Cybersecurity Awareness Month

Four easy ways to stay safe online

Every October, Cybersecurity Awareness Month teaches people simple ways to protect themselves online. This year’s theme, Stay Safe Online, is all about the simple ways to protect yourself, your family and your business from online threats.

Small actions can make a big difference. That’s why we’re focusing on the Core 4. Four easy steps anyone can take to boost their online safety.

Staying safe online doesn’t have to be complicated or intimidating. Start building your confidence by focusing on the Core 4, four simple but powerful actions to take control of your digital safety and help protect your personal information, devices and your entire community.

Stronger passwords start with passphrases

Not all accounts are created equal—your banking, investment and email logins deserve the strongest protection. That’s why it’s important to use unique passphrases for your accounts. If one site gets hacked, the rest of your accounts stay safe.

Passphrases are easier to remember than random strings of characters, but far harder for attackers to crack because of their length. Think of them as a personal sentence only you would know.

Tips for creating strong passphrases:

Don’t reuse the same passphrase across accounts.
Avoid using easy-to-guess information like birthdays or pet names.
Make it unique and memorable, but tough for others to guess.

A strong, unique password for every account is your first and most critical defense.

Lock down your account logins with Multi-Factor Authentication

Think of your password as the front door key to your digital life. Now imagine adding a deadbolt—that’s what Multi-Factor Authentication (MFA) does. It gives you an extra layer of security so even if someone steals your password, they still can’t get in.

MFA works by asking for two or more ways to prove that it’s really you, such as:

Something you know – your password or PIN
Something you have – authenticator application or hardware keys
Something you are – your fingerprint, face or voice

With MFA, cybercriminals can’t break in with just one stolen key—they’d need them all.

Think before you click

The best defense against cyber scams is to be cautious. If something feels off, don’t click—report it. Remember, just opening an email is safe; it’s the links and attachments that can put you at risk.

Phishing emails are one of the most common tricks cybercriminals use to steal sensitive information like passwords, credit card numbers or personal data. These messages are crafted to look real, but if you know what to look for, the red flags are easy to spot:

Sense of Urgency: Phishing emails often create a false sense of urgency or fear, using phrases like "Immediate action required" or "Your account will be closed." This is designed to make you act without thinking.
Suspicious Sender: Always check the sender's full email address, not just their display name. Look for subtle misspellings.
Generic Greetings: A legitimate company or colleague will usually address you by name. Phishing emails often use generic greetings like "Dear Valued Customer" or "Hello."
Bad Spelling and Grammar: While AI is making these attacks more sophisticated, many still contain poor spelling and awkward phrasing.
Mismatched Links and Unexpected Attachments: Hover your mouse over any links in the email before you click. The address that pops up should match the link text and be a trusted domain. Be extremely cautious with any unsolicited attachments.

Stay cautious, stay vigilant and protect yourself before you click.

Updated software = protection

One of the most proactive and powerful ways to protect your devices is to keep your software up to date. Updates aren’t just about cool new features—they patch the security holes that hackers are constantly trying to exploit.

When you do system updates, you:

Shut the door on attackers by closing security gaps
Keep your systems running smoothly and reliably
Protect sensitive information

Waiting too long leaves the door wide open for malware, ransomware and data breaches.