October is Cybersecurity Awareness Month, a global effort to help everyone stay safe and protected when using technology whenever and however they connect.

Colorado State University’s Division of IT is leading efforts for the month with the theme “It’s easy to stay safe online.” Throughout the month, the Division of IT and campus partners will showcase how CSU is proud to be a “Cybersecurity Champion” and support this online safety and education initiative. #CybersecurityChampion will be the marquee hashtag the division uses throughout the month. For a complete list of Cybersecurity Awareness Month events please visit it.colostate.edu/cybersecurity.

According to organizers, the month is all about taking action, with events planned across campus to promote key behaviors to encourage every CSU community member to take control of their online lives. 

There are all kinds of ways to stay safe and secure online but even just practicing these cybersecurity basics can make a huge difference. Here are a few key best practices compiled by the Division of IT that people can implement today to enhance their own cybersecurity and create a more secure world for everyone. 

1. Enable multi-factor authentication (Be familiar with DUO 2FA on the CSU campus) 

Enabling multi-factor authentication (MFA) – which prompts a user to input a second set of verifying information such as a secure code sent to a mobile device or to sign-in via an authenticator app – is a hugely effective measure that anyone can use to drastically reduce the chances of a cybersecurity breach. According to Microsoft research, MFA is 99.9 percent effective in preventing breaches. Therefore, it is a must for any individual looking to secure their devices and accounts. At CSU, you should be familiar with using DUO two-factor authentication. We use DUO with many of our CSU services like logging into email or accessing RamWeb.

2. Watch out for phishing and ransomware 

Phishing – when a cybercriminal poses as a legitimate party in hopes of getting individuals to engage with malicious content or links – remains one of the most popular tactics among cybercriminals today. In fact, 80% of cybersecurity incidents stem from a phishing attempt. However, while phishing has gotten more sophisticated, keeping an eye out for typos, poor graphics and other suspicious characteristics can be a telltale sign that the content is potentially coming from a “phish.” In addition, if you think you have spotted a phishing attempt be sure to report the incident so that internal IT teams and service providers can remediate the situation and prevent others from possibly becoming victims.  At CSU, report suspicious emails to abuse@colostate.edu or through your Outlook email.  

 3. Use strong passwords and a password manager 

Having unique, long and complex passwords is one of the best ways to immediately boost your cybersecurity. Yet, only 43% of the public say that they “always” or “very often” use strong passwords. Password cracking is one of the go-to tactics that cybercriminals turn to in order to access sensitive information. And if you are a “password repeater,” once a cybercriminal has hacked one of your accounts, they can easily do the same across all of your accounts.  

One of the biggest reasons that individuals repeat passwords is that it can be tough to remember all of the passwords you have. Fortunately, by using a password manager, individuals can securely store all of their unique passwords in one place; meaning, people only have to remember one password. In addition, password managers are incredibly easy to use and can automatically plug-in stored passwords when you visit a site. 

At CSU we require all passwords to be at least 15 characters long with a combination of capital and lower case letters and special characters. More information about CSU’s password creation policy can be found here.

 4. Update your software 

Making sure devices are always up to date with the most recent versions is essential to preventing cybersecurity issues from cropping up. Cybersecurity is an ongoing effort, and updates are hugely important in helping to address vulnerabilities that have been uncovered as well as in providing ongoing maintenance. Therefore, instead of trying to remember to check for updates or closing out of update notifications, enable automatic update installations whenever possible. 

Cybersecurity Awareness Month, in its 19th year, is an initiative co-led by the National Cybersecurity Alliance and the Cybersecurity and Infrastructure Agency of the U.S. Department of Homeland Security, designed to engage and educate public- and private-sector partners with the goal of raising awareness about cybersecurity to increase the resiliency of the nation in the event of a cyber incident.

A 2004 Presidential proclamation established CAM, an initiative that has been formally recognized by Congress, federal, state, and local governments and leaders from industry and academia. This united effort is necessary to maintain a cyberspace that is safer and more resilient.