Staying Cyber Safe During Cybersecurity Awareness Month

October is Cybersecurity Awareness Month and a timely reminder to protect your personal information online. In an era when much of our lives are spent on devices and digital accounts, cybercriminals are finding increasingly sophisticated ways to exploit vulnerabilities, steal personal data and commit identity crimes.

At the Identity Theft Resource Center (ITRC), we’ve seen firsthand how quickly a small lapse in cyber hygiene can spiral into lasting financial and emotional consequences. Reports of compromised or “hacked” devices are on the rise and now make up the second-highest method of identity compromise, surpassed only by scams. This month—and every month—take time to strengthen your defenses and learn the simple steps that can make a major difference in protecting your identity.

The Growing Threat of Compromised Devices

Cybercriminals target both individuals and organizations, often exploiting weak spots in systems or everyday human behavior. A single compromised phone or laptop can expose a treasure trove of personal information, including photos, financial data, stored passwords and even access to other connected devices.

In recent ITRC reports, device compromise has surged as attackers use malicious links, fake apps and remote-access scams to gain entry. Once inside, they can monitor activity, install tracking software or lock you out of your own accounts. The result: identity theft, drained bank accounts and major headaches restoring access.

The good news is that you can significantly reduce your risk by practicing strong cyber hygiene.

Keep Your Software Up to Date

One of the simplest yet most effective cybersecurity habits is keeping all software updated on every device you own. That includes operating systems, browsers, and apps on your laptop, desktop and phone.

When companies discover security vulnerabilities, they release updates or “patches” to fix them. Failing to install those updates gives bad actors a window of opportunity to exploit known flaws. Cybercriminals actively scan for outdated systems because they’re easier to penetrate.

Set devices to update automatically whenever possible. It’s a small change that can protect you from major breaches.

Think Before You Click

Fraudsters often rely on social engineering, tricking you into taking an action that gives them access. A common tactic? Malicious links.

Phishing emails, texts or social media messages often contain links that look legitimate but lead to fake websites or trigger malware downloads. These pages are designed to harvest your personally identifiable information (PII), such as your Social Security number, birthdate or login credentials.

If you receive a message from an unknown sender—or even a familiar one that seems suspicious—don’t click. Instead, verify links independently. Type the company’s web address directly into your browser or contact them using a trusted number or email. 

Only Download Apps from Authorized Stores

Another frequent source of compromise is app downloads. Cybercriminals often create counterfeit apps that appear legitimate but contain hidden malware capable of spying on your activities or stealing stored data.

To stay safe:

• Only download apps from authorized stores such as Google Play, Apple’s App Store or your device manufacturer’s marketplace.
• Avoid third-party websites that promise early access or free versions of paid apps.
• Check app permissions—if a flashlight app wants access to your contacts or camera, that’s a red flag.

By keeping downloads limited to official sources, you dramatically reduce your exposure to malicious software.

Don’t Allow Remote Access to Your Devices

Remote access scams are a growing threat, particularly among “tech support” fraud schemes. A scammer might pose as a representative from a trusted company, claiming your computer or phone has been infected. They’ll then ask to access your device to “fix” the issue.

In reality, granting remote access hands over control of your files, photos and stored accounts—essentially everything that’s not locked behind additional security measures. Once connected, scammers can install malware, steal information or demand payment to “unlock” your device.

Legitimate companies will never reach out unsolicited to offer tech support. If you think a device is compromised, contact the manufacturer directly or a reputable IT support service.

Strengthen Your Passwords and Use Passkeys

Your passwords are your first line of defense. Unfortunately, weak or reused passwords remain one of the easiest ways for hackers to break in.

Whenever possible, use passkeys, a newer, phishing-resistant alternative to passwords that relies on cryptographic authentication and can’t be stolen through traditional hacks.

When passkeys aren’t available, follow these best practices:

• Create unique passphrases of at least 12 characters for every account.
• Mix letters, numbers, and symbols—but use something memorable (e.g., PurpleSunset!PlaysJazz) rather than a random string.
• Turn on multifactor authentication (MFA) using an authenticator app rather than SMS. Authenticator apps generate codes that can’t be intercepted through text message scams.

Avoid storing passwords in unsecured documents or notes apps. A password manager can help safely keep track of all your credentials.

Freeze Your Credit

Even with strong cyber hygiene, breaches can still happen. That’s why the ITRC recommends freezing your credit at the three major credit bureaus: Experian, Equifax and TransUnion.

While not a “cyber” measure, a credit freeze is a powerful way to stop new accounts from being opened in your name if your personal information is ever exposed. It’s free, doesn’t affect your credit score, and can be temporarily lifted whenever you need to apply for credit.

In addition to the three major bureaus, there are also specialty credit reporting agencies that maintain data related to areas like banking, utilities, tenant history, and insurance. These agencies, such as ChexSystems, Innovis, and the National Consumer Telecom & Utilities Exchange (NCTUE), also allow you to request your reports and place freezes. Freezing your file at these agencies provides an extra layer of protection, especially against identity thieves attempting to open alternative financial or service accounts in your name.

To make the process easier, you can use tools like FrozenPii.com, which helps you manage credit and specialty report freezes in one place. It’s a helpful resource for monitoring your personal information across multiple reporting systems and ensuring that your data stays protected.

Practice Daily Cyber Hygiene

Good cybersecurity is less about one-time fixes and more about ongoing habits. Think of cyber hygiene the way you think about brushing your teeth—it’s small, consistent actions that prevent long-term problems.

Here are a few everyday steps you can take:

• Review your privacy settings on social media. Limit how much personal information you share publicly.
• Use secure, private Wi-Fi networks. Avoid logging into sensitive accounts on public Wi-Fi.
• Back up important files to an external drive or secure cloud storage.
• Regularly review your financial statements and account activity for unauthorized charges or unfamiliar logins.

Test Your Cybersecurity Status with Our Online Quiz

Want to see how strong your cyber hygiene really is? Take the ITRC’s “Are You Cyber Safe?” quiz.

The short quiz walks you through common online safety scenarios and offers personalized tips to improve your digital habits. It’s a quick, engaging way to identify where your cybersecurity knowledge might need a refresh, and it could help you avoid becoming the next victim of identity theft.

What to Do If You’ve Been Compromised

If you believe your device, account or identity has been compromised, don’t panic. The ITRC offers free, expert guidance to help victims of identity crimes navigate recovery safely and efficiently.

Our advisors can:

• Help you create a step-by-step plan to secure your accounts.
• Explain how to report identity theft to the right authorities.
• Connect you with resources to restore your digital well-being.

You can reach the Identity Theft Resource Center by calling or texting 888.400.5530. Assistance is always free and confidential.

Stay Cyber Aware All Year Long

Cybersecurity Awareness Month is more than a reminder, it’s a call to action. As digital threats evolve, so must our habits. Regularly updating your devices, practicing safe browsing, using strong authentication and freezing your credit are small steps that make a lasting impact.

At the ITRC, we believe everyone deserves to feel safe online. By taking steps today, you can protect your data, identity and peace of mind tomorrow.