October is Cybersecurity Awareness Month, serving as a reminder of how important it is to protect data and that there are many ways to accomplish this. As technology continues to advance, so does the need for taking measures to safeguard sensitive information. Following a few basics can make a big difference in making sure your data and systems are secure.
What Is Cybersecurity Awareness Month?
Cybersecurity Awareness Month (CAM) is an annual initiative held every October. It promotes cybersecurity awareness and education and aims to empower individuals and organizations, helping people strengthen their defenses against cyber threats.
CAM started a U.S. initiative, National Cybersecurity Awareness Month. Then, it quickly spread around the globe and is currently led by two agencies: National Cyber Security Alliance (NCSA) and Cybersecurity and Infrastructure Security Agency (CISA).
This collaborative effort involves various stakeholders including government agencies, industry leaders, and cybersecurity experts. The goal is to raise awareness about cyber risks and best practices.
This year’s theme for CAM is Secure Our World, with the goal of reminding everyone that there are four basic ways to protect yourself, your family, and your business from online threats.
Enabling Multi-Factor Authentication (MFA)
Implementing Multi-Factor Authentication (MFA) adds a vital layer of security to all logins. In most cases, a hacker can’t breach an account protected by MFA. This is the case even if the bad actor has the password. According to Microsoft, MFA can block 99.9% of attempted account compromise attacks. With such a strong track record, everyone should be utilizing MFA on every login they have.
Use Strong Passwords and a Password Manager
Passwords remain a critical aspect of securing online accounts. Despite the increased use of biometrics, strong passwords remain an easy and effective way to help reduce the risk of sensitive data being compromised. Require your team members to use strong, unique passwords for each account and avoid easily guessable information like birthdays or names.
National Cybersecurity Alliance recommends the following when creating a password policy:
- Long – Every password should be at least 12 characters long.
- Unique – Each account needs to be protected with its own unique password. Never reuse passwords. This way, if one of your accounts is compromised, your other accounts remain secured. We’re talking really unique, not just changing one character or adding a “2” at the end.
- Complex – Each unique password should be a combination of upper case letters, lower case letters, numbers and special characters (like >,!?). Again, remember each password should be at least 12 characters long.
Using long, unique, and complex passwords has an added bonus – the latest guidance released by the National Institute of Standards and Technology states you do not need to change your password often, if ever, unless an account is compromised.
What is the best way to keep track of your passwords? Password managers are the answer and literally takes just a few minutes to download and setup. Once setup, you can store any existing passwords and then use the app to create new passwords for you. To learn more about the benefits of password managers, click here.
Recognizing and Reporting Phishing
Phishing attacks are a frequent method used to launch cyber threats. Train your team to identify phishing emails, suspicious links, and unsolicited attachments. Encourage them to verify the sender’s email address as well as never provide sensitive information unless certain of the recipient’s authenticity.
It’s also important to educate employees about phishing beyond email. Phishing via text messages has been increasing significantly and some criminals phish via direct messages on social media platforms.
Another important aspect of phishing awareness is to report phishing. If it’s reported, then other employees know to avoid that phishing trap. The organization’s IT team also needs to know so they can take action to mitigate the threat. Be sure to let employees know how they can report a phishing email when they suspect one.
Updating Software
Outdated software creates vulnerabilities that cybercriminals can exploit. Regularly update operating systems, applications, and firmware to ensure the latest security patches are in place.
Automating updates is a good way to ensure they’re done promptly. Companies can use endpoint device managers to handle updates across all employee devices. Managers like Intune simplify the process and enhance endpoint security.
We Can Help You Put the Best Cyber Practices in Place
Need help with assessing your cybersecurity? Our team of experts can get you going on the basics and assess your entire cybersecurity environment to ensure you are doing everything possible to protect your data.