Don’t get spooked by cybersecurity this Halloween

Don’t get spooked by cybersecurity this Halloween

October brings with it the spooky mystique of Halloween, and also serves as the National Cybersecurity Awareness Month in the USA. This year's NCSAM theme encourages businesses and individuals to ‘Own IT. Secure IT. Protect IT.’ when it comes to online safety and digital devices.

It may be the season to scare, but ensuring your customers receive the best a secure service and data protection shouldn't be shocking at all. Instead, it should always be a high priority. Providing industry-standard Two-Step Verification via SMS OTP is the choice option for multi-tiered verification online.

Even ghosting--the practice of suddenly withdrawing all communication--diminishes the trust and transparency your business has built with customers, no matter how festive it may seem. Keep your customers engaged this spooky season with perfectly-timed SMS messages that are secure, relevant and informative.

Jack-o-lantern

What is NCSAM?

Since 2004, during the month of October NCSAM aims to raise awareness and empower everyone from large enterprises to individual computer users to be accountable and secure their digital assets.

National Cybersecurity Awareness Month (NCSAM) was launched by the National Cyber Security Alliance (NCSA) and the U.S. Department of Homeland Security (DHS) in an effort to help all Americans to stay safe and more secure online. What started with basic advice like updating antivirus software twice a year, became one of the most successful public-private partnerships for cybersecurity.

From 2009 to 2018, each October the theme of NCSAM was 'Our Shared Responsibility' and was endorsed by President Barrack Obama. The aim was to create awareness of the role we all play online.

This year, the focus is on promoting personal accountability and proactive behavior in security best practices, digital privacy and cybersecurity, and to note the increasing capacity for such careers in the tech industry.

What does cybersecurity mean today?

In today's digital age, it's detrimental for businesses to implement robust online security measures across the board. Data protection has become the utmost concern for an ever-growing online community and ongoing development of technologies.

The most common online identity verification comes in the form of a username and password combination. In recent times, this process has included additional steps to deter bots, prevent phishing attacks and thwart fraud and identity theft.

Related: 'Avoid identity theft with SMS OTP'

Secure ways to enhance online safety:

TSV

Two-Step Verification (2SV) or Two Factor Authentication (2FA) has become the industry standard for providing multi-tiered authentication. Instead of just using one form of verification, like username and password, TSV adds a step to identify the user and authenticate the action being performed, i.e. a new bank transaction. The most common form of TSV is via temporary One-Time Passwords (OTP) that only lasts 5-10 minutes.

OTP

TSV via SMS OTP

One-Time Passwords are created to be personal to the user and timely. OTP for 2 Step Verification can be received through numerous avenues, but most popular methods include push notifications, SMS or a security key.

  • Hardware - a dongle or security key is the most secure way to input OTP, however, it can be inconvenient as it is an extra device to remember
  • Software - on-device prompts and push notifications are highly effective, however, inaccessible without notifications enabled and mobile data
  • SMS - direct to your handset, SMS passcodes tend to be the most convenient and secure option for OTP
    • Security Code Autofill and OTP Retrieval enable passcodes to be pulled from incoming messages to be available in the keyboard without leaving an app. These particular text messages must be formatted in a specific way and are only accessible by authorized third-party APIs to limit application access to messages.


Related: 'SMS OTP retrieval saving you time'

Strong, complex password

It seems obvious because most login credentials employ usernames and passwords as the first step to verifying identity, that passwords should be hard to guess. Firstly--and this is crucial to password integrity, including temporary passwords--passwords should not contain any portion of static information. That means information that is true to the user and unchanging. For example, names, date of birth and social security number.

A strong password generally includes a combination of uppercase and lowercase letters, numbers, and symbols with a minimum of 8 characters for most sites. However, fulfilling these requirements does not a good password make. Following these requirements, you can still have a weak password if static information is included. For example, John Smith might use J*Smith75 as his password. This is obvious to guess and can easily be hacked. Strong passwords tend to look like a long assortment of random letters, numbers, and symbols.

Some people find it difficult to remember a plethora of strong passwords, but mnemonic devices like chunking, storytelling or acrostic poems can assist considerably. A typical example of an acrostic poem is ROYGBIV. An abbreviation for the colors of the rainbow - red, orange, yellow, green, blue, indigo and violet. In an acrostic poem, ROYGBIV is remembered by Richard Of York Gave Battle In Vain. This particular example is taught in schools and is much too common to actually use as a password, but using this technique to remember a complex password can be useful.

Password mnemonic device

Robust encryption

Encryption is a common security method to deter malicious or negligent parties from accessing sensitive information. This is done by scrambling the message so that it appears random, converting plaintext into secret code known as ciphertext to hide the true meaning. To encrypt and decrypt data, the correct key must be applied upon access. This process of encoding a message or information restricts access to unauthorized parties, ensuring only authorized parties can access the content.

VPN

Short for Virtual Private Network, VPNs are not always necessary to ensure regular online security. It's mainly used as an extra layer of protection if you want to mask your IP address. Buying a VPN can divert tracking away from a designated IP address within a shared network to a private network.

Own IT. Secure IT. Protect IT.

NCSAM encourages you to educate yourself and those around you on how to operate devices and online systems in a safe and secure way in order to protect private data.

Own IT

  • Don't click and tell - social media and online sharing
  • Update online Privacy Settings within each account
  • Know your apps - like everything in life, apps evolve so be aware of changes that affect security

Secure IT

  • Create strong, unique passcodes
  • Multi-factor authentication
  • Practice safe and secure online shopping
  • Understand how to spot and avoid phishing

Protect IT

  • Keep security software, web browser and operating systems updated
  • Connection and Wi-Fi safety
  • Keep customer/consumer data and information secure - if you collect it, protect it

For more information about how SMS plays a part in cybersecurity, get in contact with the SMSGlobal Support Team.