Next DLP Blog

Secure Your World During (and after) Cybersecurity Awareness Month

Written by Bill Bradley | Oct 2, 2023 6:50:36 PM

TL;DR:

  • October marks the 20th Cybersecurity Awareness Month, emphasizing the importance of cybersecurity education and vigilance in our increasingly connected world.
  • The theme "Secure Our World" underscores critical practices:
    • Using strong passwords
    • Implementing multifactor authentication
    • Recognizing phishing attempts
    • Updating software regularly
  • Cybersecurity awareness is a continuous effort beyond this designated month, with constant vigilance required to protect both personal and professional digital assets.

Happy Emerald Anniversary Cybersecurity Month - We're celebrating 20 years of Cybersecurity Awareness

Happy October, and welcome to the 20th Cybersecurity Awareness Month. For those who are directly involved with cybersecurity, every month is cybersecurity awareness month, but not everyone shares this view. The program is designed to be a collaborative effort between government and industry to raise cybersecurity awareness. This month is the catalyst to raise awareness throughout your organization and within your network about the steps we should all take toward more secure actions when online or using connected devices. Yes, connecting your computer, phone, or tablet to the internet represents a risk, but we can all mitigate that risk through education and awareness. Cybersecurity awareness ensures everyone has the resources to be safe and secure online. 

Why is there a Month Dedicated to Cybersecurity Awareness?

As one involved in cybersecurity, the question might be why only one month is dedicated to this critical task. We’ll take our one month and be happy for now. What is the consensus on cybersecurity? Here are a few stats from “Oh Behave! The Annual Cybersecurity Attitudes and Behaviors Report 2022:”

Let's start with the positive:

  • 78% of people consider staying secure online a priority 

Nearly 4 out of 5 people agree that staying secure online is a top priority. Maybe they’ve been personally impacted by a breach, indirectly affected, or have seen enough stories about the negative repercussions of a breach to know. When I see a stat like this, I am always curious to know what the 1 out of 5 thinks and why it’s deemed unimportant. In our global and tightly interconnected world, the impacts of a breach are significant.

Now, let’s see the other side of the coin:

  • 34% noted they often feel overwhelmed by information and, as a result, minimize their online activity
  • 46% felt frustrated while staying secure online
  • 39% of users trying to keep safe felt that information about how to stay secure online is confusing

There are some things to think about there, especially given the role many of the readers of this blog will have. If you are a security leader, practitioner, or just getting started in a cyber role, how do you address these? While it’s cliché to say you are only as strong as the weakest link, it’s true. Attackers know they only need to find one person, system, application, or gap to gain access and cause a world of hurt.

This Year’s Theme - Secure Our World

Cybersecurity Awareness Month 2023 Theme - Secure Our World

Every year, the Cybersecurity and Infrastructure Security Agency (CISA) chooses a theme to focus the conversation for the month; this year, that theme is Secure Our World. This year, they highlight four ways to stay safer online and address some of the challenges cited above:

1. Use Strong Passwords and a Password Manager
Don't worry about remembering the passwords, just know where to find them and that they're strong and secure.

‎I’m sure at least one reader has bemoaned the overly complex password requirements or the mandated 90-day password changes. These are all minor inconveniences compared to having your password compromised. If it’s your Starbucks account, maybe it’s a little less annoying, but if it’s your 401(k), bank account, or other major account, it can be a much more financially painful experience.  Use a long sequence, don’t reuse passwords, and make them complex with UPPER and lowercase, num83r5, or $peci@l ch@r@cters.

2. Turn on Multi-Factor Authentication
If you think MFA is annoying, imagine how a hacker will feel.

Multi-Factor Authentication (MFA) adds another step to the process by requiring multiple access points before logging in to an account. I interned at RSA Security during grad school, and the “something you know, something you have, and something you are” mantra is still in my head.   ​

3. Recognize and Report Phishing Attacks
Is it really Amazon emailing you to confirm a large purchase that you don't remember making? Maybe head over to Amazon to check for that transaction before replying or clicking any links.

‎Phishing continues to be a top challenge for cybersecurity professionals; awareness and training users to spot attacks are part of most organizations’ security practices. Staying ahead of these threats still takes constant vigilance and a skeptical eye. If it looks suspicious and asks you to do something “RIGHT NOW,” be warned. Typos and misspelled domains are obvious signs, but attackers are always looking for new bait.    ​

4. Update Your Software​

We all know "later" means "never." Just update your software.

‎New software versions often feature both added functionality (yay!) and enhanced security. Automatic updates are one way to stay on top of the updates, and many organizations have this set by default. There are other apps where you, as the user, need to check the box for the update, and all too often, “Remind me Later” is selected. In some cases, new software versions can have unintended consequences, but software vendors like Next take steps to minimize this with day 1 compatibility for releases like the recent MacOS Sonoma update.

Cybersecurity Awareness is a Year-Round Theme

There are 29 more days in Cybersecurity Awareness Month, but there are no days where we should take a break from cybersecurity hygiene. Your professional and personal online worlds are too important to protect just one month out of the year. At Next, we are a seven days a week, 12 months a year focused on it. Learn more about the Reveal platform from Next; it’s a unified insider risk management and data loss prevention platform built to keep your data safe from loss or theft.