Get expert insights you can't find anywhere else - watch nowOctober is National Cybersecurity Awareness Month (NCSAM), which was launched by the National Cybersecurity Alliance and the U.S. Department of Homeland Security in October 2004.

According to the Stay Safe Online NCSAM website, “the theme for 2019 is ‘Own IT. Secure IT. Protect IT.’, helping to encourage personal accountability and proactive behavior in digital privacy, security best practices, common cyber threats and cybersecurity careers.”

In a world where it can feel like there’s a new security breach almost every day, cybersecurity can be overwhelming. Here are five simple cybersecurity tips that anyone can follow to become more secure.

1. Consider using passphrases instead of passwords

Passwords are becoming more and more insecure, as many of us use the bare minimum requirements for password length. On top of that, we often use the same password for multiple sites. These passwords are typically either difficult for us to remember and very easy to crack or extremely easy for us to remember and even easier to crack. Examples of these passwords are password1, Br0Nco5#, P#rQ_h67+xL9!

A solution to this is to use passphrases instead—for two reasons: length and hash tables. An eight-character password, such as our Br0Nco5# example, would take about nine hours to crack using a modern tool. Alternatively, “peanutbutterelephant” would take about 16 billion years to crack using the same tool, even though it has no special characters or numbers.

Every password has a unique hash, which is a fingerprint for the password. When passwords are cracked using a hash table (which is essentially a giant list of cracked passwords), the password-cracking tool compares the hash on the list with the hash or your password. Hash tables can consist of millions or billions of strings of characters to compare with your passphrase. By creating a longer passphrase, you greatly decrease the possibility that it will end up on the table.

2. Keep your software up to date

Each one of us has dozens of applications and pieces of software from various vendors. These applications are developed and tested by people, and people make mistakes, which means that some applications can have bugs in them. These bugs can be very small and benign, or they can cause huge holes in the security of the product. Depending on the severity of the bug, updates will be released quickly that will hopefully fix the problem.

Updating software to the newest version means you’re less likely to have an exploitable bug in your version of the software. This is especially important for software made by smaller teams, as updates usually don’t come out as frequently.

In addition, since so many attacks can occur through outdated or broken browser settings or add-ons and plug-ins, it’s especially important to keep your browser items up to date.

3. Don’t forget mobile device security

More and more, our phones and tablets are becoming our main source of productivity. We check our email, use social media, play games, watch cat videos, and more—all through our devices. This also means that more and more attackers are using mobile devices as points of attack.

One of the easiest ways to help secure your device is to activate a secure way of unlocking the phone. This is done with a PIN or password. Most new devices also have biometric options, such as a fingerprint or face recognition.

Another thing that is important to remember is application security. App stores generally vet the applications for safe practices, but not all apps are equal. Be very careful that you are downloading a legitimate version of the app. For example, if you see “Candy Crush 47,” take a moment to think about that. How could there possibly be 47 of these? That app is probably suspicious.

You should also consider mobile data encryption. Most modern phones and operating systems are including encryption as a standard. However, some information may not fall under that encryption umbrella, so be sure to find out what is and isn’t encrypted, instead of assuming that everything is OK.

This last point is a little controversial, but don’t forget about “Find my device” services. Turning on device location services means there is a potential that others can see you, too. However, in doing so, you may be able to track down your phone if it’s ever stolen or misplaced. This is a risk/reward situation.

4. Back up your data

One of the most frustrating things that can occur is when you start your workday, and upon opening your laptop, you see a message that says, “All of your data belongs to us.” Oh no, you’ve been a victim of ransomware! Can you pay the ransom? Even if you could, don’t. Unfortunately, your only option is to erase your entire hard drive and reinstall the operating system, which means you’ve just lost all of your work. Weeks, months, and possibly years of files, pictures, cat videos (why?)… all gone.

To prevent such a sad day from occurring, back up your data. This can be done using several methods. Most organizations will offer cloud backup services such as Dropbox or OneDrive. If you need a solution at home, there are several free options, or you can look at purchasing an external hard drive.

5. Don’t ever say, “It will never happen to me.”

Sadly, this is a phrase heard much too often. It’s assumed that most of us aren’t in danger of having a security issue affect us. We believe that we have nothing an attacker wants, or our security controls are top notch, so we don’t need to worry.

The truth is, most attackers will go for the easy targets, the low-hanging fruit. This is how social engineering has become so popular. An attacker could spend days or weeks trying to penetrate a system, or they could just sweet talk their way to getting information by sending a phishing email or making a few phone calls.

Instead, a good recommendation is to practice a heightened state of awareness. However, it must be stressed that this is not the same as paranoia. It’s simply a state where you question the information in front of you with the intention of avoiding social engineering attacks.