Cybersecurity is a year-round issue
Cybersecurity awareness is important year-round for the security of our businesses and customers. We’re proud to be a supporter of Cybersecurity Awareness Month. It has been invaluable in raising awareness of digital safety issues for a broad cross-section of people, but the issues highlighted have to go beyond October and be a part of our day-to-day digital activity.
Cybersecurity is everyone’s responsibility
We live in a world where everyone has to take responsibility for, at least some, of the burden of digital security. Professionally, cybersecurity is no longer just the domain of the IT security department. Continual awareness of the tactics used in phishing scams is a daily staff responsibility, organization-wide, and everyone needs to take an active part in the safety of the business.
This year, Cybersecurity Awareness Month has highlighted four core issues. As we leave October, however, these are four core issues that should become part of our everyday online and digital activity.
Enable multi-factor authentication (MFA)
MFA (sometimes called 2-FA or 3-FA) is a digital authentication method that requires a user to provide an extra component to prove their identity. It is a serious roadblock for threat actors looking to take control of digital accounts, making it far more likely they will take the path of least resistance and find another target.
As well as asking for the usual username/email address and your password, MFA might also as you for confirmation of a message sent to your smartphone, for biometric data like fingerprints or facial recognition, for you to open another program and insert a passphrase, password, or personal identification number (PIN), to confirm you are trying to log in via a 3rd-party application, or even to insert a coded data stick or keycard. MFA is available for banking apps, social media channels, and anywhere we store personal identifiable information (PII). It’s a key part of keeping ourselves cyber safe, and if it’s available, you should get into the habit of using it. After the first few times, it becomes second nature, and if a website or application offers MFA, we should embrace it.
You can find out more about MFA on the Cybersecurity Awareness Month website.
Set strong passwords and use a password manager
Strong passwords are critical for the protection of our systems and data. Password managers are a great way for us to remember lots of different login information across multiple applications, online portals, and on internal software. Coming up with your own password system, using combinations of numbers, upper and lower case letters, and symbols is a great way to remember complicated strings of characters while staying safe. You can learn more about the best password protocols and password managers on the Cybersecurity Awareness Month website, and using a strong single password with a password manager that generates unique and non-sequential login information is a practice we should all get into – all year-’round.
Update software regularly
There are many reasons to update our software regularly, but one of the most important is that updates contain new security features and patches to stay ahead of cybercriminals and digital pirates. This is something we should be doing regularly, every time our software prompts us to do so – and prompts should be turned on or software should be automatically updated to be sure we’re up to date with the latest updates. Much underrated as a security tactic, the Cybersecurity Awareness Month website has more information about the importance of software updates.
Recognize and report phishing attempts
Phishing is the dishonest practice of creating and distributing emails, claiming to be from legitimate companies. Phishing attacks are becoming increasingly more sophisticated, as bad actors attempt to trick recipients into revealing business or personal data, such as financial information or passwords.
Being aware of and preventing phishing attacks is the responsibility of each user. We all need to look out for tell-tale signs, like suspicious links and attachments, misspelled domain names with odd regional extensions, badly written copy with poor spelling and grammar, messages sent from public email domains, or emails with an elaborate sense of urgency. These, and other signs, are giveaways of nefarious emails designed to trap the unwary. We can discover more ways of identifying phishing attacks on the Cybersecurity Awareness Month website. Some IT security trams will conduct company-wide phishing exercises to raise in-house awareness of best practices, and these are great for helping employees identify phishing activity.
When we do identify a phishing scam, it’s important that we report it to our IT department’s security team, through our mail viewer (like Outlook) or directly, to add that email to a formal blacklist and to help to keep our friends and colleagues safe. It’s worth remembering that when you categorize a message as phishing, services like Outlook will report the sender but won’t stop them from sending you more messages in the future – you need to add them to your blocked sender’s list to do that.
Making things safer for everyone
As we head into November, let’s take what we’ve learned in October with us. Cybersecurity needs to be a part of everyone’s digital duties. Cybersecurity Awareness Month has been great for raising awareness of the important issues, and the concept of “the human firewall,” but it’s up to us to take this forward and to put these disciples into practice as a regular part of our digital routine. Taking personal responsibility for our digital security makes things safer for us, our friends, our colleagues, and our family, and helps fight against threat actors and cybercrime.
A very big thank you to everyone for taking part, and for hopefully making our job a little bit easier in the months to come. Cybersecurity isn’t just the job of the IT department, it’s everyone’s responsibility.
Try Imperva for Free
Protect your business for 30 days on Imperva.