October 2023 will mark 20 years of celebrating national cybersecurity awareness month. Created in 2004 by the President of the United States and Congress cybersecurity awareness month has been a month where both the public and private sectors come together to raise awareness about cybersecurity and the threats every business and individual face today.
Why an entire month though? It's commonly known that an organizations weakest link are its humans. You can have every security control, the most advanced firewalls, and constant monitoring yet all it takes is one wrong click to let the bad guys in. Educating users on the risks associated with using the internet, social media, and other technologies is the first, and most important step to fostering a secure culture.
That's why this cybersecurity awareness month, you should take the time to learn more about what threats you may face on the internet and how to combat them.
Quite possibly the greatest cyber threat is that of social engineering. Cyber criminals will resort to manipulation tactics in order to trick users into handing over login credentials, clicking a malicious link, or providing otherwise sensitive information. Often delivered in the form of phishing emails, bad actors will impersonate a friend, family member, coworker, or boss in order to lure victims in a false sense of security or panic. Their messages will play on the emotions of their victim by either scaring them, guilt tripping them, or otherwise manipulating them into taking a particular action. For example, if you were to receive an urgent message from your boss asking you to click a link or give him access to a sensitive document ASAP you may do so without thinking. Cyber criminals rely on individuals "clicking without thinking".
Other forms of social engineering include social media impersonation, SMS phishing, and scam calls. Unfortunately, with the rise of generative AI it looks like phishing emails will be easier than ever to produce and distribute.
Everybody has a part to play in cybersecurity. You may think you're not a target or that you don't have anything cyber criminals want, but this couldn't be further from the truth. Whether you're working from home, browsing social media, online shopping, or checking your emails, you're at risk of becoming victim to a cyber attack.
This means that every individual must take the necessary steps to secure themselves and their private data. The good news is that some of the most effective tips tend to be the most practical and simple to implement.
So what should YOU do?
Have you enabled multi-factor authentication on all of your accounts and applications you use? If not, then this should be one of your first steps. MFA allows you to add an extra step to your login process when signing into your applications and trusted websites to ensure that you are who you say you are.
This second form of authentication ensures that even if your password is stolen or compromised, attackers will have a harder time accessing your accounts. While MFA should be implemented on all of your applications, you should have it configured on your banking app, social media accounts, and school or work accounts at the very least.
There are several forms of alternative authentication methods:
Something You Know: This is an additional PIN number or security questions that you can input in addition to your traditional password.
Something You Have: Most MFA apps provide a temporary code or push notification a user must input before signing in. These codes are random and are only valid for a short period of time.
Something You Are: Using biometric's to sign in can greatly improve the security of your accounts. Using your fingerprint or faceID can be an effective form of secure authentication.
64% of the time, passwords are reused across multiple applications. Even worse, many of these passwords are easily cracked and used by hundreds of people worldwide. Passwords such as "password", "1234abcd", "p@$$word", and "admin" consistently top the lists of commonly used passphrases.
Cyber criminals can brute force these passwords in a matter of seconds by simply running an automated program that tries all of the most commonly used login combinations. Many individuals also use passwords that include personal information like the name of a pet, child, or other personal interest. With some simple research, attackers are likely to figure our these predictable login credentials.
How should you craft your passwords?
When reading through a suspicious email or message, think before you click. Make sure that whoever is claiming to be the sender actually is that person. Pay attention to the address or phone number. Do you recognize it? Does it seem off? There's no harm in speaking to that person directly or asking for clarification. Pay attention to the tone of the message as well. Never respond out of fear or urgency just because the sender claims they need you to act ASAP. You can also hover your cursor over any link or file to see where it will take you. If the link says it's from Amazon.com, but the actual embedded URL is something like "www.eweff78s923da/fgrwew.com" then it's probably malicious. Use common sense while surfing the internet. If a deal, link, or message seems suspicious, it probably is.
Updating your PC or smartphone can be frustrating and tiresome. Many people are tempted to hit "remind me later" or "skip this update" to avoid having to sit through lengthy updates or patches. While constant updates can be annoying, they are important to maintaining the security and health of your devices. While some updates may provide quality of life changes or new features, many updates contain important security fixes or patches to address known vulnerabilities. It's important to stay up to date of the latest software patches to ensure you're working with the most secure version of your technology.
The purpose of cybersecurity awareness month is to educate individuals on how to combat cyber threats in their everyday lives. Whether it be in the office, at home, or at school, security is important for everyone. It's important that you are always learning about the newest developments in cyber threats or practices that you can take a proactive approach to cybersecurity rather than a reactive one.
CorpInfoTech provides comprehensive managed services for small-medium sized businesses looking to improve upon their security. For individuals, we have various blogs, whitepapers, and resources that you can use to learn more about what it means to be secure!
CorpInfoTech (Corporate Information Technologies) provides small to mid-market organizations with expert I.T. services including compliance assessment, cybersecurity penetration tests, and comprehensive business continuity planning services. CorpInfoTech can help organizations quantify, create, refine, and mitigate the risks presented by business threatening disasters in whatever form they may be disguised.