National Cybersecurity Awareness Month: 4 Core Cybersecurity Actions

Did you know that October is Cybersecurity Awareness month?

While we promote cybersecurity all year long, every October is an opportunity to engage with the public on the newest and best ways to protect personal and professional data. This month, IT and cybersecurity professionals speak up on the latest trends and opportunities in data protection, as well as the growing threats to personal and professional data security. 

What is Cybersecurity Awareness Month? 

The President of the United States, with the support of Congress, named October Cybersecurity Awareness Month in 2004. This month’s goal is to raise awareness of potential cyber threats and circulate easy precautions that are proven to protect your data. 

Since 2004, several experts have made resources, tutorials and reports to improve public knowledge, strengthen community defenses against malicious attacks and empower people with the tools they need to minimize damaging online user errors. However, cyberattacks remain a major problem.

In 2022, cyber threats are growing in prevalence:

• A cybercriminal can breach an organization’s system and gain unauthorized access to internal resources in about 93% of cases. 
• Forty-one percent of surveyed company executives said their cybersecurity strategy isn’t robust enough to avoid today’s caliber of cyberattacks. 
• Medical industries and insurance companies had a 45-60% chance of being the target of a phone fraud attack via email: a strategy where a malicious individual sends an email requesting a call. 

With these alarming trends on the rise, spreading awareness of the preventive tools and resources at online users’ fingertips is more important than ever.  

National Cybersecurity Awareness Month 2022: 4 Core Actions

While the concept of cybersecurity sounds like it should fall on the shoulders of IT professionals, there are many habits that any online user can leverage to improve their personal data protection practices. 

This year’s theme, “See Yourself in Cyber,” focuses on the simple, easy-to-digest strategies that anyone can develop to strengthen the protection of their personal and professional data. 

Here are four easy and powerful steps you can take to boost your cybersecurity:

Enable Multi-Factor Authentication

What is Multi-Factor Authentication?

Multi-factor Authentication (MFA) requires the user to provide two or more verification factors to gain access to a platform or account. Developed in 2013 by Microsoft in response to the growing threat of compromised login information, MFA offers a new layer of protection that would require a hacker to have access to an additional device, email or phone number to confirm a successful login. 

How Does Multi-Factor Authentication Improve Your Cybersecurity?

Usernames and passwords aren’t enough alone. MFA strengthens your security by requiring users to identify themselves fully, reducing the chances of compromised accounts. This is done by requiring:

• A code sent through email
• A code sent over text to a connected number
• Accepting a push notification from a confirmed and secure device
• Answering difficult security questions 

Even if an individual gains unauthorized access to a set of login credentials, running into one of these obstacles will turn away the vast majority of hackers. 

Interesting Stats About Multi-Factor Authentication

• Sixty-one percent of data breaches involve using unauthorized credentials as a gateway into systems.
• Microsoft says MFA can “prevent 99.9 percent of attacks on your accounts.”
• With 68% of people leveraging mobile MFA, phone push notifications are the most common authentication method.

Use Strong Passwords

Why Use a Strong Password?

Passwords may be the oldest trick in the book, but they are still your first defense against unauthorized access to your accounts and sensitive data. As 61% of data breaches involve unauthorized credentials, you can cut out a significant chunk of data leaks by using complex, regularly-updated credentials. 

A Strong Password Includes…

• At least 12 characters
• Uppercase and lowercase letters
• Numbers and symbols
• No ties to your personal information
• Consistent updates

Interesting Stats About Passwords

• Fifty-nine percent of people use the same password everywhere. If a hacker gains access to this single set of login credentials, they can potentially access all platforms. 
• Ninety percent of passwords can be cracked in less than six hours. Hackers have access to sophisticated password-cracking software, but the more complex password you use, the more challenging it is, and the longer it takes to be compromised. 
• Eighteen percent of employees share their passwords with others. Sharing passwords with trusted coworkers seems like an innocent way to easily grant data-sharing access, make a quick fix or sort out other day-to-day work woes. That means many passwords are circulated through SMS, email and other platforms that are potentially accessible to hackers. Having lax data-sharing practices also opens you up to potential phishing scams of hackers posing as coworkers requesting passwords. 

