Cybersecurity Awareness Month 2023 focuses on cybersecurity tips and best practices for all individuals. Learn four simple ways to protect yourself, your family, and your business from online threats.
2023 marks the 20th annual Cybersecurity Awareness Month for enhancing collaboration between government and private industry and raising awareness about digital security. The 2023 Cybersecurity Awareness Month campaign is marked under the theme Secure Our World.
In its essence, the campaign is built around 4 simple steps every American can take to stay safe online:
Let’s refresh your knowledge about these measures and learn the best practices for implementing them effectively.
Compromised credentials are responsible for 15% of data breaches, which makes them one of the most common attack vectors, according to IBM Cost of Data Breach Report. To minimize the probability of compromising your credentials, use strong passwords. Strong passwords help keep your information safe; protect your emails, media, and other content, and prevent someone else from getting into your account.
What makes a strong password? It is unique, memorable, long, and includes any combination of letters, numbers, and symbols. Let’s take Google password security practices as an example. According to Google, your password should be:
Along with this, your password should not be:
If you have trouble with managing multiple passwords, use a trusted password manager. Such tools can help create strong passwords for your online accounts, keep them in a safe place, and protect them with special built-in security.
With enabling MFA, you provide a combination of two or more authenticators to verify your identity before accessing the account. In short, instead of asking you just for a password (which can be reused, cracked, or stolen), MFA verifies your identity by asking for several pieces of information.
For example, Microsoft multifactor authentication works by requiring two or more of the following authentication methods:
IBM also adds a behavioral factor or
Thus, users who enable MFA are significantly less likely to fall victim to a cybercriminals because any malicious attempt will need to overcome several authentication requirements to gain access to your account.
Phishing attacks rely on social engineering tactics by using spoofed or impersonated email addresses (e.g. an attacker might create an email that looks like it comes from Microsoft, your insurance firm, back, etc; or send an email from an address that looks familiar, yet contains a little difference email@example.com instead of firstname.lastname@example.org). Tricking users into thinking a message comes from a person or entity they either know or trust, criminals send an email with a malicious link, attachment, or request for information. The email appears trustworthy due to a familiar text and a known email address so a victim opens the email and clicks on the attachment triggering a malicious program that compromises the system.
Phishing is the most common attack vector and the second most expensive threat estimated at $4.76m in 2023, so it demands significant efforts to be addressed and minimized. As a matter of fact, the success of every phishing attack is directly related to people’s awareness. The 2023 Proofpoint State of the Phish Report states that user reporting was responsible for blocking 1 in 10 phishing attacks which leaves much to be desired. At the same time, 44% of people think an email is safe when it contains familiar branding. With this, Microsoft branding or products were found in over 30 million malicious messages sent in 2022. There’s a lot to think about.
Planet 9 provides several tips to recognize and fight phishing:
More on phishing read in the article #BeCyberSmart: Common Tips to Fight Against Phishing, which was dedicated to the 2021 Cybersecurity Awareness Month campaign.
Vulnerabilities within software code can lead to unexpected outcomes and cause program errors including failures of security controls. Developers resolve these issues through software updates. Software providers release updates, often referred to as “patches”, “hot fixes”, or “service packs.” These updates primarily focus on repairing security vulnerabilities and improving protection against potential cyberattacks that could exploit these weaknesses. Additionally, software updates may address and fix software defects, enhancing the overall quality of the product.
For instance, Apple regularly releases software updates which include updates and upgrades for macOS and its built-in apps. You can install these updates either manually by downloading the necessary updates from AppStore, or automatically by setting this option in system settings.
To stay updated on the recent cybersecurity and compliance-related topics, keep reading our blog. Feel free to contact the Planet 9 team for help with your security and compliance challenges. We’ll be happy to assist!