While October has long been a month to celebrate our imaginary fears, it's also become a time to consider the genuine threat of cyber attacks. As the connectivity of our world has grown, so has its need for cybersecurity. With national data breach costs rising from $3.86 million in 2020 to $4.24 million in 2021, year-round cybersecurity awareness and vigilance are as crucial as ever.
The National Cybersecurity Alliance (NCSA) and the Cybersecurity and Infrastructure Security Agency (CSISA) sponsor the annual Cybersecurity Awareness Month in response to this growing threat. Similar to last year, the theme is "Do your part. #BeCyberSmart" with its enduring message of cybersecurity as the responsibility of not only IT professionals but all of us.
Below is a review of the key topics of this year's Cybersecurity Awareness Month:
While, as you'll see, passwords aren't the only aspect of cybersecurity, they're still one of the most important. Therefore, users should think of passwords not as words but unique phrases at least twelve characters long. And although that may sound challenging, users are encouraged to use positive-minded phrases that are pleasurable to think about and remember.
2. Multi-Factor Authentication
While better passwords are vital, even the best of them are useless when compromised by a third party. Therefore, to help combat the risk of data breaches, it's best to authenticate users with the following three methods:
Something They Know - Like a password or pin
Something They Have - Like a security token, verification text or email code, or a smart card
Something They Are - Involving anything biometric like a fingerprint, face, or voice recognition
These multiple authentication factors should be used whenever possible, especially to secure email, financial, and health information.
3. Cybersecurity Hygiene
A clean device or machine is much harder to attack because older hardware or data can hold valuable information that leads attackers onto networks or into secure financial files. Therefore, outdated hardware should be disposed of and older files archived or erased.
4. Data Backup
When it comes to your critical data, it's always best to plan for the worst. That's why a clear and comprehensive backup strategy is essential. After all, more users than ever are working on mobile devices, creating a steady stream of vulnerabilities to cyber-attacks and physical damage.
In response, the organizers of Cybersecurity Awareness Month recommend what they call the 3,2,1 approach. In total, keep a minimum of three copies of any crucial data. Two copies should be kept on multiple storage media like various drives, and one additional copy should be kept off-site like at a cloud or data storage provider.
5. Online Ownership
No longer should users take a passive role in the security of their devices and apps. Immediately after downloading any new apps, they should configure their privacy and security settings to adhere to their organization's policies and ensure personal safety.
6. Fight the Phish
"Fight the Phish" is Cyber Security Awareness Month's initiative to bring attention to and combat phishing. Since the pandemic, the use of email to infiltrate devices and networks has grown to the point that it represents 80% of all reported security incidents. As a result, users at all levels need to remember to be wary of emails, texts, and chats from strangers or even known senders that are unexpected.
The tactics used by attackers have gotten ever-sophisticated, with logos and messages easily mistakable for trusted sources at first glance. As a result, many organizations prime their users with what to expect in this type of email message. In return, users need to play their part by reporting suspicious emails, attachments, or links to their cybersecurity organizations.
7. Integrate Cybersecurity into Business Practices and Daily Life
Employers of all sizes can benefit significantly from baking cybersecurity into their HR practices. For example, the onboarding of employees should now contain training on cybersecurity processes and best practices. Ongoing, companies should require regular use of multi-factor authentication, update passwords, and verify their identity.
The NCSA suggests that all users scrutinize the devices they use (i.e., WiFi routers and phones) before buying them and update their default passwords after purchase.
8. Encourage Cybersecurity Education
Because IT organizations are being asked to secure more than ever, more expert help is needed. Therefore, another part of Cybersecurity Awareness Month is education. Additionally, the National Initiative for Cybersecurity Education (NICE) encourages individuals to explore careers in the field.
Do Your Part #BeCyberSmart
As networks worldwide continue to grow in complexity, UNICOM Engineering aims to raise awareness for how employees and organizations can keep themselves safe from cybersecurity threats, especially while working away from the office. We are a part of a growing global effort to promote online safety and privacy awareness. Learn more about Cybersecurity Awareness Month and ways to stay safe online here.
National Cybersecurity Awareness Month is co-led by the National Cyber Security Alliance (NCSA) and the Cybersecurity and Infrastructure Agency (CISA) of the U.S. Department of Homeland Security. As a Cybersecurity Awareness Month Champion, UNICOM Engineering is part of a growing global effort to promote online safety and privacy awareness.