The month of October has been designated National Cybersecurity Awareness Month since 2004, which hints at its ongoing importance. It provides a much-needed opportunity to shed light on the ever-growing threat posed by cyberattacks.
In its 2022 Cyberthreat Defense Report, CyberEdge found that over 85% of respondents experienced a successful cyberattack, with 40.7% hit six or more times in 12 months. Clearly now is an appropriate time to consider how you will protect your business. That’s why, throughout the month of October, the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA) are urging individuals and businesses owners alike to take actions to protect their important data through four key steps.
- Use strong passwords
- Enable multifactor authentication
- Recognize and report phishing
- Update software
Use Strong Passwords
An astounding 23.2 million victims of cyberattacks globally used 123456 as their password, according to a United Kingdom National Cyber Security Centre survey. Creating a strong password is imperative for data security and helps reduce the risk of intrusion into your system. To maintain privacy and tracking in one place, consider implementing password management software to keep your passwords safe and secure.
When setting up new a password, recommended guidance includes:
- Length – Use at least 12 characters
- Uniqueness – Never reuse passwords or add a single character, such as a number or a symbol, to a previous password
- Complexity – Use a combination of numbers, symbols, and uppercase and lowercase letters
Enable Multifactor Authentication
CISA describes multifactor authentication (MFA) as “a layered approach to securing your online accounts and the data they contain.” Once enabled, users must present a combination of two or more credentials to verify their identity and gain access. The report notes that 43.2% of companies currently do not use two-factor authentication (2FA) or multifactor authentication (MFA). However, their use increased 7% from the previous year, which is encouraging.
Utilizing MFA can help stop cybercriminals from accessing your data. Microsoft estimates that by enabling MFA, users potentially could block 99.9% of automated cyberattacks. Although an additional step in the login process, MFA options can be managed with little hassle.
Added steps for MFA can include:
- Push notification via authenticator app
- One-time password – six-digit code via authenticator app
- Email code sent to phone or email
- Two-factor token – physical device that generates code
- Biometrics – fingerprints or facial recognition
Recognize and Report Phishing
Phishing is one of the most common types of cyberattacks and accounts for 90% of data breaches, according to CISCO’s 2021 Cybersecurity Threat Trends report. This tactic is notoriously successful because it targets the weakest link in the cybersecurity chain—people. The first step to protect against phishing is to focus on team training so that users recognize attacks and can report them to your IT team or through your email client (e.g., Outlook).
Implement proper training to protect against phishing noting steps such as:
- Think before you click, waiting as much as four seconds
- Read messages thoroughly and check for abnormalities
- Report phishing attempts to IT
- Change your password after a successful attack
Update Software
As simple as it sounds, keeping software up to date is the easiest way to protect your data from cyberattacks. Software developers continually search for necessary enhancements that target vulnerabilities in their programs, and these fixes often include security patches. By updating software when prompted, you can not only keep your systems functioning at peak performance but also keep cybercriminals at bay.
To make sure your software is up to date:
- Check for updates regularly
- Get updates directly from the software developer
- Schedule automatic updates where applicable
Always be cautious of pop-ups that say you should click to update your software. These may contain malware or entice you to click through to an unsecured website. Hackers also use social engineering tactics such as fake security threats or technical problem alerts to gain access to your data as well. Because these messages are designed to alarm you and cause you to take immediate action, remember to think before you click—as much as four seconds is suggested. Also, use a reputable pop-up blocker with your internet browser as a simple and effective tool to limit scammers.
Partner with Insurance Experts
Cybersecurity is more important than ever to protect your data. The steps listed above are just part of managing your overall digital security. It also is important to have the right cyber liability coverage in place for your company’s unique needs. Get with an IOA advisor today to learn more and to discuss how you can protect your business in the event of a cyberattack or, better yet, well ahead of one.