Recognize and Report Phishing

What is Phishing?

Phishing is a type of online fraud that includes tricking targets into sharing sensitive info by impersonating a trustworthy source. This scam usually occurs over email, but with the growing sophistication of hackers, online users need to stay vigilant to avoid damage from fraudulent SMS messages, instant messages and phone calls. 

How Can You Recognize Phishing Scams?

• Many hackers use an urgency tactic to catch people off guard, so beware of random “crisis” messages like a problem with your account, compromised payment information, fraud threats and more concerning topics. 
• The email address is from an unrecognizable domain or includes a domain from a familiar company with one wrong character. 
• They ask you to click specific links or share sensitive information. Most, if not all, reputable companies will never ask you to share unprompted account info from a link in an email. 
• It contains poor grammar, inconsistent branding, an unusual salutation or suspicious attachments. 

Interesting Stats About Phishing

• Eighty-three percent of organizations said they experienced phishing attacks last year.
• Phishing is the third most common type of scam reported to the FBI.
• Thirty percent of phishing messages are opened. 

Update Your Software

Why Does Updating Software Improve Cybersecurity?

On the surface, updating your software may seem somewhat disconnected from cybersecurity, but there are direct cybersecurity benefits to having a consistent software-updating regimen. Software updates reduce security vulnerabilities by patching any backdoors and are necessary to keep computers, mobile devices and tablets running smoothly.

Software Update Best Practices

• Stay current with regular vendor software updates. Most vendors roll out new platform updates once every two weeks, weekly or multiple times per week. Understanding each platform update schedule will ensure you always have the most current and protected version of your software.
• Create an inventory list of active systems to monitor. Many companies have more than 75 functional apps connected to their network, so implementing a checklist or automating updates can prevent anything from falling through the cracks. 
• Beware of fake update messages through pop-ups or emails, and always only follow the official channel of updating platforms. If there is ever a question on how to determine the safest way to update, a dedicated IT team can help.

Interesting Stats About Updating Software

• Nearly 50% of desktop users don’t update their systems regularly.
• One in three breaches are caused or impacted by unpatched vulnerabilities.
• Twenty percent of all vulnerabilities caused by unpatched software are classified as high risk.

Additional ways to Strengthen your Cybersecurity

These four core actionable steps are a fantastic start to a solid cybersecurity strategy, and there are so many more proven tools at your disposal to leverage. Companies that house and work with vast amounts of client, patient or internal data should consider every beneficial practice to avoid damaging data breaches and malicious attacks.

Offsite backup options to keep data safe and secure

Did you know 87% of data breaches are due to human error? Unfortunately, accidents happen, and having dependable disaster recovery is key to making it through a mistake or malicious action that leads to data loss. One of the most reliable ways to combat this is to offer offsite backup options. Having a third party house an updated version of your data ensures you will always have access to your most important information. 

A comprehensive data backup strategy

Setting up an automated data backup system minimizes human error and ensures that your company will not lose critical data. Managed Services Providers or a strong IT team can create a robust data backup strategy that always protects the most current version of your network.

Proactive network monitoring and maintenance

Never worry about your network’s state, knowing it is consistently scanned and monitored for potential threats, broken code, back doors and bugs. Network monitoring services ensure that your IT or managed services team can catch any of these threats before they impact the system with downtime or data loss. 

Cybersecurity is the perfect excuse to take a closer look at your company’s data protection strategy, and the MDL managed services team can help.

MDL offers full-scope managed services to help protect your business and give it room to grow. 

At MDL, we make it a priority to implement the best practices for your business when it comes to managed services. From training your employees to spot the warning signs of cyber threats to data recovery, your most valuable assets will always be secure with MDL. Learn more about our managed services or contact our team to discuss any recommendations for your company.