Cybersecurity Awareness Month | 5 Tips On How To #BeCyberSmart
It’s been 18 years since the first National Cybersecurity Awareness Month (NCSAM), a campaign that was initially launched by the U.S. Department of Homeland Security and the National Cyber Security Alliance in order to empower both consumers and corporations in defending against cyber threats.
As the use of internet has become an essential part of our day-to-day life in the years since, with virtually all personal and business information stored and used via internet-connected systems, the number of threat actors seeking to leech, steal, and corrode our lives via cyberattacks continues to grow at an exponential rate.
And today, after a year filled with reports of large ransomware groups and devastating malware attacks on critical infrastructure sites all across the world, it seems as if the importance of cybersecurity awareness has never been greater.
Since the first NCSAM, the efforts that inspired it were adopted by other cybersecurity organizations, based in Canada and the European Union, that now conduct their own campaigns every October.
Wishing to participate, we compiled a short list of tips that will help you do your part and #BeCyberSmart.
Five tips for improving and maintaining your ‘cyber hygiene’
1. Strong Password Creation
Cybersecurity, for both the average computer user and entire company networks, should start with a very simple step – creating a strong, secure password.
While this might seem like a simple task, with the rise of password-cracking software and brute-force entry techniques, standards for strong passwords have become much higher than they have been in the previous decade. In fact, creating a unique, long (often incomprehensible) password is now considered a paramount requirement and a necessary basis for all further protection.
What is important to remember is that the length is more important than the complexity of the password. Of course, that doesn’t mean that you should just list a long string of numbers, but keeping the password long is a must. A strong password, cybersecurity experts now agree, has at least 12 characters. Along with that, use as much of a diverse set of characters as you can: mixing upper and lower case letters, numbers and symbols.
Tip: Incorporating a detail from your personal history or an internal company keyword into your password is now considered to be a thing of the past. While this might make remembering your passwords harder, it is recommended not to use any personal details or, even more drastically, any words that can be found in a dictionary.
2. Authentication beyond passwords
Past the point of a strong password, an additional security layer that many enterprises are now employing is two or multi-factor authentication.
Incorporating multi-factor authentication in your cybersecurity, and therefore increasing the amount of steps needed to access a system, exponentially increases the safety of your login procedure. The effectiveness of multi-factor, as reported by Microsoft, is such that it deters 99.9% of account hacks!
The best practice to combine multiple, independent credentials required to grant access to a system is for each credential to be of a different type. For example, in a three-step login process, you can layer three different kinds of critical information needed for gaining user privilege:
- what the user knows (password)
- what the user possesses (security token)
- who the user is (biometric verification).
Tip: Backup is of the utmost importance when it comes to multi-factor codes. Make sure you have your codes safely stored on at least two devices, so you can access them easily even in the chance of one of the two locking you out.
3. No room for doubt
As the slogan of this month’s cybersecurity campaign led by the European Union Agency for Cybersecurity (ENISA) and the European Commission states – ‘Think Before U Click’!
The easiest way for cyber criminals to get a hold of sensitive information is through links that might seem innocent, but hide malicious code or lead you to a page that will encourage the victim to input personal data.
These links may be distributed via email, online advertisements, or direct messages – and their content will have various strategies in order to urge the target to follow-up or click the offered link immediately.
Tip: Be wary of unsolicited messages, especially from email addresses that are unfamiliar to you. Impersonal introductions, unsettling urgency in the message’s content, or requests to divulge personal information, should all be warning signs that the message you are receiving was made with malicious intent.
4. Keep a clean overview
Maintaining a healthy level of cybersecurity requires constant attention and thorough system checks and updates.
Keeping all your interconnected devices on up-to-date software, with frequent vulnerability checks, can significantly reduce the risk of malware infections and third-party infiltrations.
The best way to keep track of what devices are in need of a system check-up, or an update, is to implement a live vulnerability assessment and threat intelligence solution, which will automatically notify you if an asset is failing to perform on a level that is required.
Tip: Find a solution that can integrate with your existing system the easiest. And don’t overextend yourself when it comes to threat intelligence sources – one quality solution provides a much more clear-headed path to operationality, than a dozen average ones.
5. Back up and segment
Another critically important course of action when setting up the basis of your cybersecurity procedure is the protection of critical data in the case of a breach.
As per Ponemon’s Cost of a Data Breach report, once your system is infiltrated, it takes an average of 280 days to locate the intruder.
Therefore – planning for an incident of this kind upfront becomes crucial to the security of your operations.
This is done in two ways:
- By creating backups of important information
- By creating a network segmentation plan
While for some organizations, simply backing up data is enough for the company in order to continue their operations after a breach, for critical sites data theft is just the tip of the iceberg.
An imposing amount of threat is, in this case, contained within the breach itself. Malicious actors might, aside from data extraction and subsequent extortion, focus on infiltrating the network and its available devices to the point of taking over system controls – the most dangerous thing imaginable on factory floors and critical infrastructure sites.
This is why implementing a detailed network segmentation plan, with individual access codes and authentication processes, is paramount to cybersecurity in the age of Industry 4.0 – reducing attack surface and decreasing the chances of the threat actors moving laterally through your system.
Tip: Develop a detailed segmentation plan, with clear divisions between subsections. Plan ahead in order to find just the right number of subdivisions you need created – according to Gartner Research, more than 70% of network segmentation implementations had to be redone because of the problems caused by over segmentation!