As technology continues to advance, so does the need for heightened awareness and proactive measures to safeguard sensitive information.
Cyber security can seem like an insurmountable task for everyday people, but it’s not only a job for the IT team. Everyone can, and should, play a part in keeping their organisation’s data safe.
October is Cyber Security Awareness Month, serving as a timely reminder that there are many ways to safeguard data. Following the basics can make a big difference in how secure your network is.
What is Cyber Security Awareness Month?
Cyber Security Awareness Month (CAM) is an annual initiative held every October. It promotes cyber security awareness and education and aims to empower individuals and organisations by giving them knowledge and resources to help strengthen their defences against cyber threats.
CAM started as a U.S. initiative, National Cybersecurity Awareness Month. Then, it quickly spread around the globe. It’s led by two agencies:
- National Cyber Security Alliance (NCSA)
- Cyber security and Infrastructure Security Agency (CISA)
This collaborative effort involves various stakeholders. Government agencies, industry leaders, and cyber security experts all come together. The goal is to raise awareness about cyber risks and best practices.
This Year’s Themes
This is CAM’s 20th year. To celebrate, the theme revolves around looking at how far cyber security has come, as well as how far it has to go. This year, CAM focuses on four key best practices of cyber security. These are:
- Enabling multi-factor authentication
- Using strong passwords and a password manager
- Updating software
- Recognising and reporting phishing
Let’s take a closer look at these four best practices of good cyber hygiene.
Essential Cyber Hygiene: 4 Keys to a Strong Defence
Central to Cyber Security Awareness Month is the promotion of essential cyber hygiene practices. These practices form the foundation of a strong cyber security defence and help both individuals and organisations.
Enabling Multi-Factor Authentication
Implementing Multi-Factor Authentication (MFA) adds a vital layer of security to all logins. In most cases, a hacker can’t breach an account protected by MFA, even if they have the password. In fact, according to Microsoft, MFA can block 99.9% of attempted account compromise attacks. With that strong track record, everyone really should be using it for every login they have.
Strong Passwords & a Password Manager
Encourage your team members to use strong, unique passwords for each account, avoiding easily guessable information like birthdays or names.
Companies can help by setting password enforcement rules that require a strong password before it’s accepted in a system. For example, you may set up a policy that requires a password to have:
- At least 12 characters
- At least 1 upper case letter
- At least 1 lower case letter
- At least 1 number
- At least 1 symbol
Of course, using complex and unique passwords for all of your accounts makes it very difficult to remember them all. Password managers can keep all your passwords safe and secure in an online locker, accessible via a keychain password and MFA. Many password managers will even suggest complex passwords for you when you’re creating a new account.
Outdated software creates vulnerabilities that cyber criminals can exploit. Regularly updating operating systems, applications, and firmware ensures the latest security patches are in place.
Automating updates is a good way to ensure they’re done promptly. Companies can use endpoint device managers to handle updates across all employee devices. Managers like Intune simplify the process and enhance endpoint security.
Recognising and Reporting Phishing
Phishing attacks are a common vector for cyber threats. Train your team to identify phishing emails, suspicious links, and unsolicited attachments. Encourage them to verify the sender’s email address and to never provide sensitive information unless certain of the recipient’s authenticity.
It’s also important to educate employees about phishing beyond email. Phishing via text messages and social media has been increasing significantly, often with bad guys posing as friends or relatives with convincing and urgent-sounding messages.
It’s also essential that all phishing attempts are reported so that other employees can avoid them. The organisation’s IT team also needs to know so they can take action to mitigate the threat. Be sure to let employees know how they can report a phishing email when they suspect one.
We Can Help You Put the Best Cyber Hygiene Practices in Place
CAM offers a valuable opportunity to refocus on the significance of cyber security. Building a culture of cyber security awareness within your team is important – it can be the difference between vulnerability and resilience.
Need some help ensuring a more secure and resilient future? Our team of experts can get you going on the basics. Once those are in place, your organisation will be more productive and secure. Get in touch with us here.