Our Cybersecurity Awareness Month List
As we celebrate Cybersecurity Awareness Month, it’s important to remember that cybersecurity is something we all need to pay a lot more attention to. Implementing the steps we’ll mention below in today’s blog will help to make it more difficult for cybercriminals to get an edge.
The U.S. Department of Homeland Security (DHS) and the National Cyber Security Alliance (NCSA) wanted October of each year to be a time to reemphasize cybersecurity best practices. This October, part of their focus is on AI-driven cyberattacks and of course phishing attempts and how critical multi-factor authentication (MFA) is. With the number of connected devices and digital interactions ever-increasing, cyberattacks have skyrocketed. Ransomware and phishing attacks have more than doubled since 2020. And now, AI-enhanced phishing attempts are becoming a huge problem too.
How? Hackers are using AI to make it even more difficult to spot fraudulent communications. So., we have researched the key items that need to be on your list when it comes to training and reminding your employees about the following best practices:
Setting up Multi-Factor Authentication (MFA): Strong passwords of course are not enough. MFA requires the user to set up two or more credentials to log in, such as a code sent to your phone. While it may be a pain – it’s now a must-have extra step. Wherever possible, encourage your employees to enable multi-factor authentication for all of their corporate online accounts.
And, Of course - avoid using the same password across multiple accounts, and use a password manager to keep track of them securely.
Recognizing Phishing: Educating users to spot phishing attempts is crucial. Attackers often pose as legitimate entities, tricking users into revealing sensitive data like passwords or credit card details. Be cautious when receiving unsolicited emails, texts, or links, especially those asking for personal information.
Updating Software: Keeping software and devices up to date ensures that security vulnerabilities get the patches they need. Many attacks exploit outdated systems with known flaws.
Understanding AI-Powered Threats: Cybersecurity professionals are urging individuals and businesses to invest in tools that detect and neutralize AI-driven threats.
Below, is an even more substantive list to follow . . .
1. Patch early and often - since it’s the root cause of ransomware attacks in 2024.
Regularly update your devices and applications to prevent attackers from exploiting known vulnerabilities.
2. Back up regularly - keep a recent backup copy off-line and off-site. You need to encrypt your backup data and keep it off-line and off-site.
3. Enable file extensions so your team can spot file types that wouldn’t commonly be sent – I.E. JavaScript files.
3a. Open JavaScript (.JS) files in Notepad – since, using Notepad blocks it from running any malicious script
4. Don’t enable macros in document attachments received by email - as per Sophos: “Microsoft deliberately turned off auto-execution of macros by default many years ago as a security measure. A lot of infections rely on persuading you to turn macros back on, so don’t do it! “
5. Monitor administrator rights – your team needs to keep reviewing domain admin rights. Leadership needs to know who has them and remove those who don’t need them. And, if you have Admins, tell them to log out if they don’t need to be.
6. Regulate internal and external network access - don’t leave ports exposed – plus, you need to lock down RDP access and other remote management protocols.
In the end - even with constant reminders, cybersecurity is everyone’s responsibility.
There is where our team at SpaceBound Solutions can help with its Endpoint Security Services – learn more at: https://www.spaceboundsolutions.com/ContentPage/148
________________________________
Three (3) Sources for today’s blog post:
CISA: https://www.cisa.gov/cybersecurity-awareness-month
Center for Internet Security:https://www.cisecurity.org/insights/blog/october-national-cybersecurity- awareness-month
