NetworkTigers highlights cybersecurity safety recommendations during Cybersecurity Awareness Month 2023.
October is Cybersecurity Awareness Month from the Cybersecurity and Infrastructure Security Agency (CISA) and the non-profit National Cybersecurity Alliance. Each year since 2004, the Office of the President and Congress have set aside the month of October to raise awareness about the importance of cybersecurity and to offer updated recommendations for small businesses and individuals about how to protect against hacks, strengthen their data privacy infrastructures, and employ best cybersecurity practices.
20th anniversary Cybersecurity Awareness Month theme released
This year marks the 20th anniversary of the federal designation for cybersecurity awareness in October. For 2023, the theme of Cybersecurity Awareness Month is “Secure Our World”. The theme’s title is also the launch of an enduring new CISA program meant to foster collaboration and an increased focus on protecting individuals and small businesses from hacks and data breaches.
One crucial element of “Secure Our World” is encouraging technology providers to implement “secure by design” software, hardware, and devices. While CISA encourages all individual and small business internet users to take cybersecurity measures seriously, the program acknowledges that individuals are often less equipped to take on malicious actors than larger corporations and tech experts. For this reason, “secure by design” devices are a necessary step within the product development world to help empower consumers to take realistic data privacy measures. “Secure by design” technology may look like computers with built-in firewalls, data protection with multi-factor authentication enabled as the default, or the automatic logging of potential intrusions. As a consumer, seeking out “secure by design” technology helps lower costs for your home and business while ensuring that cybersecurity compliance doesn’t involve an obscure or unrealistically tricky process.
Four steps for a safer online experience
CISA’s updated recommendations for businesses and individuals include four new focal points for cybersecurity awareness:
- Strong password use: Regularly updating and strengthening passwords is a cornerstone of staying safe online. Not updating security information or using weak passwords has always been a risk, but with AI machine learning advancing in real time, not doing so has become downright dangerous. AI machine learning can crack approximately 51% of common passwords in less than a minute, according to a new study by Home Security Heroes. You may still be at risk if you think your password is secure but haven’t changed it in a while. AI can guess up to 81% of most passwords after a month. As for passwords that involve fewer than five characters, they can be guessed nearly instantaneously, according to an analysis of over 15 million passwords from PassGAN. CISA recommends that all new passwords include a combination of uppercase characters, lowercase characters, numbers and symbols. A strong password should be long, random, and unique to each site’s login.
- Turn on Multi-Factor Authentication: Multi-factor authentication, or MFA, adds an extra layer of security across devices. Turning on MFA allows you to prevent an unauthorized user from accessing your accounts remotely without being able to get information from an additional device, such as a smartphone or tablet. CISA recommends enabling MFA for social media accounts, email, and all financial accounts.
- Recognize and report phishing attempts: Phishing accounts for at least 22% of successful cybercrime breaches, according to the FBI’s 2021 Internet Crime Report. Businesses are commonly targeted by phishing efforts, with 78% of organizations reporting that they experienced a ransomware attack that stemmed from a phishing email as the source. Meanwhile, 77% reported phishing-related BEC incidents, a rise of 18% from 2020.
- Update software: Software firewalls are only as powerful as their latest update – neglecting to stay on top of developments can leave your system vulnerable to breaches. Enable automatic updates for most devices that can support it. Ensuring that software is updated ensures your network has the most robust support against hacks, bots, and malware.
Free cybersecurity resources for small businesses
In partnership with the National Cybersecurity Alliance, CISA offers a downloadable toolkit of free Cybersecurity Awareness Month resources now available. They include:
- A PDF guide of Cybersecurity Awareness Month CISA recommendations and programming
- Sample email to employees on the importance of cybersecurity awareness
- Free 101 presentation on cybersecurity awareness participation and recommendations for colleagues, employees, and customers
- Branded PPT template for additional personalized cybersecurity presentation
- Secure Our World tipsheets and informational videos in multiple languages
- Sample press release to announce your business’s participation in the 20th Cybersecurity Awareness Month
- Sample social media posts, graphics, and hashtags
- Branded video conference background
- Branded email signature graphics
- Infographic for family, friends, and employees on simple steps to take to promote cybersecurity awareness
Taking cybersecurity seriously past October
Once Cybersecurity Awareness Month concludes at the end of October, it’s still important to continuously check your network’s data privacy capabilities. Cybersecurity is an ever-evolving field, and threat actors become more powerful daily. Our behaviors and priorities must shift to keep up with the influx of risk to our personal and professional data.