October is Cybersecurity Awareness Month – A month dedicated to raising awareness of the importance of cybersecurity and sharing some of the easy steps that everyone can take to improve privacy and security.
Jen Easterly, Director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), is encouraging all Americans to stop and think before taking any action, whether online or in response to unsolicited text messages, emails, phone calls, and attached files. CISA has launched its first-ever public service awareness campaign this Cybersecurity Awareness Month. The campaign, called Secure Our World, is focused on promoting four key behaviors that everyone can adopt to improve privacy and security in an increasingly digital world.
The first recommended best practice concerns passwords. Threat actors often exploit weaknesses in passwords to gain access to accounts and the sensitive data they hold. The latest GPUs are capable of guessing weak passwords quickly, so it is important to make passwords as difficult to guess as possible. Passwords should be long and complex, and a unique password should be set for each account. Since generating passwords using random strings of characters is difficult for humans, as is remembering dozens of unique passwords, CISA recommends using a password manager. While there have been recent data breaches at password manager providers (LastPass), plain text passwords were not stolen. Using a password manager improves security as it helps to eliminate poor password practices.
Passwords protect accounts against unauthorized access, but a second layer of security is also required. Multifactor authentication should be enabled for all accounts. In the event of a password being guessed or otherwise obtained, access to an account will not be granted unless another authentication factor is provided. Text and voice-based MFA provides additional protection; however, threat actors have found ways of bypassing this type of MFA. Hardware-based MFA, such as a YubiKey, provides even better protection.
The third recommendation concerns recognizing and reporting phishing attempts. Businesses should ensure they provide their employees with security awareness training to teach cybersecurity best practices and raise awareness of the risks of phishing. All individuals should assess all emails and instant messages they receive and look for potential signs of phishing. Phishing emails need to be reported, either to security teams at work or the appropriate authorities.
The final recommendation is to keep software up to date. Vulnerabilities are constantly discovered, and patches are released to correct the flaws. Threat actors actively seek exploitable vulnerabilities, and the best defense is to ensure that software is always updated to the latest version, ideally configuring software to update automatically to ensure the latest patches are applied promptly.
The Secure Our World campaign is part of the Biden Administration’s efforts to improve cyber resilience across the nation to combat increasingly sophisticated adversaries, with CISA’s campaign aiming to improve awareness against the “target-rish, resource-poor”, who lack the educational background and money to fight off malicious cyber actors, hence the focus on simple measures that can easily be adopted by everyone without having to spend money on cybersecurity solutions.
Anyone can change password practices, password managers are available for free, multifactor authentication is offered on most online accounts, and software updates can be applied quickly and configured to update automatically. If everyone takes these four simple steps, many costly cyberattacks will be prevented.