State of New Jersey SealOFFICIAL SITE OF THE STATE OF NEW JERSEY

Be Prepared: NJCCIC Cybersecurity Survival Guide

Original Release Date: 9/22/2023

This October marks the 20th annual Cybersecurity Awareness Month (CAM), which raises awareness of the importance of cybersecurity in America, ensuring that everyone is prepared with the tools and resources they need to be safe and secure online. CAM is a collaborative effort led by the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance and is dedicated to empowering the public to be resilient against cyber threats and attacks. Since 2004, the impact of CAM continued to expand, reaching consumers, corporations, and institutions across the nation.

People are the first line of defense in securing information, networks, servers, devices, accounts, databases, files, and more against cyberattacks. As fearless internet explorers surviving in the tech age, everyone must stay vigilant and focused when traveling in the digital realm to keep threat actors out of accounts and networks. Identifying and reporting suspicious activity can reduce the impact and likelihood of cyberattacks. Practicing the following four simple behaviors and other cybersecurity basics can make a significant difference in helping to protect data from digital forms of crime. Be prepared to stay secure in cyberspace no matter who or where you are!

Recognizing and Reporting Phishing

Phishing attacks can lead to account compromises and malware infections, including ransomware. Users can reduce their likelihood of falling victim to phishing attacks by understanding common red flags and tactics.

Threat actors employ a variety of tactics in social engineering schemes to convince users to divulge sensitive information, click malicious links, or open malicious attachments contained in phishing emails. Portraying a sense of urgency is one of the most commonly used and highly effective tactics in these schemes because the targeted user may be less likely to scrutinize the email if they act quickly on the request. In addition, threat actors may convey a sense of authority or legitimacy by impersonating known entities, organizations, or individuals and making the phishing email appear part of an existing communication chain.

Phishing emails often contain links or attachments that, if clicked or opened, install malware or direct users to spoofed websites to steal users’ account credentials or information for financial theft and fraud. Confirming the email’s legitimacy via a separate means of communication and navigating directly to authentic and verified websites is essential. If suspicious, report it to your respective agency.

Example Phishing Email

Using Strong Passwords and a Password Manager

Many users connect to the internet and access multiple accounts and services for business, including email platforms, applications, and vendor websites. The increased use of online accounts and services, combined with users engaging in risky password management practices, puts both themselves and their employers at risk of account compromise and data breaches. Therefore, it is important to practice good password hygiene to protect accounts and data.

Strong, unique passwords for each account help prevent password reuse attacks in which threat actors obtain the password for one account and use it to compromise an additional account using the same credentials. Threat actors succeed when users reuse credentials across multiple accounts, use easy-to-guess or simple passwords, and do not enable multi-factor authentication (MFA). Strong, unique passwords help secure information, networks, servers, devices, accounts, databases, files, and more against cyberattacks.

Password managers are an effective method to assist users in creating strong, unique passwords and storing them securely. These accounts should be secured with unique and complex master passwords and MFA using an authentication app or hardware token. Password managers hold very sensitive data and should be given the highest degree of security available. Users are encouraged to research password manager providers thoroughly prior to use.

Enabling Multi-Factor Authentication

Identity, authorization, and authentication controls are security requirements that ensure access is controlled and securely provided to only authorized individuals, systems, and processes. Authentication control is a process used to validate a user’s identity. An example of this control is MFA, which helps protect online accounts from unauthorized access. MFA is an effective measure to protect users from account compromise via credential theft or exposure as part of a data breach. Even if a threat actor gains access to an account password, they will be unable to access the associated account without the user’s second authentication factor.

MFA requires two or more different factors and consists of a variety of authentication methods: 

  • Something you have: obtained by physical objects, such as codes provided via authentication apps or text messages on smartphones, smart cards, USB devices, and security hardware tokens.
  • Something you know: anything that can be remembered and then typed, verbalized, performed, or recalled, such as passcodes, PINs, combinations, code words, and answers to security questions. 

Something you are: any part of the human body that can be used as verification, such as fingerprints, facial recognition, palm scans, retina scans, iris scans, and voice verification.

MFA is recommended for any account where available, especially those associated with work, school, email, banking, social media, and online stores. Authentication apps, hardware tokens, or biometrics are preferred as a second factor over SMS-based authentication due to the risk of SIM swapping and other social engineering tactics; however, any form of MFA is beneficial.

Updating Software

It is essential to stay informed about publicly disclosed vulnerabilities and to update all device hardware, operating systems, applications, software, and anti-virus or anti-malware programs to ensure they are patched against flaws or security holes that threat actors could exploit to gain unauthorized access to devices or data. Ensure automatic updates are enabled and download updates from verified and trusted sources. Other protective technologies include endpoint detection and response software, host-based firewalls, and device and file encryption. Important or sensitive data should be  backed up and tested regularly, keeping an updated copy offline in a separate and secure location.

Resources

Join & Subscribe

Never miss an update! Sign up for a no cost membership today! Receive up-to-date content and more in our weekly bulletin.

Sign Up

Featured Content

New Jersey Cybersecurity & Communications Integration Cell

2 Schwarzkopf Dr, Ewing Township, NJ 08628

njccic@cyber.nj.gov

OUR COMMITMENT

The NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness. We are the State's one-stop-shop for cyber threat analysis, incident reporting, and information sharing and are committed to making New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices.

Agency Seals of State of NJ, NJOHSP and NJCCIC

STAY CONNECTED:

View our Privacy Policy here.

View our Site Index here.