Lessons Learned from Cyber Awareness Month – Part One
October was Cyber Security Awareness Month. As proclaimed by President Trump and organized by the Department of Homeland Security, Cyber Security Awareness Month is a time to focus on cybersecurity as a shared responsibility that affects all Americans. Now that it has come to an end, it’s worth reviewing some of the important points highlighted during the course of the month, which we are doing in several installments.
In this first of four blog posts about cyber awareness, we address top consumer cybersecurity concerns, including simple steps to protect against cybersecurity threats, and ways to help the public understand what to do if they fall victim to cybercrime. One important emphasis is making the public more aware and vigilant about phishing schemes. According to recent studies, 85 percent of U.S. organizations have experienced a phishing attack and 30 percent of individuals have opened a phishing email. A second common vulnerability is the weakness of passwords due to repeatedly using the same one or choosing obvious (and easily hackable) passwords.
Putting It Into Practice: Companies can take some simple steps to reduce these individual vulnerabilities:
Provide training to educate individuals to focus on who an email is from, whether it requests that the recipients click on links or open attachments, and whether the content of messages is above suspicion.
Review and, if necessary, revise your password settings to require sufficiently complex passwords and prohibit repetition of recently used passwords.
Make sure passwords are sufficiently encrypted and that there is a maximum number of permissible unsuccessful attempts to enter a password on an account within a set timeframe.
Utilize multifactor authentication and encourage your employees to do the same with their personal accounts on such online services as webmail and social media.