It's Easy to Stay Safe Online: Cybersecurity Awareness Month

Each October, ITS champions Cybersecurity Awareness Month (CAM), an international initiative led by the U.S. Department of Homeland Security and the National Cybersecurity Alliance (NCA). Now in its 22^nd year, this campaign empowers individuals, businesses and communities to take simple, effective and proactive steps to stay safe online.

ITS encourages everyone to become a champion of cybersecurity by spreading awareness and adopting best practices in their personal and professional lives. As reported in last year’s newsletter, New York remains one of the U.S. states that is most targeted by cybercriminals. According to the 2024 FBI Internet Crime Report, New York individuals and businesses lost around $16 billion due to online scams, data theft and fraud.

This year, the theme of Cybersecurity Awareness Month is “Stay Safe Online.” This theme seeks to make cybersecurity feel welcoming and understandable to everyone.  The NCA reports that one of the biggest challenges in encouraging people to adopt good cyber habits is overcoming the confusion and intimidation many people feel about cybersecurity. Last year NCA released the “Oh, Behave! Annual Cybersecurity Attitudes and Behaviors Report,” which noted that:

• 46% of people surveyed said trying to stay secure online is frustrating.
• 44% said security is intimidating.
• 40% said information on how to be secure is confusing.

Interactions with the public reveal that many feel that they have “unintelligent” questions regarding cybersecurity. We aim to remove any sense of hesitation and reinforce that when it comes to online safety, there are no dumb or bad questions. The program’s focus centers around empathy and kindness, letting people know that cybersecurity professionals truly care about their digital well-being and that online safety can be achieved by anyone.

This year, we will continue to focus on the Core 4 cybersecurity tips:

• Use strong passwords.
• Turn on multifactor authentication.
• Update your software.
• Recognize and report scams.

We want to highlight how these simple actions can make a huge difference. Our goal is to make these steps feel approachable and achievable by following the tips below.

Use strong passwords.

• Passwords are your first defense against digital intruders.
• Create strong passwords using a mix of letters, numbers and symbols.
• Password length is extremely important. An eight-character password with maximum complexity takes hackers around 164 years to crack. An extra character, for a total of nine, boosts that time to 11,000 years. At 16 characters, the cracking time extends into millions of years!
• Avoid reusing passwords across accounts.

Turn on multifactor authentication (MFA).

• Multifactor authentication (MFA) provides an extra layer of protection by requiring a second form of verification, such as a code from your phone or an authentication app.
• Even if a hacker happens to acquire your password, MFA makes it much harder for them to access your accounts.
• There are many forms of MFA, and some more beneficial than others. Take a look at our toolkit for more information on which MFA suits you best.

Update software.

• Regular software updates fix security flaws that criminals could exploit.
• Update your device as soon as you are prompted to do so; the brief device downtime is well worth the security improvements.
• Turn on automatic updates in your settings for your operating system, apps, and devices to stay protected with the latest security patches.

Recognize and report scams.

• Online scams are becoming increasingly common and harder to recognize.
• Cybercriminals use email, texts, phone calls, and social media to trick you into sharing personal or financial information. Nearly all of these modes of contact are a form of phishing. Familiarize yourself with their tactics.
• Scams may look official and urgent, or they make an offer that seems too good to be true. Watch for red flags like misspellings, suspicious links or pressure to act immediately.
• Never click on unknown links or attachments.
• Verify possibly legitimate requests by contacting the company directly through official channels.
• Report scams to your IT team at work, your email provider or at reportfraud.ftc.gov.

Additional Resources

• FBI: Internet Crime Complaint Center
• U.S. Department of Justice: Report Computer, Internet-related, Or Intellectual Property Crime

Cyber Habit of the Month: Recognize, Report and Prevent Cyberbullying

Not only is October Cybersecurity Awareness Month, but it is also National Bullying Awareness Month. Many times, bullying starts in or extends to the online world. This is known as ‘cyberbullying.’

When you notice harassing messages, threats or repeated negative content aimed at someone online, capture evidence – screenshots, timestamps, message logs – and then report it to the platform or service where it occurred. Many social media sites have built-in reporting tools. If the behavior escalates into threats, stalking, illegal content or any other serious action, report the incident to local law enforcement or the federal cybercrime portal.

Make it regular habit to talk to your children, friends or colleagues about cyberbullying. If someone confides that they have been or are being cyberbullied, support them by helping them document and report the incident. Encourage them to talk to trusted adults or counselors.

For more cyberbullying resources, check out the links below:

• PACER Center, Founders of National Bullying Prevention Month
• SchoolSafety.gov General Cybersecurity for K-12 Educators
• Cyberbullying Research Center Resources
• The Cybersmile Foundation
• Connect Safely: Cyberbullying & Online Abuse — News & Popular Guides
• Stand For the Silent