Cybersecurity Awareness
Cybersecurity Awareness Month Week 4:Report Phishing
Phishing attacks in data breaches increased 11% from 2019 to 2020. It went from 25% to 36% based on an analysis of confirmed breaches (Verizon). Phishing attacks have become an increasingly common problem for organizations of all sizes and can be very difficult to spot. 30% of small businesses consider phishing attacks to be their top cybersecurity concern. It’s important for every individual to stop and think before clicking on a link or attachment in a message and know how to spot the red flags. Cybersecurity Awareness Month 2022 will give individuals the tools they need to recognize a phish and report it to their organization or email provider.
Much like strong passwords in week two, we also talked about Phishing last year. There are a lot of different names for this type of cyber threat, but in any of its forms, it is a type of Social Engineering attack that takes advantage of the best of our human nature – to be helpful to those in need promptly.
From awareness to training and testing – learning how to recognise and report phishing in your organisation is a vital part of staying safe online.
Thank you for taking the time to watch this series of Cybersecurity Awareness videos. Be vigilant. Be safe. And never stop learning. Read more about our Cybersecurity solutions and products here or contact your Schaedler Yesco Sales Rep for more information.
Cybersecurity Awareness Month Week 3: Updating Your Software
Nearly a third (31%) of US/UK respondents say they either “sometimes,” “rarely,” or “never” install software updates (NCA). One of the easiest ways to keep information secure is to keep software and apps updated. Updates fix general software problems and provide new security patches where criminals might get in. This Cybersecurity Awareness Month, we’re telling others to step away from the “remind me later” button to stay one step ahead of cybercriminals.
This is week three and our topic is "Updating Your Software"
Did you know that over 8,000 software vulnerabilities were catalogued in the first three months of 2022 alone? That’s about 90 vulnerabilities a day on average. In fact, in 2020, one vulnerability was found that had been in the wild since 1999 without previously being discovered or used by a threat actor.
With an ever-evolving threat landscape like this, it is easy to see why it is important to keep your software and operating system up to date on a regular basis. Some vendors release updates on a weekly basis to help their customers remain safe. Keep in mind that this isn’t only helpful for your computer – but it is also important for your smartphones, tablets, IoT devices, smart home appliances, etc.
What is the upside of keeping my software up to date?
There are multiple benefits, but here are the top reasons:
- Patch Security Flaws – As new flaws and vulnerabilities are discovered, software makers will release patches to fix those flaws.
- Get New Features – As part of the regular patch releases for security, there is usually another group that works on making improvements to the software and those updates are usually released together with the security patches.
- Protect Your Data – No software maker wants to be responsible for having software with a vulnerability. And most vulnerabilities are used to exfiltrate data from your computer or your company’s servers to be sold like any other commodity in the information age.
- Improve Performance – In some cases, vulnerabilities are not used to get data from you, but to use your computing power for their needs. Whether it be crypto mining or having your computer participating in a botnet for nefarious means (MaaS – Malware as a Service for example).
- Ensure Compatibility – As hardware and software improve, there may be some features (optional or functional) that can be enabled or improved by installing a software or hardware patch.
Are there any other reasons or considerations that I need to keep in mind?
While these reasons are specific to your home or business computers, you should keep in mind that these updates are available for your mobile devices (such as phones and tablets) as well as your IoT devices (Home appliances, smart home monitors, etc.). If you are an industrial customer, keep in mind that Automation vendors also release software patches and firmware updates for their hardware. Notifications are usually sent via an email subscription that is usually called a “Safety Advisory” or “Cybersecurity Updates”.
Read more about our Cybersecurity solutions and products here or contact your Schaedler Yesco Sales Rep for more information.
Cybersecurity Awareness Month Week 2: Use Strong Passwords
53% of people rely on their memory to manage passwords. (Ponemon Institute) As our online lives expand, we’ve gone from having just a few passwords to today, where we might manage upwards of 100. That’s 100 unique passwords to remember if you’re using strong password habits. Password managers can save users a lot of headaches and make accounts safer by recommending strong passwords. This October, we’re dispelling the misconceptions about password managers and showing others how these tools will keep them safe online.
This is week two and our topic is “Using Strong Passwords and a Password Manager”.
