Since 2004, October has been recognized as Cybersecurity Awareness Month by organizations like the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA), which are dedicated to helping individuals better protect themselves against online threats.
This year CISA and NCA are focusing on the human element of security, with the 2022 Cybersecurity Awareness Month theme, “See Yourself in Cyber.” The goal is for individuals to better understand how they can impact security in their role as an employee and a consumer and how their organization’s security fits into the global ecosystem.
With this initiative, there are four key actions that individuals are encouraged to take to improve their security posture. Need help communicating these initiatives to your organization? Take advantage of these resources to educate your staff on these important security tactics.
Enable Multi-Factor Authentication
According to the 2022 Verizon DBIR, stolen credentials were used in 50% of security incidents and confirmed data breaches this past year. Help your team enable MFA wherever possible to reduce the impact of stolen credentials. Download the MFA infographic.
- What: Enable multi-factor authentication for any accounts that offer this feature. Multi-factor authentication asks you to provide an additional method of identity verification beyond your username and password, such as a PIN code sent via text message, or a code from an authenticator app.
- Why: Making sure multi-factor authentication is turned on wherever possible reduces the likelihood that an attacker will use your login credentials to compromise sensitive information.
Use Strong Passwords
Using strong passwords that aren’t reused across multiple sites makes it harder for attackers to brute force login credentials and gain access to sensitive information. Help your team use strong passwords by putting in place a password policy. Download the password infographic.
- What: Passwords should be 12-15 characters and be complex, avoiding guessable words like “password” or phrases related to the business. Do not reuse passwords across multiple sites. Take advantage of a password manager to keep passwords unique and secure.
- Why: Attackers will guess common passwords to try and gain access to your accounts. Complex passwords make it harder for attackers to accidentally get your credentials right.
Recognize and Report Phishing
Phishing techniques can be highly targeted, and employees may fall for them when trying to complete tasks quickly. Make sure your team recognizes the signs of phishing and knows how to report a suspected phishing email. Download the phishing infographic.
- What: Phishing emails are emails that entice you to click a link or open an attachment by pretending to be a known entity, such as a vendor or a supervisor. They may also ask you for credit card information, logins and passwords, or gift cards. Report these emails using the report phishing button in your email.
- Why: These emails can contain malware, leading to ransomware and exposure of company and customer information. Attackers can use information they gain from you to commit fraud and infiltrate company systems.
Update Your Software
Software updates are crucial to fixing bugs and vulnerabilities. Make sure your team is installing updates as they are prompted and not putting them off for extended periods of time. This includes updates to applications and operating systems. Download the software update infographic.
- What: When prompted to install updates on your phone or computer, install them as soon as possible.
- Why: Updates aren’t just for installing new features. Updates fix bugs and vulnerabilities that attackers can use to gain access to systems.
Looking for additional Cybersecurity Awareness Month resources?
RH-ISAC members have access to resources such as a security awareness working group to develop programs that promote a culture of security across your organization. Learn more about RH-ISAC membership.