Now in its 19th year, Cybersecurity Awareness Month (NCSAM) continues to build momentum and impact with the ultimate goal of providing everyone with the information they need to stay safer and more secure online. SBS is proud to support this far-reaching online safety awareness and education initiative which is co-led by the National Cyber Security Alliance and the Cybersecurity and Infrastructure Agency (CISA) of the U.S. Department of Homeland Security.
As an NCSAM Champion, SBS will be sharing a variety of cybersecurity downloads, blog posts, and tips. Be sure to follow us on LinkedIn, Facebook, and Twitter, and join our mailing list so you don't miss any updates!
This year is all about taking action! All throughout October, we are promoting these four key security behaviors to encourage individuals to take control of their online lives:
- Enable Multi-Factor Authentication
- Use Strong Passwords and a Password Manager
- Update Your Software
- Recognize and Report Phishing
Download: Security Awareness Toolkit
NCSAM is a great reminder to refocus on cybersecurity awareness, but education needs to take place throughout the year to be fully effective. We want to make it easy for you to educate your customers, board, and community to stay cyber-safe all year long. We encourage you to review the SBS Security Awareness Toolkit to easily share cyber tips, social media posts, events, and more, reinforcing the strong cybersecurity culture of your organization.
Enable Multi-Factor Authentication
It’s as easy as learning a new dance move and your online accounts will thank you. Multi-factor authentication, or MFA, is a security measure that requires anyone logging into an account to navigate a two-step process to prove their identity. It makes it twice as hard for criminals to access an online account. When it’s available, always turn it on because it’s easy to do and greatly increases your security.
According to SBS DFIR Team Lead Buzz Hillestad, GFCE, MFA is the one single control that would have prevented every incident we’ve worked on over the last three years, at some point in the attackers' process. It is the single greatest risk-decreasing control you can implement in your enterprise.
Did you know?
- Only 26% of companies use multi-factor authentication. (LastPass)
- Two-factor authentication has become more popular over the last two years, with 79% of US/UK respondents saying they used it in 2021, compared to 53% who used it in 2019. (Duo Labs)
- SMS text messages are the most common second factor US/UK users choose when logging into two-factor authentication accounts, at 85%. (Duo Labs)
Quick Tips to Share:
- 99.9% of account hacks could have been blocked by MFA. Enable MFA on every application that allows it.
- Do the two-factor two-step. Always use multi-factor authentication!
- Go beyond the username and password. For an added layer of security, enable multi-factor authentication when available.
- Give a hacker a hard time! When you use MFA on your accounts, it means cybercriminals can't access your account with just your password alone.
SBS Resources:
- {Blog} Behind the Hack: How Employee Handling of Phishing Emails Can Allow a Hacker Inside Your Network: During a recent social engineering assessment, an SBS CyberSecurity network security engineer was able to gain internal network access from a phishing email. Here’s a brief overview of how the issue was identified and controls that could have helped secure the network.
- {Blog} Six Controls to Dramatically Reduce Cyber Risk of Incidents: Get the answer to one of our most asked questions: "What is your single biggest suggestion for everyone to better prepare for a cybersecurity issue/incident?"
Use Strong Passwords and a Password Manager
As our online lives expand, we’ve gone from having just a few passwords to today, where we might manage upwards of 100. That’s 100 unique passwords to remember if you’re using strong password habits. Password managers can save users a lot of headaches and make accounts safer by recommending strong passwords. This October, we’re dispelling the misconceptions about password managers and showing others how these tools will keep them safe online.
Did you know?
- 53% of people rely on their memory to manage passwords. (Ponemon Institute)
- Only 45% of adults would change a password after a breach. (Google)
- 75% of people said they don’t know how to create secure passwords in the first place. (Ponemon Institute)
- 81% of the total number of breaches leveraged stolen or weak passwords. (LastPass)
- 61% of employees use the same passwords for multiple platforms. (LastPass)
- 28% of adults in the US use the same password for all of their online accounts. (Business Insider)
Quick Tips to Share:
- Running out of password ideas? Let password managers do the work for you.
- Lock up your password list. Replace your written list of passwords with a password management tool.
SBS Resources:
Click on the image to download your security awareness poster.
- {Download} Password Tips: It’s important to create strong, complex passwords for your systems. That’s why we’ve put together these best methods for stronger passwords to help you train your employees. Keep in mind, though, that based on the risk of each system, these standards may fluctuate.
- {Solution} Password Audit: Use brute-force and dictionary attack methods to test the strength and complexity of your passwords.
Update Your Software
One of the easiest ways to keep information secure is to keep software and apps updated. Updates fix general software problems and provide new security patches where criminals might get in. This Cybersecurity Awareness Month, we’re telling others to step away from the “remind me later” button to stay one step ahead of cybercriminals.
Did you know?
- Nearly a third (31%) of US/UK respondents say they either “sometimes,” “rarely,” or “never” install software updates. (NCA)
- 68% of the participants reported installing the latest updates and software as soon as these are available. (NCA)
- Just 20% of Android devices use the latest and safest OS version. (Symantec)
Quick Tips to Share:
- Turn on automatic updates on all your devices. Set it and forget it!
- Stop clicking "Remind me later." Don't hesitate to update!
- Keep it clean. Keep a clean machine with current security updates, web browser, and operating system.
- Delete when done. Uninstall any apps you no longer use.
SBS Resources:
- {Blog} Security Patch Overload: The endless cycle of patching may leave many asking themselves, Why? Is there a better way? How can we improve this process? This blog covers the topics that a modern patch management program should address.
Recognize and Report Phishing
Phishing attacks have become an increasingly common problem for organizations of all sizes and can be very difficult to spot. 30% of small businesses consider phishing attacks to be their top cybersecurity concern. It’s important for every individual to stop and think before clicking on a link or attachment in a message and know how to spot the red flags. Cybersecurity Awareness Month 2022 will give individuals the tools they need to recognize a phish and report it to their organization or email provider.
Did you know?
- Nearly 3 out of 4 companies experienced a phishing attack in 2020 (Symantecs).
- 42% of the participants said they used the reporting capability on a platform (e.g. Gmail) “very often” or “always”. (NCA)
Quick Tips to Share:
- Follow the Golden Rule of Email! Treat every email like a phishing email.
- Call to verify. Always call the sender or send a chat (not an email) to verify a suspicious email.
- Think and rethink before you click. Don't click on any link or download unless you have verified the sources and are certain of where it will send you.
SBS Resources:
Click on the image to download your security awareness poster.
- {Tip Sheet} Investigating Phishing Emails: If your organization is notified that emails are being sent that appear to come from you or an employee of your organization, the process outlined in this download can be useful in determining if the email is spoofed or if you have a compromised email account.
- {Blog} The Golden Rule of Email: Because of the mass amounts of phishing emails targeting victims every day, it is more important now than ever to remember The Golden Rule of Email, the modern version of the well-known principle.
- {Product} KnowBe4: Your employees are frequently exposed to sophisticated phishing and ransomware attacks in today’s world. This is why SBS has partnered with KnowBe4 to offer the world’s most popular integrated platform for awareness training combined with simulated phishing attacks.