Four ways to stay safe online: CAM turns 20

· 3 MIN READ · GREG NOTCH · OCT 5, 2023 · TAGS: Company news

Cybersecurity Awareness Month 2023 unveils a new theme and emphasizes four key behaviors to help keep your digital world safe.

It’s October, which of course means it’s Cybersecurity Awareness Month (CAM). Specifically, 2023 is CAM #20, so 🎂.

CAM, which was conceived by the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance, aims to raise awareness for both individuals and organizations about the threats and risks associated with the digital world and to offer concrete advice and tips to protect sensitive information and data.

We at Expel really like CAM because it allows us—and the industry as a whole—to talk about and share cybersecurity best practices in a positive and productive way, rather than in the midst of a breach or a crisis. Plus, the best practices are just one component of CAM.

The freshly debuted, evergreen theme is “Secure Our World” and the sponsors are focusing on four key behaviors:

Use strong passwords and a password manager.

Strong passwords are much harder for hackers to guess or crack, making it less likely that your accounts will be compromised. They enhance your digital privacy and protect sensitive personal and financial information. Strong passwords reduce the risk of unauthorized access to your accounts, which can be a gateway to identity theft or fraud.

The strength of a password is primarily determined by its length, regardless of its complexity. A strong password is ideally at least 12 characters and should avoid easily guessable information; patterns like “123456” or “password” are a huge no. Select a long passphrase that is unique and contains a few numbers and symbols, that has no direct relation to personal information, such as birthdays or names. Strong passwords aren’t just for personal accounts either. Many work accounts will require passwords, and you shouldn’t rely solely on your company’s security tools to protect those accounts.

Password managers automate the often-confusing task of tracking dozens of passwords by generating and storing complex, unique passwords for each of your accounts. This reduces the risk of weak or reused passwords that can be easily exploited by cybercriminals. Password managers also enhance security by encrypting your password vault, ensuring your credentials remain protected.

Turn on multi-factor authentication (MFA).

By requiring multiple forms of authentication for access to an account or service—typically something you know (like a password) and something you have (like a smartphone or a physical token)—multi-factor authentication (MFA) significantly enhances the security of your accounts even if your password is compromised. This layer of added protection greatly reduces the risk of identity theft, data breaches, and account takeovers. Wherever possible, choose to use a push notification, or a generated token (using a popular authenticator app) rather than SMS (texting), as SMS can be hijacked. Recognize and report phishing.

Quick side note: We talk a lot about the importance of MFA in our Quarterly Threat Reports. We recommend that security teams build detections for newly registered MFA devices. Be suspicious of new devices registered using a proxy, virtual private network (VPN), or suspicious location. Use strong authentication methods such as Fast ID Online 2 (FIDO2) and certificate-based authentication. If FIDO isn’t an option, deploy phish-resistant MFA or opt for push notifications instead of performing MFA by email, SMS, voice, or time-based one-time passwords (TOTPs).

Report phishing emails or websites to Google, your service provider, or your org’s security or IT team. This can help remove malicious content and prevent others from falling victim to scams. By staying vigilant and promptly reporting phishing attempts, you play an active role in maintaining a safer digital environment for everyone, reducing the success rate of phishing attacks and protecting valuable personal and financial information.

Update software.

Software updates fix vulnerabilities and weaknesses that hackers can exploit in the software you use. Updates to operating systems, applications, and security software address known security flaws and update system defenses. By keeping your software current, you reduce your susceptibility to malware, viruses, and cyberattacks, decreasing the risk of data breaches, identity theft, and unauthorized access to your systems.

Security and IT teams face a bigger challenge when it comes to updating software and applying patches: knowing which vulnerabilities pose the greatest risk in the environment. We recommend working to understand the severity of vulnerabilities and the criticality of the assets impacted. This work will help those teams eliminate the gaps that pose the most risk to the business, and prioritize the patches they need to apply.

While we remind ourselves and each other of the importance of security during October, the truth is that every month should be Cybersecurity Awareness Month. So note these tips and set a reminder to review your security practices regularly.

In time, cybersecurity won’t be something you think about, it will become something you do without thinking.

For more information on making your digital world a safer place, visit the National Cybersecurity Alliance website.

And for more information about what Expel is doing in October, and for some helpful resources, visit our Cybersecurity Awareness Month page.

Finally, we’re releasing an updated version of the Oh Noes!, our popular tabletop role-playing game tests your organization’s incident response (IR) plans. CAM is the perfect month to grab your copy and start planning your next tabletop.