888.437.3646
FREE HIPAA Compliance eBook
FREE HIPAA Compliance eBook

Cybersecurity Awareness Month 2023: Secure Our World

Cybersecurity Awareness Month 2023 focuses on cybersecurity tips and best practices for all individuals. Learn four simple ways to protect yourself, your family, and your business from online threats.

2023 marks the 20th annual Cybersecurity Awareness Month for enhancing collaboration between government and private industry and raising awareness about digital security. The 2023 Cybersecurity Awareness Month campaign is marked under the theme Secure Our World

In its essence, the campaign is built around 4 simple steps every American can take to stay safe online:

  • use strong passwords;
  • turn on multifactor authentication (MFA);
  • recognize and report phishing;
  • timely update software.

Let’s refresh your knowledge about these measures and learn the best practices for implementing them effectively. 

Use Strong Passwords and Password Managers

Compromised credentials are responsible for 15% of data breaches, which makes them one of the most common attack vectors, according to IBM Cost of Data Breach Report. To minimize the probability of compromising your credentials, use strong passwords. Strong passwords help keep your information safe; protect your emails, media, and other content, and prevent someone else from getting into your account. 

What makes a strong password? It is unique, memorable, long, and includes any combination of letters, numbers, and symbols. Let’s take Google password security practices as an example. According to Google, your password should be: 

  • strong (include any combination of letters, numbers, and symbols, upper/lower case letters);
  • unique (you should have different passwords for each of your important accounts);
  • memorable (but nearly impossible for someone else to guess);
  • long (at least 12 characters long. A lyric from a song, a meaningful quote from a movie, a series of words that are meaningful to you, an abbreviation are good to use).
  • secure (don’t write it down and store it in a secure password manager software).

Along with this, your password should not be:

  • weak (simple words, phrases, and patterns like “password123”, “12345”, “qwerty”, “let me in”, etc aren’t good to use);
  • reused (never use passwords you’ve used before);
  • easy to guess (the name of your child or pet, birthdays, the name of your street, your phone number are not suitable).

If you have trouble with managing multiple passwords, use a trusted password manager. Such tools can help create strong passwords for your online accounts, keep them in a safe place, and protect them with special built-in security. 

Turn on Multifactor Authentication (MFA)

With enabling MFA, you provide a combination of two or more authenticators to verify your identity before accessing the account. In short, instead of asking you just for a password (which can be reused, cracked, or stolen), MFA verifies your identity by asking for several pieces of information. 

For example, Microsoft multifactor authentication works by requiring two or more of the following authentication methods:

  • something you know (password);
  • something you have ( a trusted device like a phone or hardware key);
  • something you are (a fingerprint or face scan).

IBM also adds a behavioral factor or

  • something the user does (an IP address range, or location data from which a user typically logs in to an application).

Thus, users who enable MFA are significantly less likely to fall victim to a cybercriminals because any malicious attempt will need to overcome several authentication requirements to gain access to your account. 

Recognize & Report Phishing

Phishing attacks rely on social engineering tactics by using spoofed or impersonated email addresses (e.g. an attacker might create an email that looks like it comes from Microsoft, your insurance firm, back, etc; or send an email from an address that looks familiar, yet contains a little difference bill.gates@microsotf.com instead of bill.gates@microsoft.com). Tricking users into thinking a message comes from a person or entity they either know or trust, criminals send an email with a malicious link, attachment, or request for information. The email appears trustworthy due to a familiar text and a known email address so a victim opens the email and clicks on the attachment triggering a malicious program that compromises the system. 

Phishing is the most common attack vector and the second most expensive threat estimated at $4.76m in 2023, so it demands significant efforts to be addressed and minimized. As a matter of fact, the success of every phishing attack is directly related to people’s awareness. The 2023 Proofpoint State of the Phish Report states that user reporting was responsible for blocking 1 in 10 phishing attacks which leaves much to be desired. At the same time, 44% of people think an email is safe when it contains familiar branding. With this, Microsoft branding or products were found in over 30 million malicious messages sent in 2022. There’s a lot to think about. 

Planet 9 provides several tips to recognize and fight phishing:

  • Never click on links or attachments found in an email if you’re unsure about the sender or their motives.
  • Be cautious of the generic language of the message, such as “Hello Bank Customer”. If you are concerned about the email’s legitimacy, call the sender directly.
  • Beware of rushing emails that implore you to act immediately. If you receive a suspicious email that appears to be from someone you know, reach out to that person directly.
  • Watch out for suspicious links. Hover over the link to determine the site’s real address hidden behind the link.

More on phishing read in the article #BeCyberSmart: Common Tips to Fight Against Phishing, which was dedicated to the 2021 Cybersecurity Awareness Month campaign.

Update your Software

Vulnerabilities within software code can lead to unexpected outcomes and cause program errors including failures of security controls. Developers resolve these issues through software updates. Software providers release updates, often referred to as “patches”, “hot fixes”,  or “service packs.” These updates primarily focus on repairing security vulnerabilities and improving protection against potential cyberattacks that could exploit these weaknesses. Additionally, software updates may address and fix software defects, enhancing the overall quality of the product. 

For instance, Apple regularly releases software updates which include updates and upgrades for macOS and its built-in apps. You can install these updates either manually by downloading the necessary updates from AppStore, or automatically by setting this option in system settings. 

To stay updated on the recent cybersecurity and compliance-related topics, keep reading our blog. Feel free to contact the Planet 9 team for help with your security and compliance challenges. We’ll be happy to assist!

Website: https://planet9security.com

Email:  info@planet9security.com

Phone:  888-437-3646

Leave a Reply