Cybersecurity Awareness Month.

[MUSIC] Hey, it's October now, and that means it's Cyber Security Awareness Month. And this feels like a good moment to review how to keep our personal and professional world secure. Because it's not just one department's job to do that, it's really up to each and every one of us to do our bit to keep our important stuff safe from cyber criminals. As you might know, cybersecurity is where I came from before sliding on over to space. So in lieu of yet another email from your IT department that you're not gonna read, yeah, we see you. Let me find and then dust off my old cybersecurity hoodie. Okay, space team, let's review four easy things we all should know about cybersecurity. And I'll even throw in one bonus for you. It'll be easy, I promise. Let's do this. Here we go. Tip number one, keep your software updated. As soon as you can, after you get that notification that an update is available for your browser, your work software, your frequently used apps, your phone, your laptop, your work machine, or all of the above, make it a priority to get it done. Or better yet, if you can, turn on automatic updates. Those updates are sending the latest defenses against cyber attacks to your systems. So when you delay updates, you're making your devices easy targets. Remember in 2022, when Viasat ground systems got hacked as an opening salvo in Russia's invasion of Ukraine? Russia targeted VPN systems on the ground stations that weren't updated. I'm not pointing any fingers at any one org, though. According to the National Cybersecurity Alliance in the United States, only 36% of people always install updates when they're available. Those are rookie numbers, people. Let's get that 36% up. And if you become one of that 36%, you'll already have a harder to hack system than the vast majority of people. Remember, you don't have to outrun the bear. You just got to be faster than the person next to you. Here's tip number two. Use strong, unique passwords. I know. I know a lot of you are using the same passwords on lots of different websites or apps. By the way, adding a number or an exclamation point at the end of your kid's name doesn't make it secure. Mind blown, right? Would you use the same key to open the doors to your office, your front door, your back door, your car, and your bank's vault? No, because that'd be crazy, right? So it's time to retire. One, two, three, four, let me in. Exclamation point, please. And thank you. Make sure your passwords, especially for important services for work in your personal life, are both strong and unique. Strong meaning long and using a combination of uppercase, lowercase numbers, and symbols. And if it's too much to remember all that, and believe me, trust me, I know, I get it, consider using a password manager. Lots of options out there, and many are even built into browsers and operating systems nowadays to make it easy on you. The National Cybersecurity Alliance says only 38% of people actually use unique passwords. Don't make it that easy for hackers. If they're going to come after your stuff, at least make them work a little bit. Tip number three, turn on multi-factor authentication. You may have heard of a version of this called 2FA or two-factor authentication also. In any case, many workplaces require it, so you may not have a choice about using it or not. But if it's optional, I urge you to opt in, especially for really high priority things like anything work related, your personal email, your social media, your finances, anything that would be an absolute nightmare if it got hacked. Now, 30% of people who have heard of MFA do not know how to use it. So if you're one of them, you have good company. You've likely encountered MFA if a service you use sends you a code and a text message or asks you to click a prompt in an app that you already have. It's a way of saying to the service, "Hi, service. I am absolutely who I say I am because beyond just having the right password, I also have a phone or an authentication device that you know only I should have." Yes, a hacker could have one or the other of them, but it would be very unlikely that they'd have both at the same time. So yeah, it's me. Let me in. And the last of the four tips, recognize and report phishing. And that's phishing with a pH, of course. And you might be going, "Ha, ha, yeah, of course, I can recognize a phishing email. How is that hard?" But phishing is actually still the way that hackers end up costing companies hundreds of thousands, if not millions of dollars, like accidentally or unknowingly clicking on an attachment or malicious link in an email that downloads and then activates ransomware, blocking you or even worse, your entire organization from accessing the data that you need to do your job until you pay a king's ransom to the criminals who are holding it hostage. Phishing takes many, many different forms nowadays and criminals are getting even more sophisticated in their attempts by the day. A great rule of thumb is that any email, text message or phone call that's requesting you to open an attachment or share sensitive information of any kind merits you immediately hitting the brakes, metaphorically speaking. Slow down. This applies no matter how urgent it supposedly is or who it's purportedly from. So many times we, and I say we because I am included in this, so many times we fall prey to phishing attempts because of the sense of urgency that makes us act without really thinking or just reacting on instinct. And that split second of a reaction is when your defenses are often down. If only we had just slowed down a moment and said, "Is this email legit? Is it from who it actually says it is? Can I verify this before I take action?" Doing any of those things can often easily reveal the phishing attempt for the fraud that it truly is. And if you recognize that it's a fish, report it. Don't know if you realize it, but reporting it actually helps a lot, whether to your work's IT department if you get a fish at work, or even to your personal email provider if a fish lands in your personal inbox. If you get one at work, your IT department or security team may have a specific procedure or even a dedicated email address like phishing@ or security@ where they want you to send fishy emails. But if you don't know where to send it, just ask them. They don't bite usually. And honestly, the love that you asked. And I know you're listening to me on the T-Minus Space Daily feed, but shameless plug right here for the other podcast I co-host. It's called Hacking Humans. And it's all about the latest scams and phishing attempts around the world that we're seeing in the headlines. It's a really great way to learn what the bad guys are trying to do and to stay one step ahead of them. OK, those are the four main tips for cybersecurity. And here's a little bonus one from me to you. That's more of a reminder for work purposes as your workplace may already have rules about this one. But here goes. Bonus tip number five, use AI safely. Whatever your opinion on AI and its utility in the workplace, remember that above all, my, your, everybody's inputs are what AI learn from. So when you're using AI that's run by an outside organization, do not put private information in there, whether it's personal or proprietary. An intellectual property breach is a nightmare in the best of times. Do not cause one by what you might politely call an AI induced, unforced error. So those are four cybersecurity tips. Plus one bonus, they might sound easy, but if they were, well, all my cybersecurity friends would be a lot less busy. These aren't basics. They're fundamentals, which are the most important, but also hard to get right. Perfection is not the goal, after all. Just do a little better than yesterday. If you enable automatic updates for the first time or switch on MFA for your work account or even just update a reused password to something that's strong and unique, congratulations, that is a win. That's my cybersecurity awareness month's shiel for you. Congratulations, you are now aware. T minus. My God. [MUSIC PLAYING] (whooshing) [BLANK_AUDIO]