October is Cybersecurity Awareness Month. Now in its 18th year, this initiative developed by the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cyber Security Alliance (NCSA), continues to raise awareness about the importance of cybersecurity and the need to stay safe online.
The overarching theme is “Do Your Part. #BeCyberSmart.”
This evergreen theme encourages a collaborative effort between government and industry, in order to empower individuals and organizations to own their role in protecting their part of cyberspace. It stresses personal accountability and the importance of taking proactive steps to enhance cybersecurity – be it at home or at work.
The risks of underestimating cybersecurity
We are connected more than ever before, with remote working, third-party technologies, and internet-enabled devices steadily integrating into our everyday lives. However, this also introduces risks and vulnerabilities that people need to be aware of in order to handle them responsibly and take steps for reducing exposure.
That’s why cybersecurity (and being cyber smart) matters. Cybersecurity is a collective responsibility, and by adopting proper cyber-hygiene practices, we are making sure that cybercriminals have fewer entry points into systems, data, and devices.
On an individual level, lax cybersecurity practices could grant an attacker access to your personal data to potentially commit identity theft, clean out your accounts, damage your reputation and/or credit, or even scam your friends and family.
On a work environment level, lax cybersecurity practices could end up in costly data breaches, or even a business disruption. The Colonial Pipeline attack particularly stands out as one stolen password allowed cybercriminals to enter the system and shut it down with ransomware.
The silver lining is most of these incidents could have been avoided with proper cybersecurity measures. So how to actually do your part?
How to #BeCyberSmart
Cyber Security Awareness Month is reminding us that every individual should own their role in protecting their information, systems, and devices.
As clichéd as it may sound, one of the best things you can do is get the basics right. Follow these tips to be Cyber Smart:
1. REPLACE PASSWORDS WITH LONGER PASSPHRASES
Length trumps complexity. Cybercriminals have gotten good at cracking passwords, and the fact that the most used passwords continue to be “123456” and “password” calls for additional measures. Passphrases are sentences at least 12 characters long that are harder to predict. If you’re the type of person who constantly forgets their passwords and/or repeats the same one across multiple services, you certainly need a password manager, which will simplify the whole task of creating and memorizing passwords to remembering just one.
2. USE TWO FACTOR AUTHENTICATION
One layer is not enough. Multi-factor authentication adds additional layers of protection to complement your password with biometrics, security keys, or a one-time code through an app on your mobile device.
MFA is free, easy to implement and it’s available on most web services and applications, including all Microsoft and Google products.
3. APPLY A HEALTHY DOSE OF SKEPTICISM
Be wary of clicking on any links or following any offers that seem too good to be true, whether they come from a stranger or someone you know – their account could have been compromised to spread a malicious campaign. Links in email, tweets, texts, posts, social media messages and online advertising are the easiest way for cybercriminals to get your sensitive information.
4. ENHANCE YOUR PRIVACY AND SECURITY SETTINGS
When you sign up for a new account, download a new app, or get a new device, look for additional privacy and security settings. Default settings often ask for too much and might not be necessary to use the service. It is a good practice to check these settings periodically to make sure they are still configured to your comfort.
5. PROTECT YOUR DEVICES
All software on internet connected devices – including personal computers, smartphones, and tablets – should be kept clean and up-to-date. This includes applying all patches in a timely manner, and using a reputable security solution that will protect you against malware and other threats you might encounter.
6. PERFORM REGULAR BACK UP
Data loss can have hefty costs for organizations, so prevention is preferable to cure. Backup can protect your digital assets, such as work documents, music, or photos with an electronic copy that’s stored safely. Should a data breach, ransomware attack or natural disaster happen, you would be able to restore the data from a backup.
Use the 3-2-1 rule: keep at least three (3) copies of your data, and store two (2) backup copies on different storage media, with one (1) of them located offsite.
7. AVOID WIFI HOTSPOTS FOR SENSITIVE TASKS
Public wireless networks are insecure, as an attacker could potentially see what you are doing on your laptop or smartphone while you are connected. Avoid logging in to key accounts like email and home banking on public WiFi, and consider using a virtual private network (VPN) or a personal hotspot if you need a more secure connection.
Final thoughts
While the Cybersecurity Awareness Month in the United States and the European Cybersecurity Month campaigns run just for October, cybersecurity awareness is a year-round affair. Don’t let your guard down and make sure to keep applying cybersecurity best practices to all online interactions.
Having lax cybersecurity habits in a work environment can be detrimental to the business. Make security ‘business as usual’ for your organization by reinforcing the above best practices; training all staff on risks and vulnerabilities; and having a plan for recovering data, continuing the business, and notifying customers if you experience a breach.
Be Cyber Smart Across Your Supply Chain
Rising regulatory pressure is coupled by increasing third party risks, and your organization needs to extend cyber hygiene practices beyond its own perimeter.
This strategy guide explains how to sustain a secure vendor ecosystem by solving security and compliance problems for enterprises and third party vendors.
