Experiencing a cyber attack or security breach? Contact Incident Response Team!

October 30, 2024 Cyber Best Practices

The Statistics Behind Cybersecurity Awareness Month: Four Key Best Practices

Zia Hellman Headshot
Zia Hellman
cybersecurity awareness month photo

Whether you plan your Halloween costume months in advance or on October 31, October brings the thrill of pumpkin carving, trick-or-treating, and candy. But scarier than any ghost is the threat of a data breach. That’s why Cybersecurity Awareness Month, held every October, is a collaborative effort to raise awareness.

This October 2024 marks the 21st Cybersecurity Awareness Month. In 2023, the Cybersecurity & Infrastructure Security Agency (CISA) assigned Cybersecurity Awareness Month with the enduring theme, Secure Our World. But it’s not enough to leave cybersecurity to a single month. Securing our world means taking steps year-round to protect our digital lives. CISA highlights four key best practices to both enhance national cybersecurity and awareness in the public and private sectors to help us Secure Our World:

  1. Recognize and report phishing
  2. Use strong passwords
  3. Enable MFA
  4. Keep software updated

These practices are essential for online safety, not just once but always, in both your personal and professional life. With 65% of U.S. adults concerned about cyberattacks this year (U.S. News), we’ll break down CISA’s tips to help ease the stress of staying secure and safe online from cyber threats.

Tip one: Recognize and report phishing

Statistic one: 15% of all breaches begin with phishing (IBM).

Phishing occurs when malicious actors attempt to deceive individuals into sharing personal information, such as passwords, bank account details, or social security numbers. This can involve tactics like creating fake websites or sending emails that appear to be from legitimate sources. These scams often come in the form of unsolicited messages via text, email, or phone calls, and they are becoming increasingly sophisticated and harder to detect, especially with the advancements in AI technology. AI can help scammers craft more convincing messages and identify potential victims, making it crucial for individuals to remain vigilant and informed about these threats. Always verify the source before clicking on links or providing any personal information to protect safeguard against online threats and from falling victim to these scams.

Here’s how to spot phishing:

  • Incorrect email links or addresses: Watch for random or slightly altered addresses that mimic trustworthy sources.
  • Bad grammar: Odd phrasing or grammar mistakes can be red flags.
  • Suspicious links: Avoid clicking on anything that seems off.
  • Requests for personal info: Never share details of sensitive information like your SSN unless you’re sure it’s a trusted source.
  • Urgency: Phishing often pressures you to act quickly—pause and evaluate before responding.

What to do if you receive a phishing message:

If you encounter a message that seems work-related, it’s important to report it to your IT department immediately to ensure the security of your workplace. For personal messages that raise suspicion, try to report them directly on your device if possible; many smartphones and computers have built-in features to flag or report unwanted communications. If reporting isn’t an option, it’s best to simply delete the message to avoid any potential risks. Additionally, avoid clicking on any “unsubscribe” links, as this could potentially be another phishing tactic designed to compromise your information or lead you to harmful sites. Always prioritize your online safety!

Tip two: Use strong passwords

Statistic two: 69% of adults feel overwhelmed by managing passwords (U.S. News) with the average adult having 168 (NordPass).

Gone are the days of relying on your pet’s name as a password—especially when managing over 168 accounts online. In today’s digital landscape, what constitutes a strong password has evolved significantly, as “easy to remember” is no longer sufficient for ensuring defenses.

The Cybersecurity and Infrastructure Security Agency (CISA) offers some essential guidelines for creating robust passwords that can help protect your personal information:

  • Length: Aim for passwords that are at least 16 characters long. The longer a password is, the harder it becomes for hackers to crack it through brute force methods.
  • Randomness: Create a mix of uppercase and lowercase letters, numbers, and symbols. This variety adds complexity and makes it more challenging for cybercriminals to guess your password.
  • Uniqueness: It’s crucial to use a different password for each account. This practice minimizes the risk of a single breach compromising multiple accounts. Consider using a password manager to help generate and store unique passwords securely.

By following these guidelines, you can significantly enhance your online security and protect your sensitive information from potential threats.

How can you remember passwords that are long, random, and unique?

But how do you remember so many complex passwords? That’s where a password manager comes in. It stores and generates strong, unique passwords for you. Our CEO, Lou Rabon, recommends 1Password for its strong track record of security. Through the use of a password manager, you are one step close to a safer digital world.

Tip three: Turn on MFA

Statistic three: MFA reduces the risk of compromise by 99.2% (Microsoft).

MFA (Multi-Factor Authentication) adds an essential extra layer of security by requiring not just your password, but a second step—such as a one-time code sent to your mobile device or a fingerprint scan—to verify your identity. This additional measure significantly enhances your online security. The Cybersecurity and Infrastructure Security Agency (CISA) emphasizes that even if your password is compromised, MFA effectively blocks unauthorized access to sensitive financial accounts, offering peace of mind in an increasingly digital world.

How to enable MFA:

Many platforms provide the option to turn on MFA, often referred to as 2FA (Two-Factor Authentication). Enabling this feature typically involves navigating to your account settings and following a straightforward setup process, which may include linking your mobile number or downloading an authentication app. Additionally, workplaces may mandate the use of MFA as part of their security protocols or implement third-party tools to further secure employee logins. Utilizing MFA is a proactive step every user can take to protect their personal and professional information from potential cyber threats.

Tip four: Update software

Statistic four: Over 60% of breaches involve vulnerabilities that could have been prevented by applying available patches (Verizon).

CISA’s final recommendation emphasizes the importance of keeping your software updated. Software companies regularly release updates that serve multiple purposes: they not only enhance functionality and resolve existing bugs but also play a crucial role in addressing potential security vulnerabilities. With threats evolving constantly, it becomes essential for individuals and organizations alike to proactively defend against online risks. To safeguard yourself from these threats, it’s vital to install updates as soon as they become available.

CISA suggests three practical steps to ensure your software remains secure:

  1. Watch for update notifications: Stay vigilant about the notifications your software provides, as they often alert you to important updates that could impact your safety.
  2. Install updates promptly: Don’t delay in installing updates. The longer you wait, the more vulnerable you may become to cyber risks that updates are designed to fix.
  3. Turn on automatic updates: Whenever possible, enable automatic updates. This way, you can ensure that your software is always up-to-date without needing to remember to check manually.

By following these steps, you can significantly fortify your defenses of your online safety and maintain the integrity of your systems.

Cybersecurity Awareness Month final thoughts

Cybersecurity Awareness Month may only last for a month, but the four crucial steps outlined above should be an integral part of your ongoing cybersecurity efforts throughout the entire year. Cyber threats are constantly advancing, and remaining vigilant is essential to ensuring you stay safe online. By consistently implementing these best practices, you can significantly enhance your protection against a wide range of cybersecurity threats, such as phishing attacks, malware, and data breaches, while strengthening your organization’s overall cybersecurity posture.

It’s important to raise awareness that cybersecurity is not just an IT issue; it involves everyone in the organization. Regular training sessions, updates on current threats, and fostering a culture of cybersecurity and awareness can empower employees to be the first line of defense. If your organization is ready to enhance cybersecurity awareness and online defenses, don’t hesitate to contact the cybersecurity experts at Cyber Defense Group for a free consultation today. With their expertise, you can develop a comprehensive strategy tailored to your specific needs, ensuring robust protection for your organization.

Contact us today!

Take the first step towards cyber resilience.

Get a security assessment today!

Get in Touch