Happy October, and welcome to the 20th Cybersecurity Awareness Month. For those who are directly involved with cybersecurity, every month is cybersecurity awareness month, but not everyone shares this view. The program is designed to be a collaborative effort between government and industry to raise cybersecurity awareness. This month is the catalyst to raise awareness throughout your organization and within your network about the steps we should all take toward more secure actions when online or using connected devices. Yes, connecting your computer, phone, or tablet to the internet represents a risk, but we can all mitigate that risk through education and awareness. Cybersecurity awareness ensures everyone has the resources to be safe and secure online.
As one involved in cybersecurity, the question might be why only one month is dedicated to this critical task. We’ll take our one month and be happy for now. What is the consensus on cybersecurity? Here are a few stats from “Oh Behave! The Annual Cybersecurity Attitudes and Behaviors Report 2022:”
Let's start with the positive:
Nearly 4 out of 5 people agree that staying secure online is a top priority. Maybe they’ve been personally impacted by a breach, indirectly affected, or have seen enough stories about the negative repercussions of a breach to know. When I see a stat like this, I am always curious to know what the 1 out of 5 thinks and why it’s deemed unimportant. In our global and tightly interconnected world, the impacts of a breach are significant.
Now, let’s see the other side of the coin:
There are some things to think about there, especially given the role many of the readers of this blog will have. If you are a security leader, practitioner, or just getting started in a cyber role, how do you address these? While it’s cliché to say you are only as strong as the weakest link, it’s true. Attackers know they only need to find one person, system, application, or gap to gain access and cause a world of hurt.
This Year’s Theme - Secure Our World
Every year, the Cybersecurity and Infrastructure Security Agency (CISA) chooses a theme to focus the conversation for the month; this year, that theme is Secure Our World. This year, they highlight four ways to stay safer online and address some of the challenges cited above:
I’m sure at least one reader has bemoaned the overly complex password requirements or the mandated 90-day password changes. These are all minor inconveniences compared to having your password compromised. If it’s your Starbucks account, maybe it’s a little less annoying, but if it’s your 401(k), bank account, or other major account, it can be a much more financially painful experience. Use a long sequence, don’t reuse passwords, and make them complex with UPPER and lowercase, num83r5, or $peci@l ch@r@cters.
Multi-Factor Authentication (MFA) adds another step to the process by requiring multiple access points before logging in to an account. I interned at RSA Security during grad school, and the “something you know, something you have, and something you are” mantra is still in my head.
Phishing continues to be a top challenge for cybersecurity professionals; awareness and training users to spot attacks are part of most organizations’ security practices. Staying ahead of these threats still takes constant vigilance and a skeptical eye. If it looks suspicious and asks you to do something “RIGHT NOW,” be warned. Typos and misspelled domains are obvious signs, but attackers are always looking for new bait.
New software versions often feature both added functionality (yay!) and enhanced security. Automatic updates are one way to stay on top of the updates, and many organizations have this set by default. There are other apps where you, as the user, need to check the box for the update, and all too often, “Remind me Later” is selected. In some cases, new software versions can have unintended consequences, but software vendors like Next take steps to minimize this with day 1 compatibility for releases like the recent MacOS Sonoma update.
Cybersecurity Awareness is a Year-Round Theme
There are 29 more days in Cybersecurity Awareness Month, but there are no days where we should take a break from cybersecurity hygiene. Your professional and personal online worlds are too important to protect just one month out of the year. At Next, we are a seven days a week, 12 months a year focused on it. Learn more about the Reveal platform from Next; it’s a unified insider risk management and data loss prevention platform built to keep your data safe from loss or theft.