This October marks the 20th annual Cybersecurity Awareness Month. The U.S. Department of Homeland Security and National Cybersecurity Alliance launched Cybersecurity Awareness Month in October 2004 to increase cyber awareness and online safety for people across the United States. Since then, it has grown in popularity and is now a focus for educational efforts around the world each October.
The 2023 theme, Secure Our World, encourages everyone to take four key actions to help them stay safe and secure online:
1. Using strong passwords (and a password manager)
Stealing passwords remains a popular way for criminals to gain unauthorized access. Choosing a strong and complex password will make it harder for hackers to guess it – watch this short video to learn how to create one.
We also recommend that you consider using a password manager, which can store, generate, and even apply your passwords – and make it easy to have different passwords for each of your accounts.
2. Turning on multi-factor authentication (MFA)
MFA is a security measure that requires an additional proof of identity, beyond just a password, to grant you access. Additional proofs of identity could include a one-time passcode, facial recognition, or a fingerprint which are much harder for hackers to replicate. This stops unauthorized people from accessing your systems (and the precious data contained within them).
To illustrate the importance of MFA, check out this article. It details how cybercriminals accessed an organization’s security administration system and turned every security setting off – an issue MFA may have prevented.
3. Recognizing and reporting phishing attacks
Earlier this year Sophos commissioned an independent survey of 3,000 IT professionals into their experiences at the cyber front line. It revealed that email was the root cause of 30% of ransomware attacks, and that phishing is number two in their list of top security concerns for 2023[1].
Phishing emails aim to trick you into revealing sensitive information or doing something that will help the attackers.Think you’ve spotted a phishing email? Report it immediately to your IT team! You’ll be helping others stay safe from similar attempts.
For more tips on phishing, check out this article. It highlights the four main steps attackers take when creating convincing phishing emails. Understanding these steps helps you to spot and stop them.
[1] The State of Cybersecurity 2023:The Business Impact of Adversaries – Sophos
4. Updating software
The exploitation of unpatched vulnerabilities was the leading root cause of cyber incidents investigated by Sophos in 2022[2]. Keeping on top of updates makes software less vulnerable to exploitation by malicious actors. Updates also add new/enhanced features and boost the general performance of the software. So…update now!
Exploited vulnerabilities can have dire consequences as millions of users of MOVEit Transfer (a system that makes it easy to store and share files) discovered earlier this year. You can learn more about this high-profile incident here.
[2] Everything Everywhere All At Once: The 2023 Active Adversary Report for Business Leaders – Sophos
Resources to help you stay secure online – The Cybersecurity Best Practices Toolkit
In addition to the information above, we’ve put together a Cybersecurity Best Practices Toolkit packed with useful resources to help you stay ahead of the criminals.
The toolkit will enable you to:
- Better understand the cyber threat landscape with information and insights from over 3,000 IT professionals across the globe
- Develop your own cybersecurity incident response plan to prevent attacks from escalating
- Learn how to optimize both your endpoint protection platform and network security stack to stop advanced cyber threats including ransomware
Armed with these insights, you’ll be better equipped to defend against today’s advanced cyber threats.
We hope you find this information and these resources and useful. Remember: cybersecurity awareness isn’t just for this month – it’s for life! #BeCyberSmart
Martin Outlaw
Instead of recommending password managers, why has Sophos not provided one.
Sally Adam
Thanks for your interest but password managers are not on our roadmap.