The Cybersecurity Awareness Month initiative was created in 2004 by the National Cyber Security Alliance (NCSA) and the Cybersecurity and Infrastructure Agency (CISA) of the U.S. Department of Homeland Security. The focus of this month is to create community awareness on the importance of being safe online, to practice being more secure, and to educate vulnerable audiences and employees.
According to Tessian, “88% of data breaches are caused by human error” and “56% of IT leaders believe their employees have picked up bad cybersecurity behaviors since working from home.” Verizon released a report stating that “61% of data breaches are caused by compromised credentials.”
Technological advancements, the pandemic, and the shift to remote work have made us all the more interconnected. To keep our online world secure, we all must be cyber smart. Cyberattacks and breaches such as SolarWinds, Kaseya, Colonial Pipeline, and other critical infrastructures within the last year are alarming as they impact third party partnerships. How do organizations protect themselves from such attacks? It starts with being proactive, diligent, and safe online.
Your passwords do not have to be complicated, but they do have to be long and complex, yet easy to remember. Secure your accounts by mixing the passphrases and passwords up — make them unique for each account that you have. A couple of ways to track and remember your passwords are by writing them down and ensuring they’re in a safe place away from your computer or by using a password manager. Password managers also generate strong passwords for you, and they retain your login credentials, so you don’t have to remember them.
Sometimes a strong passphrase/password is not enough, a breach is still likely to occur. By enabling multi-factor authentication, also called two-factor authentication, you’re making it that much harder for cybercriminals to access your account. This is an extra layer of protection that allows you to use multiple types of credentials prior to logging in to an account. A few authentication tools that are currently available are biometrics, security keys, and unique one-time code sent to your mobile device or app. Most email, banking, and social media services offer multi-factor authentication, check your security settings to opt-in for this feature.
At Shared Assessments, we stand by the “trust, but verify” model. A best practice is to conduct research prior to downloading anything new onto your devices, such as programs or apps. By taking this extra step, in exploring what other users say in their review about the program or app and examining the app’s security and privacy features you are maintaining cyber hygiene.
The first task to complete when downloading a new program or app onto your device is checking the security and privacy features. Take note of who or what can access your documents or data.
A habit to break out of is clicking ignore when your system asks you to update your device, software, web browsers, or operating systems. When your device notifies you that it’s time to update the software — don’t wait, update right away! You can also enable the auto-update.
Cybersecurity is never optional. All organizations need to practice cyber hygiene and make this a priority. By implementing these cautionary measures, you and your organization can decrease the risk of a cyber incident exponentially. For more information about ways to stay safe online visit the National Cyber Security Alliance (NCSA) and Cybersecurity & Infrastructure Security Agency (CISA).