Cybersecurity Awareness Month Isn’t Just for Techies: Tips for Everyone
KASEY ELLOThis month marks the 18th year of Cybersecurity Awareness Month (CSAM) which focuses on helping provide individuals with resources they need to stay safer and more secure online. Now, more than ever, the overarching theme “Do Your Part. #BeCyberSmart” should resonate with everyone.
Since the global pandemic, we’ve seen a tremendous uptick in cyberattacks. Nearly every day, news of another ransomware, supply chain or zero-day attack makes headline news. Adversaries are taking advantage of new attack vectors – like IoT devices, insecure remote access mechanisms, and the multiple personal and work devices users now move between. They’re also leveraging human vulnerabilities, impersonating trusted colleagues and third parties to infiltrate organizations.
Did you know that 88% of data breaches are caused by human error? That’s why, as we kickoff CSAM, we want to focus on the fact that cybersecurity isn’t just a problem for IT and security teams to handle. It’s incumbent on all of us to do our part to help mitigate risk. Here are five things every person can, and should, do.
- Strengthen passwords and use MFA. Simple passwords are easy for hackers to crack, and password reuse opens the door for them to compromise additional accounts and gain access to your confidential information. Create long and unique passphrases for each account and use multi-factor authentication (MFA) wherever possible. If this starts to get cumbersome and hard to keep track of, use password managers to generate and remember different, complex passwords for each of your accounts
- Think before you click. Ransomware attacks were up 225% in 2020. These attacks often leverage phishing, tricking people into clicking on malicious links or attachments. Instead of rushing through emails, be mindful of what you are receiving and from whom. Hover over links to see if they resemble legitimate addresses and watch for spelling and grammatical errors and generic greetings which can indicate the email is malicious. If in doubt as to the legitimacy of an email, delete it.
- Backup data. While the best defense against ransomware is prevention, including being mindful of what you click on, backing up data can help you recover quickly and not lose critical or sensitive data. Be sure the backup is secure and consider two backups, one stored offline and the other in the cloud protected by MFA. Think about how often you should backup and the tradeoffs. The less frequently you backup, the more you have to lose in a ransomware attack.
- Update software. Technology vendors are doing their best to keep users safe, issuing patches and updates regularly. Stay current with these security settings by turning on automatic application updates when available, for example with Microsoft and Google Chrome, and then shutdown systems every night and enable updates when prompted. This applies to phones and other smart devices too. Accept the automatic system updates when prompted and keep phones plugged in and turned on at night to process updates during less busy times.
- Educate yourself. There’s no shortage of information on cybersecurity risks and you don’t have to be an IT guru to understand many of the articles, blogs and other resources available. Several government sources do a great job of explaining threats and vulnerabilities and how to protect ourselves in language we can all understand. Here are just a few examples written for the general public:
https://staysafeonline.org/stay-safe-online/
https://www.stopthinkconnect.org/
https://www.dhs.gov/be-cyber-smart/campaign
At ThreatQuotient, we’re all about making it easier for security teams to leverage threat intelligence to understand threat actors and the latest campaigns, so they can strengthen defenses and accelerate detection and response. We encourage you to check out the rest of our blogs for more information. And come back throughout the month of October as we’ll focus on important CSAM themes to help organizations improve security operations, including combating phishing scams, attracting cybersecurity talent, and leveraging threat reports for intelligence and action.
0 Comments