Cybersecurity has become one of the biggest IT topics over the last two years, from securing digital learning tools during the pandemic, to widespread phishing scams that continue to target students, faculty, and staff. The seemingly endless cybersecurity news cycle and technical jargon that gets tossed around can make cybersecurity seem overwhelming and like something that should be left to the pros, but each of us have a huge role to play in cybersecurity threat prevention, detection, and remediation.

According to IBM, 95% of breaches have human error as a main cause, which means that everyday technology users are very much the first line of defense when it comes to thwarting cybercrime. It’s not nearly as hard as it sounds. A little skepticism and awareness of best practices is all it takes. Below are 4 simple tips that you can implement today to boost your own cybersecurity and create a more secure world for everyone.

1. Watch Out for Phishing

Phishing — when a cybercriminal poses as a legitimate party in hopes of getting you to reveal sensitive information or download malware through malicious attachments or links — remains one of the most popular tactics among cybercriminals today. In fact, 80% of cybersecurity incidents stem from a phishing attempt.

While phishing has gotten more sophisticated, typos, poor graphics, and other suspicious characteristics can still be tell-tale signs. Hover over links to see where they really go before clicking and beware of inconsistent or unfamiliar email addresses. Know how to spot a phish so you don’t get reeled in.

If you think you have spotted a phishing attempt, report it to Pitt IT so that we can remediate the situation and prevent others from possibly becoming victims. It’s easy to report a scam: just send an email to phish@pitt.edu with the scam message included as an attachment!

2. Update Your Passwords and Use Pitt Password Manager (LastPass)

Having unique, long, and complex passwords for each account is one of the best ways to immediately boost your cybersecurity. Yet, only 43% of the public say that they “always” or “very often” use strong passwords. Even worse, 57% of people who have already been scammed in phishing attacks still haven’t changed their passwords! If you are a password repeater, once a cybercriminal has hacked one account, they can easily do the same across all of your accounts.

It is nearly impossible to remember a different password for every one of your accounts. Fortunately, LastPass makes it easy to securely store all your passwords in one place. Then, you only have to remember one master password. LastPass is easy to use. It can generate strong passwords, automatically save new account credentials, and auto-fill stored passwords when you visit a site or open an app. Get it and start using it today.

3. Enable MFA Everywhere You Can

Multifactor authentication (MFA) is an extra layer of protection for your online accounts. It combines something only you should know (your username and password) with something only you should have access to (your phone). It may seem like a nuisance, but MFA is a hugely effective measure. In fact, according to Microsoft, MFA is 99.9% effective in preventing breaches.

At Pitt, you’re already using MFA (specifically, Duo) when you log into Pitt Passport. But MFA is a must for securing any device and account, not just Pitt Passport-protected systems. So turn it on for any service that has that option, from your social media accounts to online banking, shopping, and gaming sites. Many of them even have the option of using Duo.

Also remember that you should only get an MFA prompt when you initiate it (by logging in). If you get a random prompt, REJECT IT! Then, immediately change the password and contact the Technology Help Desk or site/vendor that was being accessed to warn them that your password may have been compromised. Also, change the password of any account that used the same password.

4. Activate Automatic Updates

Making sure devices are always up-to-date with the most recent versions is essential to preventing cybersecurity issues from cropping up. Cybersecurity is an ongoing effort, and updates are hugely important in helping to address vulnerabilities that have been uncovered, as well as in providing ongoing maintenance.

Most app makers/vendors don’t release information about vulnerabilities that they discover (or even worse, that hackers discover first) because they don’t want to announce ways to hack their site or system. Instead, the fix it in the security update.

So as tempting as it is to close update notifications or put off updates until later, take a couple minutes to download updates as soon as possible. Along the same lines, instead of trying to remember to check for updates, enable automatic update installations whenever possible and don’t opt out of update notifications.

Staying Cybersafe Can Be Easy

Cybersecurity is a thorny and ongoing issue, with some surprisingly easy solutions. By looking for scams, securing your passwords, using MFA, and keeping your devices and apps up-to-date, you can protect your devices, your data, and your money safe from the overwhelming majority of hackers. Stay safe online, Panthers.

-- By Karen Beaudway, Pitt IT Blogger