October is more than just the month of fall foliage and Halloween; it’s a period that has, for the past two decades, been dedicated to cybersecurity. As we mark the 20th Cybersecurity Awareness Month, it’s clear that with the increasing volume and sophistication of cyberattacks, cybersecurity and its subsequent awareness are just as, if not more, important today. The collaborative efforts of governmental agencies and those in the tech industry underscore the imperative of ensuring individuals and businesses remain secure.
Cybersecurity Awareness Month: A Two Decades Journey
Cybersecurity Awareness Month was established when our digital landscape looked quite different. Following the tragic events of 9/11, government agencies and tech industry leaders collectively recognized the critical need for digital safety. Organizations including the Department of Homeland Security (DHS), the White House, and tech leaders such as Microsoft, Amazon, Cisco and others joined together to educate the public on the necessity of safe technology usage. This effort gave birth to Cybersecurity Awareness Month. This campaign has evolved over the years to be co-managed by the National Cybersecurity Alliance (NCA) and the U.S. Cybersecurity and Infrastructure Security Agency (CISA).
During its first instance, the primary advice of Cybersecurity Awareness Month was straightforward: change passwords in tandem with smoke detector battery replacements. While this was a practical starting point, the digital landscape has evolved dramatically. With the rise in volume and sophistication of cyberattacks, such simplistic advice is no longer sufficient. The nature of threats has shifted from mere password breaches to advanced persistent threats, ransomware attacks, and sophisticated phishing schemes. The goals and recommendations have matured over the years, reflecting the complexities of today’s cyber threats.
With that said, one of the primary objectives of Cybersecurity Awareness Month is to let users know that being safer does not need to be overly complicated or arduous. Rather, by adding a handful of simple actions to our daily routines, we can all become significantly safer whenever we are online.
Image source: cisa.gov
Everyday Actions for Cybersecurity Awareness Month
Awareness is undeniably the foundation of digital safety. However, it’s the actions we take, based on that awareness, that truly determine our security in the digital realm. This year’s theme from CISA, “Secure Our World,” is a firm reminder, emphasizing our collective role in fortifying the digital space. Let’s delve deeper into the four actions highlighted by the campaign:
Use Strong Passwords
In today’s digital age, where data breaches have unfortunately become commonplace, the significance of using robust passwords cannot be overstated. A strong password is the first line of defense against potential cyber threats. But what constitutes a strong password? In a post from earlier this year, OneNeck’s Security Specialist, Nick Santilli, states that ideally, it should be a combination of letters (uppercase and lowercase), numbers and special symbols, making it difficult for cybercriminals to guess or crack. He further recommends that instead of passWORDS, think more in terms of passPHRASES. Passphrases are typically longer than passwords and, therefore, harder to crack.
Moreover, with the plethora of online accounts most of us manage, remembering unique passwords for each can be daunting. This need for password organization is where password managers come into play. These tools store your passwords securely and generate strong, random passwords for your accounts.
Enable Multi-Factor Authentication (MFA)
While a strong password is crucial, it’s not infallible. Cybercriminals have developed methods to compromise even the most complex passwords. This need to supplement the protection offered by login credentials is where Multi-Factor Authentication (MFA) steps in.
As mentioned in our March blog, To MFA or Not to MFA – It’s Not Really a Question Anymore, MFA requires users to provide two or more verification factors to access an account, making unauthorized access incredibly challenging. This validation could be something you know (password), something you have (a phone or hardware token), or something you are (fingerprint or facial recognition). By adding this additional layer of security, even if an attacker manages to steal your password, they won’t be able to access your account without the second verification factor.
Recognize and Report Phishing
Phishing attacks are the most common form of cybercrime. Cybercriminals craft seemingly legitimate emails, messages or websites to deceive individuals into providing sensitive data, such as personally identifiable information, banking details or login credentials. It’s imperative to be discerning and vigilant. For organizations, educating and training employees is essential. One particularly effective method to train and test is using simulated phishing attacks.
While organizations can employ training methods, individuals must also be vigilant in recognizing and responding to potential threats. Always verify the source before clicking on any links or downloading attachments. Look for telltale signs of phishing, such as generic greetings, spelling errors or suspicious email addresses. Trust your instincts and avoid interacting with the message if something seems amiss. Moreover, reporting suspicious activity is fundamental in curbing such threats and ensuring that others are warned quickly.
Regularly Update Software
The digital landscape is dynamic, with cyber threats constantly evolving. To counter these threats, software developers regularly release updates that patch known vulnerabilities. Keeping your software updated, be it your operating system, applications or antivirus, protects against the latest known threats.
Auto-updates are one option for keeping software current. Still, they might not always be feasible for organizations due to compatibility issues, work schedules or other business requirements. In such cases, investing in patch management becomes crucial. Patch management ensures that updates and patches are prioritized and applied promptly, offering a structured approach to maintaining software security.
OneNeck: Your Partner for Cybersecurity Awareness Month and Beyond
At OneNeck, our core values resonate deeply with the goals of Cybersecurity Awareness Month. While security might be intricate for professionals, we understand that it should be accessible and straightforward for everyone else. Simple measures such as MFA, password managers and cybersecurity education (like recognizing phishing scams) can significantly enhance digital security for your business.
Take action this Cybersecurity Awareness Month. Partner with OneNeck, and let’s work together to fortify your digital defenses, ensuring a safer and more secure online environment for your business.