More than the month of Halloween and the beginning of Spooktober, this week begins Cybersecurity Awareness Month. Recovery from the COVID-19 pandemic and the increased use of personal devices left cybersecurity professionals with even more endpoints to manage and secure. As illustrated by breaches like the March 2022 attack on Shields Health Care Group that impacted two million people and the April ransomware attack that became a national emergency for the Costa Rican government, we all need to be cyber defenders to protect what matters.
As threats to technology and private information become more frequent, President Biden, alongside Congress, has proclaimed October to be Cybersecurity Awareness Month. This initiative aims to assist people in protecting themselves online. Government and business are working together to increase cybersecurity awareness on a national and worldwide level under the direction of the National Cybersecurity Alliance (NCA) and the Cybersecurity and Infrastructure Security Agency (CISA).
The majority of cybersecurity news stories focus on massive data breaches and cybercriminal and ransomware gangs, so it can still feel overwhelming. But Cybersecurity Awareness Month serves as a reminder to everyone that there are numerous ways to safeguard your data. Even learning the fundamentals of cybersecurity can have a significant impact, so that’s where we’ll start.
Here are a few importance cybersecurity practices that you can start with this month.
Enable Multi-Factor Authentication
Most professionals agree that enabling multi-factor authentication (MFA) is the best precaution to mitigate password attacks. As a CISA advisory highlights: “MFA is one of the most important cybersecurity practices to reduce the risk of intrusions—according to industry research, users who enable MFA are up to 99% less likely to have an account compromised.”
It is therefore important to enable MFA wherever this is possible. A common mistake in many industries is that protection is extended only to privileged accounts, such as IT admins, and their remote users. However, every employee and every individual are a potential target for criminals. Hence, MFA should be enabled for every employee to reduce the potential of attackers compromising an account.
Additionally, the type of MFA also matters. The recent attacks on Cisco and Uber demonstrated that not all MFA methods are equally safe. In fact, SMS-based authentication is deprecated by NIST since 2017, while attackers are using tactics like MFA fatigue to circumvent authentication methods like OTP push-notifications.
Always update your software
Keeping your software and apps updated is one of the simplest ways to keep your information secure. Software updates are a simple method to stay ahead of threat actors.
Here are a few of the ways updating your software can make a difference:
Close security holes: Cybercriminals can gain access to a person’s computer because of software flaws. Threat actors view these flaws as unlocked doors that provide them access to infect systems with malware. Software security updates close these open gateways to prevent attacks on a system.
Safeguard your data: A threat actor that gains access via a software security hole will look for confidential documents, passwords, and other personal data such as financial information. Data is better protected when software is updated to address security flaws.
Increased efficiency: Not every patch relates to security. Software developers could discover defects in software or realize that a program needs to be improved. The software’s performance is boosted by these modifications.
Verify compatibility: To make sure their program is compatible with the newest technologies, software developers issue updates. Older software may not be compatible with newer technologies without upgrades.
It’s also important to download software updates exclusively from the source that produced them. Never utilize software that has been cracked, pirated, or used without a license (even if provided by a friend). These frequently have viruses and create more issues than they fix. It also helps to control the process, whether that’s by automating the process to execute automatically during offline hours or manually creating a strict schedule.
Recognize and report phishing
Despite the fact that this is tactic is tired, it remains true as a popular tactic for cybercriminals. In the majority of cyberattacks, criminals employ social engineering, and they do it because it is effective. Cybercriminals are increasingly convincing and persuasive in many of their phishing attempts as we have grown more knowledgeable to obvious hoaxes.
People process information in one of two ways: quickly or slowly. When we think slowly, we are composed, thoughtful, and reasonable. Cybercriminals want us to think differently than this. They want to trick victims into thinking fast and being irrational. Therefore, cybercriminals manipulate our emotions to persuade us to click questionable links, download dangerous attachments, and disclose our credentials.
Recognizing a bogus email or message that is a part of a criminal’s phishing campaign is the challenging part. All that is left to do is report it. Report the email as soon as you can to your IT manager if you are at the workplace and it was sent to your work email address. Don’t skip this part. It can help your cybersecurity team manage exposure.
October is a scary month. Don’t be like the kids at a lake house in a scary movie. Make smart decision and manage your risk appropriately. #BeCyberSmart!