Cybersecurity Awareness Month
2023 marks 20 years of Cybersecurity Awareness Month.
- Written by Roman Medina, Senior Chief Information Security Officer
What is Cybersecurity Awareness Month, and why is it important?
Cybersecurity Awareness Month was launched by the National Cyber Security Alliance and the Department of Homeland Security in 2004. Since then, every President of the United States has declared the month of October as a time for the public and private sectors to work together to educate Americans on the importance of cybersecurity.
This year marks the 20th year of Cybersecurity Awareness Month. While that is a great achievement, there is still a lot of work to be done. We focus on raising awareness throughout October, but we should be cyber-aware all year long. It’s that important!
Cyber threats, frauds, and scams have evolved, becoming more sophisticated and direct. Cybersecurity remains a vital initiative. It is critical that the public is educated and knowledgeable about foundational cybersecurity practices. Organizations, especially financial institutions such as Jefferson Bank, also play an essential role in ensuring our employees and customers are cyber-secure and aware.
What do you mean by the evolution of cybersecurity threats, frauds, or scams?
Phishing, vishing, or smishing has been around for a while. We will continue to see these types of scams that use false pretenses in messaging, such as email, voice calls, or text messages to obtain sensitive information or trick us into clicking spoofed web links to enter account login information. In these instances, scammers cast a wide net and wait for someone to take the bait.
The evolution of cybersecurity threats, frauds, and scams has been quite eye-opening. Cybercrime has become much more sophisticated and organized. It’s no longer about casting a wide net to see what they catch. Today’s threats are targeted. Cybercrime is run as a business with detailed step-by-step guides to deliver malware, ransomware, or sell already compromised login information. Cybercrime is a service with cybercrime support just as organizations have an IT Help Desk or Customer Service Teams.
The cybercriminals know which industries to target. Small & Medium Sized Businesses (SMBs) are a prime target for cybercriminals. Cybercriminals see SMBs as vulnerable, and breaching an SMB is not difficult. They’ve done their homework and know that many SMBs will not have dedicated cybersecurity teams working to protect their employees, systems, or networks.
What can SMBs do to be cyber secure and aware?
There are many things SMBs can do to be cyber secure and aware, but I will provide my top 3 foundational cybersecurity practices. This is what we have been focusing on at Jefferson Bank to bolster cybersecurity for our employees and customers.
Strong Passwords/Use of a password manager – Passwords are still the most common key that provides access to a computer, website, or online banking. We encourage our users to create strong, lengthy passwords. We apply technical policies for our systems or applications to force strong passwords. I recommend a unique password that is at least 14 characters long. I understand that it is difficult to remember a multitude of unique, 14-character passwords and keep track of what online identity you’ve assigned them to. Therefore, I must also promote the use of a password manager. A password manager or vault makes it easy to create these strong passwords as well as providing a secure place to store them. We all have hundreds of identities and managing all the different username and password combinations is difficult. Password managers also provide other security benefits. I use a password manager and it’s a game changer for your digital life.
Multi-Factor Authentication (MFA) – MFA is an added factor to your login experience. In addition to a strong password, you would be prompted for a second authentication factor. This may be a 6-digit code that is sent to you by text message, or it can be through a push prompt to an MFA app on your smartphone. At Jefferson Bank, we use MFA for our online banking system and for employees with remote access. MFA is easy to use and set up for any digital account, such as your email or social media accounts. SMBs should review their systems and enable MFA wherever possible. At a minimum, any system accessible over the Internet should have MFA enabled.
Backup and Update – Periodically, SMBs should backup all their critical data. Any data that the SMB needs to continue operating is considered critical. Would your SMB be able to operate with data that is seven days old? 30 days old? This will determine the frequency of your backups, such as daily, weekly, or monthly. The backups must also reside on a secure medium that is not connected to or accessible from your main network. The worst-case scenario would be that your backups get wiped or held hostage by ransomware because they were not stored separately, physically, or logically. When your backup process is complete, the next vital step is to update your systems and devices for security patches. Cybercriminals will exploit vulnerabilities on your computers, software, or smart devices. Eliminating these security weaknesses will further improve your cybersecurity. Devices that have access to or store critical data should be updated at least monthly. Update your operating system (computer, tablets, smartphones), browsers, Adobe products, Microsoft Office products, etc.
There are many more cybersecurity practices that SMBs can do. For more information, review the Cybersecurity for Business resources available on staysafeonline.org.