In 2004, the US government declared October to be Cybersecurity Awareness Month. Every year focuses on a different theme with the overarching goal of promoting awareness of the importance of protecting ourselves in a digital world. This year’s campaign theme focuses on the human element and actively encourages people to adopt practices that make them part of the solution, rather than the problem.
Technical and administrative measures tend to get the lion’s share of attention when it comes to conversations about cybersecurity, especially in the business world. However, while these measures play a vital role in any security strategy, they are only ever as effective as the people tasked with using them. For too long has cybersecurity been considered a primarily technical domain, when it’s really all about people.
This month, CISA and NCA are highlighting four action steps everyone should take to protect themselves online:
#1. Learn to recognize phishing scams
According to Deloitte, 91% of cyberattacks begin with a phishing email sent to an unsuspecting victim, making it by far the most common form of social engineering. This makes clear the fact that people are almost invariably the weakest link when it comes to cybersecurity. That’s why there’s no substitute for continuous security awareness training. Everyone should learn how to recognize phishing emails as best as possible, and no one should take spam filters alone for granted. If an email or instant message arrives unexpectedly, it asks for confidential data, or looks a little off in any other respect, always think before you click.
#2. Enable multifactor authentication
Most social engineering scams target login credentials, including usernames and passwords. After all, a strong password is practically impossible to crack using a brute-force attack, so it’s much easier to exploit human ignorance and unpreparedness instead. No legitimate company will ask you to provide passwords or other login information via email or instant message. That said, there are many other methods social engineering scammers use to get this information, which is why you must always have a second authentication method. Multifactor authentication (MFA) adds an extra layer of protection, such as a fingerprint scan or one-time security token.
#3. Protect accounts with strong passwords
Although no one should ever rely on passwords alone for protecting sensitive apps and data, they do continue to play a central role in access management. The problem with passwords is that most of us have to remember dozens of them for the various online accounts we have. This inconvenience encourages people to use the same, often easy-to-remember password for all their accounts. However, using tools like LastPass password manager makes it easy to use a different, longer, and more complex randomly generated password for each account. That way, if one account is compromised, it doesn’t mean all your others are too.
#4. Keep your software up to date
Software update notifications might be tiresome, especially when they interrupt your workflow. However, they should never be ignored, because they often contain critical security fixes for zero-day exploits and other threats. Hackers often target outdated software, which is why you should always act quickly or, better still, enable automatic security updates. Cloud-based apps and services typically don’t need updating on your end, since updates will be handled by the service provider. The same can’t be said of locally installed software, including desktop and mobile operating systems.
SeedSpark provides managed services to bolster your security posture and mitigate the risks to your organization. Get in touch today to get the proactive IT support you need to succeed.