You might be thinking that you heard about using strong passwords last year… That’s because you did!
A strong password has been and will continue to be an important part of securing your online accounts. Not only using a strong password but using a different, strong password for each of your accounts? Why should you bother? If a threat actor gets your password from one account, the first they will do is try it on other accounts to see if it works there. Using a different strong password for each account can help prevent this type of “lateral attack” across all of your online accounts.
What is a Strong Password?
Well, we can start with examples of weak passwords. NordPass publishes the 200 most commonly used passwords list every year. It is an interesting website because you can filter the list by a number of demographic data as well as see how long it would take to crack those weak passwords (https://nordpass.com/most-common-passwords-list/). Strong passwords, on the other hand, are more than just one word with characters replaced with numbers or special characters. The best thing you can use is called a “passphrase” – 3 to 4 words that are unrelated to each other as well as unrelated to you. That means a higher character count and it is also harder to crack using a “dictionary attack” (https://nordpass.com/blog/what-is-a-dictionary-attack/). Passphrases are also easier to remember than 20 random characters.
So, tell me more about Password Managers.
Now that I have a strong password or passphrase, I am ready to go, right? I can use that everywhere, yes? Well, no. As we discussed above, if there is a data breach with one of the online services or vendors that you regularly use, threat actors will try to use your password/passphrase everywhere else that they can. The best practice is to use a password manager. A password manager is an app that holds all of your passwords in an encrypted vault. You have to then remember one strong password that you will only use to open your vault. This will give you access to the rest of your passwords, and they can be made ridiculously strong. Plus, you can save a separate password for every login credential. On top of all of those benefits, most password managers will have a family plan that allows each family member to have their own private vault as well as a shared vault for family credentials such as your streaming service, utility accounts, etc. Overall, this type of practice is an important part of having “Good Cyber Hygiene”.
Read more about our Cybersecurity solutions and products here or contact your Schaedler Yesco Sales Rep for more information.
Cybersecurity Awareness Month Week 1: Enabling Multi-factor Authentication
Nearly half (48%) of US/UK respondents say they have “never heard of MFA.” Many people don’t realize that multi-factor authentication is an incredibly important tool that goes a long way in keeping accounts secure. In fact, of those who knew about it (52%), most had applied MFA to their online accounts (81%) and were still using it (90%), showing that once MFA is enabled, users will keep using it.
This week, we’re showing others how easy it is to enable MFA wherever possible. Watch the video and read more information below and tune back each week for more content!
Launched in 2004, Cybersecurity Awareness Month is observed in October of every year as a broad effort to help all Americans stay safer and be more secure online. Since then, the campaign has grown globally, reaching individuals in over 75 countries and territories.
To celebrate Cybersecurity Awareness Month 2022, we will have new content each week based on topics chosen by the National Cybersecurity Alliance and the U.S. Department of Homeland Security. In week one we are going to talk about Multi-Factor Authentication.
So, what’s… Multi-Factor Authentication? Multi-Factor Authentication, also known as MFA, is a bit of information in addition to your username and password to increase the security of your log-in transactions. By adding one more simple step when logging into an account, multi-factor authentication greatly increases the security of your account. Here’s how it works. Just like logging into your account, the first step is giving your password or passphrase. The second step is to provide an extra way of proving that you’re you, like entering a PIN code or texting/emailing a code to your mobile device, or accessing an authenticator app.
What kind of additional information? Typically, it is one or more of the following four things:
- Something you know (this could be a PIN or the answer to a Security Question)
- Something you have (a physical thing like an Authenticator app on your phone, a YubiKey, or a CAC/PIV card)
- Something you are (usually called biometrics – things like a fingerprint, a voice print, or a retinal image)
- Someplace you are (active Location Services on your phone that shows that you are where you normally are)
What type of accounts offer MFA?
Not every account offers MFA, but it’s becoming more popular every day. It’s seen on many accounts that usually hold either valuable financial or personal information like banks, financial institutions, online stores, or social media platforms. Any place online that is storing your personal information (especially financial information), or any account that can be compromised and used to trick or defraud someone else should be protected with MFA. So, basically everything. Simply put, use MFA everywhere!
Read more about our Cybersecurity solutions and products here or contact your Schaedler Yesco Sales Rep for more information.