October 2023 marked the 20th Cybersecurity Awareness Month, a collaboration between industry and the government to help raise awareness and provide the resources needed to ensure everyone, including businesses, corporations, and educational institutions, can protect themselves when online.
Each October, there is an overarching theme for the month, with weekly cybersecurity topics related to them. These topics are meant to help educate people about cybercrime, mobility, infrastructure, law enforcement, and other areas of interest.
Cybersecurity Awareness Month 2023 Theme
This year, the theme for Cybersecurity Awareness Month was chosen by the Cybersecurity and Infrastructure Security Agency (CISA). It is “Secure Our World,” and the weekly topics that go with this theme are:
Let’s take a closer look at each of these topics.
Using Strong Passwords and a Password Manager
Password security is something everyone in your organization must take seriously. Passwords should be long, complex, and unique, and you should have a different password for each account. This will help keep cybercriminals from discovering your password and gaining access to your accounts. Using a password manager will help you manage all these passwords without remembering them.
Guidance from CISA and the National Institute of Standards and Technology (NIST) is that if a password is long and complex enough, it never needs to be changed unless there has been a breach that has compromised that password. So, encourage users to think about their passwords to ensure they are intricate enough that they can count on them in the long run.
Enabling Multi-Factor Authentication
Multifactor authentication (MFA) takes your security beyond simple password protection. With MFA, a user trying to access an account must prove their identity in multiple ways. For example, in addition to entering the proper password, they may need to provide a passcode via email or text message, an authenticator app, and/or facial recognition. This ensures that if login credentials are stolen, the attacker still can’t gain access to the network without additional authentication.
Recognizing and Reporting Phishing
Phishing is the most commonly used type of social engineering attack. A cybercriminal will use fake communication via email, social media, or direct messages to trick you into providing personal or sensitive information or installing malware on your device without knowing it. Another way attackers trick users is by creating a genuine website, which prompts the user to input their login credentials, which the attacker then steals.
This is possibly the easiest way to protect yourself from cyberattacks. Simply ensuring that your software is always up to date with the most recent version and that all patches and updates are installed as soon as they are released will give you the highest level of security the software developers can always give you.
Ideally, you have automatic updates enabled so you can set it and forget it. If you don’t, then it’s important that you set yourself a regular schedule for checking for updates so you don’t miss any.
5 Cybersecurity Tips for a Solid Foundation
In alignment with the topics for Cybersecurity Awareness Month, there are things you can do to ensure robust cybersecurity. Here are the top five tips you can apply to help ensure your approach to cybersecurity is solid:
- Get top-down commitment – Cybersecurity must start at the C-level to be adopted and fully supported throughout the organization.
- Develop a robust cybersecurity policy – Make sure this policy considers BYOD, the use of approved applications and software, password requirements, education, onboarding and off-boarding, remote work, and how to deal with a breach.
- Educate everyone – Ensure employees at all levels are educated on cybersecurity, recognizing phishing and other social engineering attacks, and what to do if they suspect suspicious communication.
- Involve partners – Ensure that all partners, including third-party providers, suppliers, and vendors, have robust security to reduce the risk of a breach.
- Back up your data – Back up all company data regularly and ensure this backup is separate from the main system so you can fully wipe that; in case of a breach, you can wipe and re-install that system without losing your valuable and sensitive data.
Platinum Technologies’ Approach to Cybersecurity
At Platinum Technologies, we begin every partnership with an organization with a thorough security assessment to determine the threats they face. From here we:
- Develop an action plan based on the risks detected during the assessment.
- Build security solutions that are aligned with the requirements of the business.
- Ensure the solutions meet industry standards and full regulatory compliance.
Contact Platinum Technologies today to learn how we can help you increase your cybersecurity awareness and better protect your business.