Celebrate Cybersecurity Awareness Month with These Best Practices
WebCE Staff
By
October 8, 2024
Happy Cybersecurity Awareness Month!
Every October, CISA (the Cybersecurity & Infrastructure Security Agency), promotes cybersecurity best practices to raise awareness and encourage the public to reduce their risk of becoming a target.
Cybersecurity is more important than ever. Losses to cybercrime hit an all-time high in 2023, while forecasts for 2025 estimate cybercrime will cost the world economy as much as $10.5 trillion. From securities to real estate to casinos, every industry is a potential target. Once a company is breached, their entire industry is seen as an easy target.
Below are this year’s top cybersecurity awareness best practices from CISA.
Cybersecurity Awareness Month Best Practices
“Secure Our World” is this year’s theme for Cybersecurity Awareness Month. This theme highlights how interconnected we are online and across our devices, from messaging friends and family to shopping to conducting business. If we each implement cybersecurity best practices and sharpen our awareness, we can collectively “Secure Our World” against cyberthreats.
Here are CISA’s four best practices for 2024’s Cybersecurity Awareness Month:
Use Strong Passwords and Password Managers
If a cybercriminal gains access to your accounts, they can steal data, money, or even your identity.
Do you know the number one way cybercriminals gain access to accounts?
Weak passwords. These passwords are simple, such as 123456, or use common identifying information, your birthday or pet’s name.
A strong password is your first line of defense.
Here are CISA’s three tips to strengthen your passwords:
Make Them Long – CISA suggests passwords of at least 16 characters or longer. Longer is stronger!
Make Them Random – Two approaches to randomness are:
Use a random string of mixed-case letters, numbers, and symbols, such as cXmnZK65rf*&DaaD
Create a memorable “passphrase” using 4 to 7 unrelated words, such as H0rsePerpleH@tRunBay
Misspell one or more words to make the phrase more secure
Make Them Unique – Use different passwords for each account
What’s the trick to remembering all these long, random, unique passwords?
You don’t.
That’s why CISA also recommends a password manager, or a program that maintains your passwords.
Password managers can store your passwords—even help generate new strong passwords—and automatically fills your log in information on each site or app.
Using strong passwords is an important way to protect your accounts.
Enable Multifactor Authentication (MFA)
MFA offers an additional layer of security by asking us to confirm our identities when logging in by entering a code, using a fingerprint, or with facial recognition software.
Even if a password becomes compromised, bad actors will not be able to bypass MFA and your accounts will stay protected.
Here’s how to turn on MFA for each of your accounts:
Go to Settings – This may be called something like Account Settings or Settings, & Privacy.
Look For & Turn On MFA – This may be called two-factor authentication, two-step authentication, or similar.
Confirm – Choose your MFA method from the options provided. These might include:
Receiving a numeric code by text or email
Using an authenticator app, which generates a new code every 30 seconds
Biometrics such as facial recognition or fingerprints
Update Software
We’ve all selected “Remind Me Later” on software updates because we’re busy or think we will actually do it later.
But doing this exposes us to security risks. In fact, many software updates are meant to address security risks and keep you protected.
Here are some steps to keep your software updated:
Watch for Notifications – It’s important to install ALL updates, especially for web browsers and antivirus software.
Install Updates ASAP – Cybercriminals won’t wait, so you shouldn’t either.
Turn on Automatic Updates – Automatic updates install updates as soon as they’re available.
Keeping the software on all your devices updated can lay the groundwork to fend off attacks and keep you protected.
Recognize & Report Phishing
Phishing refers to attempts criminals make to get you to open a harmful link, email, or attachment. These messages often use a sense of urgency to get us to act before thinking. Especially when they are designed to look like they come from a trusted source.
Defending against phishing requires maintaining cybersecurity awareness whenever we are online.
Here are some tips to help you identify phishing:
Recognize – Look for common signs of phishing:
Resist – Phishing wants to entice you to act, but pause and recognize whether the message is legitimate. If not, report the message as phishing or spam—most email providers offer this function.
Delete – Do not reply, do not open attachments, and do not click links—not even unsubscribe links. It's all a scam. Just delete.
Spotting phishing becomes second nature with practice, meaning your cybersecurity awareness serves as the last line of defense to keep your accounts secure.
How Cybersecurity Awareness Training from WebCE Can Prevent Attacks
Cybercriminals are constantly adapting their tactics, targeting industries like financial securities, real estate, and casinos with a mix of sophisticated and unexpected methods to try and catch them off-guard. Cybersecurity awareness training equips employees with the latest strategies to identify vulnerabilities and defend against risks like phishing, ransomware, and data breaches.
WebCE offers comprehensive cybersecurity awareness training designed to keep your team informed and proactive. Staying current with best practices not only minimizes risks, but also protects your organization from devastating financial and reputational losses.
Explore our course catalog to see what cybersecurity best practices we recommend for your industry and ensure your team is prepared to defend against today’s cyber threats.