October marks National Cyber Security Awareness Month, a month-long public awareness campaign launched by the United States Department of Homeland Security. The annual campaign, now in its 18th year and aptly themed “Do Your Part. #BeCyberSmart,” aims to raise awareness about cybersecurity best practices and highlight the collective effort we all need to take in order to remain informed about cyber warfare and prevent future attacks.
With more and more people working remotely and a dramatic increase in ransomware, phishing and supply chain attacks – to name a few, we’ve highlighted a few best practices to help you “Do Your Part” and “BeCyberSmart.”
Access Control & Endpoint Security
Many of the modern-day attacks are possible due to insufficient access control and endpoint security. As a result, we recommend:
- Always using anti-virus software and firewalls on your personal devices
- Not downloading, installing or running any software on your work laptop without prior approval of the IT team
- Not clicking on alarming pop-up windows that say that your computer is infected with a virus
Phishing attacks often seem legitimate but can lead to malicious sites that steal your credentials. You should therefore ensure that you:
- Use your email for work purposes only and not for personal communications
- Look for spelling mistakes in the email and on the website address to identify a phishing attempt
Social Media & Information Protection
In other cases, publicly available information can contain useful data for hackers that can be collected from the web or social media. Employees can accidentally leak internal, sensitive information. As a result:
- Beware of the information you share on social media
- Do not share work-related sensitive information with third parties, without the manager’s approval
- Don’t use public WiFi hotspots without using a VPN secure connection
Strong Authentication & Password Policies
Another extremely common vulnerability involves weak authentication and passwords. Writing passwords on sticky notes, for example, is a bad practice. We therefore recommend:
- Using two-factor authentication and strong passwords that include capital letters, lower case letters, digits and special characters. Our Red Team Expert, Tal Memran, explains in this short video the types of MFA, and the tough ones that are hard to crack.
- Using strong passwords or pass-phrases. Lior Bar Lev, Customer Success Manager at CYE, dives into some examples of common passwords mistakes and the best ones to use in this video.
Ultimately, you are responsible for your security and for keeping your endpoints safe and your data secure. While National Cyber Security Awareness Month may be coming to an end, cyberwarfare is not. Hackers will continue to attempt to wreak havoc on individuals and organizations, causing significant financial, reputational, legal and physical harm. Yet, it is up to the collective “us” to ensure that we do our part to keep our information safe and #BeCyberSmart.
Watch our Director of Research, Gil Cohen, summarize the security actions in just 4 minutes: