A shocking 95% of cybersecurity incidents can be traced back to a form of human error. User security behaviors are just as important as other critical infrastructure cybersecurity tools.
When employees unknowingly assist a hacker with a data breach by clicking on a link in a phishing message or by using weak passwords, the bad actor can often bypass other security protections.
It’s important to emphasize to staff that cybersecurity isn’t just something that the IT team handles. Keeping digital systems and data secure is a personal responsibility of everyone.
In fact, this is the emphasis of 2022’s Cybersecurity Awareness Month (CSAM), which begins in October. The overall theme this year is “See Yourself in Cyber,” and personal responsibility for cybersecurity practices is expressed through four key security behaviors.
Four Key Security Behaviors to Emphasize in October
Cybersecurity Awareness Month is the perfect time to remind your team how important their personal contributions are to the security of your entire facility or organization. The CSAM site makes it easy by providing a toolkit of resources, including graphics, articles, an email template, email signature, and more. You can access these by signing up as a 2022 CSAM Champion.
One strategy for improving your team’s security hygiene is to focus on one key security behavior each week during October. Use the graphics and other messaging included in the toolkit to promote good behavior in multiple ways.
Employees that are well-trained in cybersecurity awareness can reduce an organization’s attack risk by as much as 70%.
Here are the four key behaviors that you can promote to your staff as part of CSAM, and all the time.
1. Enable Multi-Factor Authentication
Multi-factor authentication should be enabled on all employee logins. It’s one of the best forms of protection against stolen passwords and fraudulent sign-in attempts. Additionally, it’s a good idea for employees to do this on their personal cloud accounts as well.
Two out of three employees use their personal devices at work. So, if those devices are breached, the network they’re connected to can also be breached. This is why these tips should also be emphasized for personal data security and for any device that has access to company data or systems.
2. Use Strong Passwords and a Password Manager
After all this time, weak passwords are still an issue in many organizations. This is due to the fact that people often have so many different systems they use that they can’t possibly remember unique, difficult passwords for all of them.
So, they reuse passwords and use passwords that are easy to remember. This puts the account at a high risk of being breached because easy-to-remember passwords are also easy to breach.
Using strong, unique passwords for all logins is possible when a password manager is used. The password manager “remembers” all the passwords and will suggest strong ones to use when setting up or changing an account credential. Employees only need to remember a single strong password or passphrase to access all the others.
3. Update Your Software
Software vulnerabilities are a fact of life. When software is released or updated, there are often unknown vulnerabilities that are usually found by hackers first. Once hackers begin exploiting these, software providers put out patches to address the issues. But these patches don’t work unless the end user installs them.
Organizations should automate all updates to improve their security posture and reduce risk. But user devices again come into play, as many are used to access work apps and data. Users need to be aware of the importance of keeping software updated on all their devices.
Updates should be done regularly for:
- Operation system
- Software
- Mobile apps
- Device firmware
4. Recognize and Report Phishing
Phishing is an ongoing issue for organizations and a continuous opportunity for cybersecurity criminals. Phishing has become more sophisticated over the years, with many messages being personalized and difficult to discern from the real thing.
In addition, hackers now use more than emails for phishing, There is social media phishing, voice call phishing (“vishing”), and SMS phishing (“smishing”).
Phishing via SMS is becoming particularly alarming. It has increased in volume recently, and many people are unaware to be on the lookout for fake text messages. Hackers are now attempting to steal one-time passwords (OTPs) that are used with multi-factor authentication through text message-based phishing.
Users need to have ongoing training and reminders on how to spot phishing in all its forms. They also need a reporting mechanism that allows them to report phishing to your IT team, so patterns can be identified. Transparency in phishing attempts allows organizations to respond in real-time, both warning other users of the phishing attack and using threat mitigation techniques to shut it down.
Need Help Automating More of Your Cybersecurity Strategy?
A combination of employee awareness training and automation can improve your cybersecurity posture. WizNucleus can assist your mission-critical facility or organization with affordable solutions.
Contact us today to schedule a free consultation! Call +1 (646) 558-5577 (New York, NY) or +1 (469) 481-1726 (Carrollton, TX) or reach out online.