October is Cybersecurity Awareness Month, and this year is particularly special as we mark the 20th anniversary.
Since 2003, the National Cyber Security Alliance has teamed up with the government and private industries to increase cybersecurity awareness in a bid to help users prevent cyber attacks.
This year’s theme is “Secure Our World”, as it aims to promote cybersecurity tips and best practices that are not restricted to October but can be followed throughout the year.
In this blog, we’ll take a closer look at some of the significant data breaches from the past year, and review the NCSA’s recommended best practices for cybersecurity going forward.
Let’s get into it!
What can we learn from the last 12 months of data breaches?
Northern Ireland Police (PSNI)
In August, a monumental data breach occurred when sensitive information, of nearly 10,000 PSNI staff, was exposed online for three hours.
This breach highlighted the importance for ongoing employee training and awareness initiatives, especially in large organisations where attacks can have a long tail and substantial impact.
MOVEit
June 2023 witnessed a widespread data breach affecting over 100 organisations. The Clop ransomware gang constructed the breach.
This incident has reminded us of how important it is to implement strong cybersecurity measures. This includes proactive security measures, keeping your security up to date, and having an incident response and reporting plan to respond to incidents like this.
NHS
During the year, thousands of NHS patients’ data leaked due to a phishing attack.
The attacker accessed an employee’s email account containing confidential patient information, highlighting the risks of phishing.
This stressed the importance of thorough employee training and regular security policy reviews.
Pepsi:
In February, Pepsi experienced a data breach from a malware attack on its payroll systems.
This breach exposed employee data, including names and social security numbers, stressing the need for continuous software monitoring and updates.
These 2023 data breaches provide a reminder of the significance of cybersecurity awareness and the best practices to follow to protect sensitive information.
Four key practices for year-round cybersecurity
Create strong passwords and use a password manager
We have all encountered a friend or colleague with a password that ends in the infamous “123.”
These kinds of passwords, while easy to remember, are also the first ones potential hackers might guess.
It’s no secret that they provide little protection.
Three tips to strengthen your password security:
- Use three random words: Picking three unconnected, random and memorable worlds will ensure your password is easy to recall but hard to crack.
- Mix in numbers and symbols: By incorporating a combination of numbers and symbols, you significantly increase the complexity of your password.
- Never use the same password twice: It’s a golden rule of password security – never reuse passwords across different accounts.
However, remembering unique and complex passwords for every service can be tricky, which is why using a secure password manager is recommended.
A password manager can safely store all your passwords with the only requirement of remembering one password.
Turn on Multi-Factor Authentication
Multi-Factor authentication (MFA) is like an extra lock for your digital doors, available to all and strongly recommended. If someone somehow guesses your password, MFA acts as a second line of defence.
Even with your password, they can’t access your information without your active involvement. Users should set up MFA in a way that requires a secondary code sent to another device when a password is entered.
This extra step helps to verify your identity.
Recognise and report phishing
Phishing attacks are a growing problem and have evolved significantly over the last 20 years, becoming increasingly sophisticated.
This Cyber Awareness Month aims to educate users on how to spot and report phishing attacks before any consequences occur.
Telltale signs of phishing:
- Urgent or alarming language
- Requests for personal and financial information
- Poorly written or misspelt messages
- Incorrect email addresses, domain names, or links (e.g., “facbook.com”)
Reporting protocols:
- If you suspect phishing, report it to protect yourself and others.
- When in doubt, forward the message to your security team.
- Don’t reply, click on attachments, or follow any links, including “unsubscribe” links. .
By following these simple steps, you can play a crucial role in staying safe from phishing attempts and keeping your information secure.
Update your software
Although that “new update available – click now” button might sometimes seem inconvenient, skipping these updates can leave you open to attacks.
Updates fix problems and patch security holes, preventing hackers easy access.
- Check for notifications: Keep an eye on notifications from your devices and applications, and manually check for updates in web browsers and antivirus software. Install Updates
- Act promptly: When software updates pop up, especially the important ones, don’t delay. Install them right away.
- Turn on automatic updates: Protect your data further by turning on automatic updates. Your devices will handle updates as soon as they’re available.
How can Bob’s Business help you this cybersecurity month and beyond?
At Bob’s Business, we know that raising employee awareness is a year-round process!
That’s why we offer uniquely engaging training courses to enhance your security and truly effective phishing simulations for organisations of all sizes.
In addition, this Cybersecurity Awareness Month, we have created a free Cybersecurity Awareness Month Pack, especially for your organisation.
This pack will provide you with the resources to enhance your security, including checklists, email templates, and password guides! Interact with the bot below 👇