It's October bringing fall weather, pumpkin spiced lattes and a month dedicated to cybersecurity awareness. Starting back in 2004, The National Cybersecurity Alliance and the U.S. Department of Homeland Security launched a month-long focus on raising the awareness about the importance of cybersecurity. This of course is no coincidence since October and November are the busiest shopping months and are the times where we see some of the highest rates of fraud.
This is an exciting time of the year where the holidays are upon us and is time to embed cybersecurity concepts and best practices for your employees for their business and home use. Compromises or fraud on personal accounts spills over to the workplace and impacts productivity and any potential shared passwords. Make the most of this time to ask for space to hang posters, make announcements at company all hands meetings, and to get your message across to a wider audience.
CISA has highlighted twelve distinct areas for cybersecurity to combat the metric where human error plays a key part in 95% of cybersecurity breaches. Awareness, knowledge, and expectations are setup as a part of a company's cybersecurity policy, and this is a perfect time to communicate this plan. This year CISA recommends focusing on the following awareness training topics Phishing, Removable Media, Passwords and Authentication, Physical Security, Mobile Device Security, Working Remotely, Public Wi-Fi, Cloud Security, Social Media Use, Internet and Email Use, Social Engineering, and Security at Home.
While these areas are all important to improving awareness around cybersecurity, it is a high number of concepts and will take multiple communication types to get the point across. Consider reducing to a more adaptable list to get your core points across.
Make the most of Cybersecurity Awareness Month in your business with free resources and communication aids. Regardless of the size of your organization, start with an email newsletter to remind employees about the risks for the use of technology and your expectations for a response. Repeat the message multiple times and combine with physical posters at breakrooms and elevator lobbies. At a minimum focus on the following five concepts with your employees:
1. Educate yourself and others about cybersecurity risks and how to protect against them. Talk about cybersecurity with family, friends, and co-workers. The more people that are aware of cybersecurity risks and how to protect against them, the safer we will all be online.
2. Make sure your devices are up to date with the latest security patches and updates . This includes not only your computer but also your mobile devices, router, and any other internet-connected devices you use. By keeping your devices up to date, you'll reduce your exposure to cybersecurity threats.
3. Be careful about what you share online . This includes information such as your full name, address, birth date, financial information, etc. Be especially careful about sharing this information on social media or in other public places online. cybercriminals can use this information to impersonate you or commit fraud.
4. Use strong passwords and two-factor authentication whenever possible . Strong passwords are long (12+ characters), unique, and contain a mix of letters, numbers, and symbols. Two-factor authentication adds an extra layer of security by requiring you to enter a code that is sent to your phone or email in addition to your password when logging into an account. Even if you use a password less approach such as Windows Hello, your persona is still linked to your basic password.
5. Backup your important data to offline media. This way if you do become a victim of a cyberattack, you'll still have access to your important files. There are numerous ways you can backup data including using an external hard drive , cloud storage , or even just copying important files to a USB drive.
Cybersecurity Month is a great time for you to assess their cybersecurity posture and make sure your employees they are taking steps to protect themselves from cyber threats. By taking some simple precautionary measures, businesses can greatly reduce their risk of becoming the victim of a cyber-attack.