CYBERSECURITY AWARENESS MONTH 2022: DO YOUR PART.

#BECYBERSMART

CYBERSECURITY STARTS WITH YOU

In support of Cybersecurity Awareness Month, Hg is sharing this Cybersecurity and Infrastructure Security Agency and National Cyber Security Alliance Factsheet. You can access it here. You can also download Hg’s free factsheet, Information Exposed, which details how to protect your personally identifiable information. 

Multi-factor authentication allows you to protect yourself in multiple ways 

Wouldn’t it be nice if you could protect your password with another password? Multi-factor authentication gives you this power  think of it like placing your house keys in a safety deposit box that can only be opened by a facial scan. In some cases, this metaphor isn’t far off from reality. 

What is MFA? 

Multi-factor authentication is sometimes called two-factor authentication or two-step verification, and it is often abbreviated to MFA. No matter what you call it, MFA is a cybersecurity measure for an account that requires anyone logging in to prove their identity multiple ways. Typically, you will enter your username, password, and then prove your identity some other way, like with a fingerprint or by responding to a text message.  

Why go through all this trouble? Because MFA makes it extremely hard for hackers to access your online accounts, even if they know your password. 

It might seem like a lot of work, but once you have MFA set up, proving your identity usually adds just a second or two to the log-in process. And the piece of mind MFA provides is well worth it.  

We recommend that you implement MFA for any account that permits it, especially any account associated with work, school, email, banking, and social media. 

How does MFA work? 

When you turn MFA on for an account or device, your log-in process will require a bit more verification.  

You will be asked for your username and password.  

If these are correct, you will then be prompted to prove your identity another way. You might be able to set up your smartphone, for example, to use a facial scan as verification. Other online accounts might send your phone number or email address a one-time use code that you must enter within a certain frame of time. Some accounts will require you to approve access with a standalone authenticator app like Duo or Google Authenticator.  

Different forms of MFA 

MFA can take several different forms, including: 

  • Inputting an extra PIN (personal identification number) as well as your password 
  • The answer to an extra security question like “What town did you go to high school in?” 
  • A code sent to your email or texted to your device that you must enter within a short span of time 
  • Biometric identifiers like facial recognition or fingerprint scan 
  • A standalone app that requires you to approve each attempt to access an account  
  • An additional code either emailed to an account or texted to a mobile number 
  • A secure token – a separate piece of physical hardware, like a key fob, that verifies a person’s identity with a database or system 

What type of accounts offer MFA? 

Not every account and device offers MFA, but it is becoming more common every day. You might already have it set up for your devices, like if you use a Face ID or fingerprint scan to unlock your phone or laptop. MFA is now often found in many workplaces and universities, too.  

Here are some types of accounts that often offer MFA. Check to see if you can turn MFA on: 

  • Banking 
  • Email 
  • Social media 
  • Online stores 

MFA adds an entire layer of security on your important accounts beyond your password. Your data is precious and important – multiplying its protection is a great idea. Let’s use MFA everywhere! 

Can MFA be hacked? 

While MFA is one of the best ways to secure your accounts, there have been instances where cybercriminals have gotten around MFA. However, these situations typically involve a hacker seeking MFA approval to access an account multiple times and the owner approving the log-in, either due to confusion or annoyance.  

Therefore, if you are receiving MFA log-in requests and you aren’t trying to log in, do not approve the requests! Instead, contact the service or platform right away. Change your password for the account ASAP. Also, if you reused that password, change it for any other account that uses it (this is why every password should be unique). 

Don’t let this deter you, though. MFA is typically very safe, and it is one of the best ways you can bolster the security of your data! 

CONTACT THE CISA CYBERSECURITY AWARENESS MONTH TEAM

Thank you for your continued support and commitment to Cybersecurity Awareness Month and helping all Americans stay safe and secure online. Please email our team at [email protected] or visit www.cisa.gov/cybersecurityawareness-month or staysafeonline.org/cybersecurity-awareness-month/ to learn more.

CISA | DEFEND TODAY, SECURE TOMORROW 2 Commercial Routing Assistance Cybersecurity Awareness Month 2022

cisa.gov [email protected] Linkedin.com/company/cisagov @CISAgov | @cyber | @uscert_gov Facebook.com/CISA @cisagov