Six Small Cybersecurity Steps You Should Take. Today.

There’s no cybersecurity silver bullet. Be risk-based. Pick low hanging fruit. We’ve all heard lots of clichés about what it means to—here are some more—be cyber aware, keep a clean machine, even Stop.Think.Connect. The bottom line is that protecting online resources and information is difficult, it’s new and it’s rapidly changing.

Compared with other science and engineering disciplines, getting things done digitally is in its infancy. Relative to how long we’ve been building things like finely crafted bridges (think Roman aqueducts), protecting networks, computers and mobile devices is a brand new phenomenon. We’re making great progress, but in many ways we’re just starting to understand the environment … all while it keeps changing before our eyes.

As we start National Cybersecurity Awareness Month this year, we need to maintain the perspective that, even though we know that sometimes things will go wrong, individual users, businesses and their employees can all make a difference. And while we work together to solve information security concerns on a larger scale, it’s our daily actions that matter most.

In the thick of the day-to-day and with a continual barrage of bad news in the world of cybersecurity, it might be hard to see just how much progress we’ve made over the last several years. For example, 63 percent of confirmed data breaches in 2015 took advantage of leveraging weak, default or stolen passwords. But public awareness around the limitations of passwords is increasing and people are turning to multi-factor authentication (MFA) as a tool to secure accounts. A recent survey showed that 86 percent of people who use MFA feel that their accounts are more secure. And the number of websites offering MFA as an option is also increasing.

These improvements, more than anything, occur every day, individuals—not just experts—take steps to do the right thing. Here are a few of the simple steps you can take to make a difference:

• Close old accounts. If you don’t use them, close them.
• Secure your active accounts. Many websites now offer additional ways for you to access your account easily while making it hard for others to get in. Today, most large internet sites offer multi-factor authentication. If they don’t, you can ask for it.
• Protect your information. Avoid sharing too much personal information online (like your full name, address, birthday, etc.). You can check a website’s privacy options to ensure you have enabled them at the highest level since those options may change frequently.
• If it looks fishy, it’s probably ‘phishy.’ Links in fraudulent emails, website comments, tweets, posts and online advertisements are often how cybercriminals do their dirty work.
• Secure your mobile device. Don’t make it any easier for thieves to gain unauthorized access to your accounts. Use lock screen authentication for mobile devices, whether it’s a passcode, biometric or some other means.
• Update. Update. Update the software on your devices regularly. While there are sometimes glitches with new updates, many are specifically designed to address vulnerabilities in software that can leave you open to attacks.

For many of us at NIST and everyone on the National Strategy for Trusted Identities in Cyberspace team, our everyday lives revolve around improving our society’s ability to deliver and consume services, to interact and share, and to do all that we do in our indispensable digital lives. We hope you’ll join us in recognizing National Cybersecurity Awareness Month by taking the time to secure your devices and data, and by encouraging friends and family to do the same.

Even taking these measures, things won’t always go right, but these are proven, effective ways to lower risk—the digital equivalent of checking your blind spot and wearing your seat belt. As with anything in life, doing the little things can make a big difference.