National Cybersecurity Month: Simple Habits To Achieve Real Protection

On September 18, I attended a Tech Frederick-sponsored talk by former Director of the National Security Agency (NSA) and Commander of the U.S. Cyber Command General (retired) Paul Nakasone. Since his retirement, Gen. Nakasone founded Vanderbilt University’s Institute of National Security and currently serves on the board of directors of OpenAI, the company behind ChatGPT. With October being National Cybersecurity Month, the timing of this talk was perfect–and given his credentials, I can’t think of a more qualified expert to discuss the importance of cybersecurity in a rapidly changing world. 

Gen. Nakasone’s message was clear: the threat landscape is accelerating. He flagged three big concerns shaping the future of cybersecurity: (1) the rapid rise of AI among both allies and adversaries; (2) China’s technological scale and strength and its long-term focus on strategic advantage; and (3) the persistent cyber talent gap that leaves many public and private sector organizations under-resourced. 

Despite constant technological advances, the growing sophistication of attacks, and the ongoing need for cybersecurity professionals, Gen. Nakasone emphasized that the basics of cybersecurity matter now more than ever. National Cybersecurity Awareness Month is a great time to assess your personal and organizational online security. Here are seven practical, everyday steps to stay safer online.

1. Power down once a day. Gen. Nakasone called this out specifically: turning off (not just sleeping) your devices clears memory where attacks and trackers like to live. A daily reboot reduces risk by evicting memory-resident malware, resetting stuck processes, and forcing apps to re-establish secure sessions.

2. Use multi-factor authentication (MFA). Yes, the extra step can be annoying. It’s also one of the best protections you can take. If your password is stolen in a breach or guessed by a bot, MFA adds “something you have” (your phone, an authenticator app, or a hardware key) so an attacker can’t log in with “something you know” (a password). You’ll increase your security even more using an authenticator app or hardware key instead of SMS when available.

3. Keep your operating system up to date. Updates don’t just add features—they patch known vulnerabilities. Attackers automate scans to find unpatched devices; once they spot an old version, they will exploit that vulnerability. Turning on automatic system updates shuts down those opportunities. 

4. Lock your devices with complex passwords or passcodes. Your phone is a treasure trove of valuable personal information, such as email, texts, MFA apps, photos of IDs, saved passwords, and location history. As Gen. Nakasone reminded us, it’s the one device you never want in the wrong hands. Use a long passcode (more than six digits) or a strong password, and enable biometric unlock for convenience. Also, turn on “Find My” and automatic wipe after multiple failed attempts.

5. Be skeptical of unsolicited emails, links, attachments, and texts. Phishing (email) and smishing (text) remain the #1 way attackers get in. Verify unexpected requests through a second channel (for example, if you get an email from your boss asking you to buy gift cards, ask them directly about the request before acting on it), hover over links to preview destinations, and never enter credentials after clicking an unknown link. Delete the email or text and report suspected phishing to your IT department. 

6. Use a VPN and be wary of public Wi-Fi. Public networks can expose your traffic to “evil twins”–fraudulent Wi-Fi access points that appear legit but are actually used for eavesdropping. A reputable VPN encrypts your connection, reducing what others on the network can see. Even with a VPN, you should avoid sensitive transactions on public Wi-Fi when possible; use your phone’s mobile hotspot for banking, HR portals, or any online activity that touches company systems.

7. Cover your camera. Webcam and phone-camera hijacking is real. A physical cover (it can be as simple as a piece of masking tape or a sticky note) guarantees that nothing can capture video when you don’t intend it. It also prevents “shoulder-surfing” via front-facing cameras in crowded spaces. You should also make sure only trusted apps can access your camera and mic.

Gen. Nakasone underscored a simple truth: while cyber policy and technology evolve, good cybersecurity habits remain relevant today. I hope you’ll take a few minutes during National Cybersecurity Month to implement these tips so that you can enjoy peace of mind while online.