Skip to main content
Illustration: A spooky scene of lit candles, website tabs filled with creepy ghosts, cat eyes, and a jack-o'-lantern face and an ominous night seen through a window set the stage for this feature on October being Cybersecurity Awareness Month.

Fall into Cyber Smarts

October is pumpkins & spice, hoodie weather, costumes, candy, cider, donuts, and… Cyber Security! That’s right, October is Cybersecurity Awareness Month. This magical event happens yearly, thanks to the National Cybersecurity Alliance and focuses on a specific theme. This year’s theme focuses on four key behaviors:

  • Updating software

  • Recognizing and reporting a phish

  • Enabling multi-factor authentication (MFA)

  • Using strong passwords and a password manager

While having one’s personal space meddled in can be spooky to think about, being informed about harmful tricks and treats and being cyber-smart is a clever way to out-smart would-be hackers!

Updating Software

We know all of you receive those alerts on your phone that inform you there’s an update to an app or to your phone, but do you actually let the updates happen? You should. Why? Because there are often patches inside of those updates. Remember how you were floating on a fun tube this summer when it was hot as habaneros outside? Well, imagine that tube had a small hole, and you didn’t put that sticky, smelly patch kit on it right away — the fun ends quickly. This is the same type of thing with technology.

If something is found on the development side that can cause a leak, make users vulnerable to cyber-attacks, or can simply enhance the user experience, the IT folks try to get you those repair kits (patches) right away so you can keep using that app, or even your device, without any further issue. The idea is to keep floating on down that river of tech life without a care in the world. So, push those updates through when you get them, and you’ll be on the right side of safety.

Recognizing & Reporting a Phish

While we’re still reminiscing about being on the water, let’s talk about phishing. We all know it happens. We all know it’s bad. But you think — can it really happen to me? Why would anyone want to come after me? Well, the answer is Yes — this can happen to you, and they are!

Why? Because you have access and information that may be a link or a small key to something bigger. You also have money, even if you think it’s not that much. If a threat actor gets 200 people to click their link and they extract $50 from each account, then that’s $10,000 by simply sending an email!

Be sure to be on the lookout for things like:

  • Strange email addresses — Is that really an ‘l’ or is it a ‘1’?

  • Unknown sources — You wouldn’t take candy from a stranger, so you certainly shouldn’t accept a free cruise from one either. Always check the validity of a source. You can do a simple web search with the sender’s email and the word “scam” and see if the search results give you some bad news.

  • Odd language — Always read everything as it’s written, not as it’s intended, and you’ll track phish better than most folks!

  • Always hover over links to find out their true destination.

  • Don’t open any attachment coming from someone you don’t know and trust.

Phishing is one of the biggest threats in the cyber world today. Always be suspicious of what may be lurking beneath the surface of a seemingly innocent email.

Enabling Multi-factor Authentication (MFA)

MFA sounds like a lot. We know what you’re thinking. Can’t I just sip my Pumpkin Spice Latte and go about my day mindlessly scrolling TikToks? Well, you can, but you’re not going to be safe about it. Since we know you’re not changing all your passwords on a regular basis and for sure aren’t keeping them unique for all accounts, then the least you can do is set up multi-factor authentication for all accounts that offer it. Yes, even your social media ones.

Here’s why:

  1. Someone finds your username and password to your Facebook account.

  2. They log in and see that you’ve connected to other apps with this login. Cool!

  3. They go to one of those apps and see that you also have a Gmail account. Hmmm, maybe you have the same credentials over there. Let’s see.

  4. They login into your Gmail.

  5. Now they have access to all of your personal emails and see you just set up your direct deposit with your Ally account. Well done!

  6. Now they go out to see if you happen to use the same credentials over there…

If you had turned on MFA on any of these accounts, the hacker party likely would have ended right there. By enabling multi-factor authentication, you’re required to enter a special code to confirm your identity and proceed to the account. You may get that code via text, email, phone, or another predetermined way that you personally agreed to when you set up the account. I mean, we all want you to have unique passwords for all accounts, but we know that sometimes you just go with what you know and that’s it. So, if you’re one of those people that likes to keep things the same, please just flip on MFA and make your life a lot more secure.

Using strong password, and a password manager

If your go-to costume for the last few years has been Deadpool, I’m sure you’re aware that Ryan Reynolds has his hand in the password manager world. Yep, all the cool kids are doing it. Use a password manager! Password managers allow you to safely keep your passwords locked away on a virtual sticky note of sorts, and all you have to do is remember one. The one that gets you into that vault. Once inside, you can also generate strong/extensive passwords, keep them aligned with all of your accounts, keep a history of your passwords so you don’t have to try to remember which one you’ve used five passwords ago when you change to a new one… it’s really easy.

But wait, don’t you say, never write down our password? Yes, however this is significantly safer than that sticky note you keep under your keyboard. Yeah, we know it’s there. Since we keep trying to get you to change your passwords regularly and make them unique for all accounts, the cyber world decided to give you a tool to help out: the password manager.

So, next time you get an alert to change your password, make it unique. Do not use any of the last 100 passwords, and it must be 20 characters long with 2–3 special characters and should not include your name — you’ll have a tool for that. You can simply generate one that fits all the special requirements, and you don’t have to think it up. What’s the best one to use? Well, you can perform your own research to find what fits your personal needs best, but many lists will show you, such as Bitwarden, LastPass, or Keeper — that one that Deadpool/Ryan uses — or even one that’s associated to the VPN service you use like NordPass. Whatever fits your desired level of security, you’ll be much better off than using Password123!

Finish Strong

October is known to be the scariest month, but it can also be the most fun. While you’re racing through corn mazes, and carving away on pumpkins, be sure to expand your cyber safety by allowing those updates to install, steering clear of those phish, enabling MFA, and changing those passwords. Make it scary for the threat actors to get to you, instead of the other way around. Finish 2022 off strong, safe, and cyber smart!

Interested in joining Ally's team of talented technologists to make a difference for our customers and communities? Check outAlly Careersto learn more.