Every October, governments and private organisations alike collaborate to raise awareness of digital security.
It’s called Cybersecurity Awareness Month and its goal is to empower everyone to protect their data from cybercrime.
Launched in 2004 by the National Cyber Security Alliance and the Department of Homeland Security (DHS), this month is dedicated to providing people with online safety resources while emphasising the significance of taking the necessary steps to improve cybersecurity on university campuses, workplaces, and homes.
In this blog, we’ll dig into this year’s theme, take a look at the last 12 months in breaches and share our four key behaviours everyone
See Yourself in Cyber
This year’s Cybersecurity Awareness Month campaign theme is “See Yourself in Cyber,” and it represents the simple truth that cybersecurity is ultimately about people, which means seeing yourself in cyber regardless of your role.
According to the Cybersecurity and Infrastructure Security Agency (CISA) website, “this year’s campaign theme demonstrates that while cybersecurity may appear to be a complex subject, it’s ultimately all about people.”
The CISA will highlight key actions people should take through this campaign, such as enabling multi-factor authentication, using strong passwords, recognising and reporting phishing, and keeping your software up to date.
What we can learn from the last twelve months of data breaches?
Since the last cybersecurity awareness month, we’ve witnessed an abundance of data breaches in all shapes and sizes. What’s notable, however, is how many of these breaches related to this year’s theme of the human element in cybersecurity.
Last month saw the well-documented data breach from ride-hailing giant, Uber. The most significant elements from the breach focused on the human element, including social engineering and multi-factor authentication violations. A year ago, two-factor authentication was the phrase on everyone’s lips, but now hackers are becoming more adept at getting around what is known as multi-factor authentication by exploiting a variety of channels and methods.
Ironically, popular password manager LastPass experienced a major data breach earlier in the year. Customers and a wider audience were naturally worried, as the organisation takes pride in offering tools to protect passwords but couldn’t secure their own information. As it is a theme in every cybersecurity awareness month, this breach emphasised that the most effective way of keeping passwords secure is to use different passwords for each service, by using a random generator tool.
Probably the most prominent since last October, Russia’s war with Ukraine has introduced another level of threat to organisations. The National Cyber Security Centre (NCSC) told UK organisations to buckle up and prepare for the long haul. This year’s updated guidance drew inspiration from getting back to the fundamentals. They noted that organisations must focus on security basics, empower staff, and accelerate any planned action to harden networks and strengthen defences.
Four key behaviours to reduce your cyber risk.
Enable multi-factor authentication
Enabling multi-factor authentication adds a second layer of security to your online accounts by requiring an additional verification step after you provide your correct username and password.
Enabling MFA is an easy way to protect your accounts and personal information. In fact, according to the National Cybersecurity Alliance, 99.9% of account hacks could have been prevented by using MFA.
Use strong passwords and a password manager
Making sure your employees receive clear, actionable instructions on creating strong passwords is key whether you are in charge of IT within your company or a senior member.
Passwords should be simple to remember yet challenging for others to guess. A smart tip to follow is to ensure that your password can’t be guessed after 20 attempts by someone who knows you well. Our dedicated password training course is designed to help you do this, to help your staff prevent the loss of critical data and the NCSC also has some useful advice on choosing a hard-to-guess password.
Update software
Your organisation’s operating system is a tempting target for hackers as it controls every function on your computer. However, despite built-in limited virus protection, no operating system is without security gaps.
That’s where regular patches and updates from the software makers come into play. These updates resolve those issues and make you safer. So, the next time that you’re prompted to update your software – do it.
Recognise and report phishing attempts
At the core of most cyber attacks, in the last year and others prior, is social engineering and teaching your employees to recognise and stop phishing attacks is vital. As phishing attacks remain at 90% of successful data breaches, the best way to stop cybercriminals is to beat them at their own game.
You can train your employees with our phishing simulations, which teach employees how to spot phishing attacks and correctly report and dispose of them without giving the cybercriminals the information and access they want.
How your organisation can get involved in Cybersecurity Awareness Month
Throughout this month, we will be hosting polls across our social media. Get your employees involved and create your own competition!
However, the best way you can get involved in cybersecurity awareness month is by starting your employees on their training journey. Let Bob’s Business do the leg work for you this October, and start training your team today.