Cybersecurity Awareness Month tips for online security

It's still Cybersecurity Awareness Month, so in today's post I'm passing on a number of security recommendations for online activity, some that the FBI has been promoting for Internet safety.

Never forget that any kind of business or work you do online -- including email, shopping, social media sites, and surfing – warrants some level of scrutiny. So spend some time during Cybersecurity Awareness Month thinking about what you need to do to make yourself less vulnerable to attack as you use the Internet.

Another diatribe about passwords

Changing passwords and making sure that you don't use the same password for multiple sites is still very important -- in spite of recent warnings that frequent password changes might result in simpler, more guessable passwords. If one of your accounts is compromised, you probably don't want all of them to suffer the same fate.

And the passwords you choose should be complex enough to not be easily guessed. Once you have dozens of passwords, you might elect to use a secure password repository to keep track of them.

I've been hearing warnings for years about not writing passwords down, but how much of a problem this is depends on where and how you write them down. At one point in my career I kept track of a few lock combinations by disguising them as phone numbers in my address book along with carefully concocted names that reminded me which combination belonged to which lock. Only I could tell the difference between those entries and all the legitimate contact information that filled the book. Because the names made up and weren't related to people I really knew, they served as clues. These days a very secure password storage tool serves the same purpose -- and can be kept on a USB drive so it's not even online unless needed and is securely stashed otherwise.

Multi-factor Logins

You can also add levels of security for some of the services you use. I was surprised when I checked that multi-factor login credentials are easily configured for Gmail/Google. Go to this URL and select the kind of verification service you would like to use.

For example, you can request that a code be sent to your phone -- a code you need to enter after your password when you log in.

The choices include:

  • Getting a prompt on your phone that you have to respond to by typing “Yes” (no codes to remember, but your phone has to be involved in the login).
  • Using the authentication app to get a list of verification codes. No phone required. You'll get ten codes, each can be used only once.
  • Setting up a backup phone in case your primary phone is lost or stolen.
  • Using a security key on a USB that you plug into your system.

Maybe someday all of your accounts will require some out-of-band confirmation that you're really you. And, while this will add a level of complexity to every login, the extra trouble can go a long way toward keeping your accounts, your reputation, and your money safe.


Don't post anything you're not willing to have go public. I hear so many people complaining about their lack of privacy. At the same time, they share the intimate details of their lives on Facebook, Twitter, etc. Keep enough information private that you have a chance of knowing some things that no one who isn't very close to you will know.

Scrutinizing links

Don't trust links -- examine them, retype them, and don't click unless you're confident they're not leading you astray. Hover your mouse over links and make sure they point to the resource they pretend to point to. And beware of carefully crafted look-alikes. An extra letter, a 0 in place of an O, or a b in place of a d might not be obvious unless you look closely.

Don't trust public WiFi

Don't trust WiFi in public places with anything you wouldn't share with anyone -- especially don't log into sensitive accounts like your bank accounts. You might be sharing everything you type and could be completely oblivious to the possibility that someone is snooping.

Multi-level backups

Back up your system to multiple sites, offline media, sometimes even to hard copies. Imagine how you'd manage if you were totally cut off from the internet. At one point, I found out that I couldn't even call my service provider when my internet connection was down -- because I didn't have a phone book and had no idea what their phone number was. Talk about lack of planning!

Wrap up

Yes, security can be a bit of a pain in the butt, but it's going to pad that seat of yours when you least expect it.The FBI offers its internet security thoughts for Cybersecurity Awareness Month in its "Simple Steps for Internet Safety." Just make sure you first check the source address in this link. If it doesn't start with “,” don't click on it!

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2016 IDG Communications, Inc.