating your software with the latest security patches and keeping your operating systems, antivirus software, web browsers and applications updated as well.
Why are these four CISA-recommended actions important? Recently, school districts and local governments across the U.S. have been hit by cyberattacks. In Arkansas, several high-profile cyber incidents have occured, including an attack on a vendor that left many counties unable to perform vital computer-based operations in their busiest time of the year.
School districts and local governments face many challenges, and cybersecurity is often overlooked as a bunch of hocus-pocus that only affects someone else. But the threat is real. These CISA recommendations can arm school districts and local governments with straightforward, feasible cybersecurity defenses. Enacting these recommendations can make our school districts and local governments’ October, and proceeding months, less spooky.