October is Cybersecurity Awareness Month: Focus on These Four Critical Areas

Steve Hosie holds CISSP-ISSAP, CISM, CISA, CGEIT, CRISC, CDPSE professional cybersecurity certificates and has over 34 years as an active security practitioner in mainframe cybersecurity and compliance.

Nineteen years ago, Cybersecurity Awareness Month was established for October. Every October, security practitioners create awareness about how best to protect your private information on a personal as well as a corporate level.  

What steps can you take on a personal basis to help protect your personal, private information and prevent identity theft or the compromise of your login credentials to your retirement accounts, bank accounts, or stock trading accounts? And, on a corporate level, what actions are taken to ensure the protection, confidentiality, integrity, and availability of your personal, private data?

This year there are four areas of focus for Cybersecurity Awareness Month 2022:

1. Enabling multi-factor authentication
2. Using strong passwords and a password manager
3. Updating software
4. Recognizing and reporting phishing, smishing, or vishing

Is it easy to stay safe online? Yes. However, you must implement certain safeguards, just like locking the front door to your home.  

Here are some important recommendations to help you #BeCyberSmart:  

1. Enable multi-factor authentication for all online accounts, websites, banks, stores, mortgages, retirement accounts, stock trading, etc.
2. Use strong passwords. Check your password at https://haveibeenpwned.com/Passwords to determine if the password you are using has been compromised. If so, immediately change to a stronger password.  Never use the following for a password:  123456, 123456789, qwerty, password, 12345, qwerty123, 1q2w3e, 12345678. It is remarkable how many people are using these passwords and how quickly they are compromised.
3. Always update the software you are using to ensure Windows and Mac software is current and up-to-date. Often security vulnerability fixes are included within the operating system updates helping you to be more secure.
4. Do not give your personal data to anyone who emails, calls, or texts you, ever.  If someone from a bank, the IRS, Microsoft, or power companies tries to get you to share information, do not respond. They will send you a notice in the mail and then you can call the phone number on the notice as needed. 

We encourage you to take a risk-based approach and focus on the behaviors most important to you and any organization that you have an established relationship with, i.e. employers and any company who processes your personal private data.

We have all seen the news, all too often, unfortunately, when one company or another has been hacked, and millions of records containing customer personal data have been compromised. It’s time for consumers to start requiring all organizations, private or public, to take the same actions across all of their computing platforms and ensure the full protection of their private data.

We should always keep cybersecurity top of mind and ask the following questions:

• Have all computing platforms implemented Multifactor authentication for all user credentials? Stop the hackers and their password cracking programs from obtaining the user logon ID and password, breaking into systems, and stealing your data.
• Do all computing platforms have documented, implemented, and verified measurable technical platform-specific security standards for all computing devices that process data?
• Are there assurances and guarantees that all computing platforms and devices, including credit card readers, only use modern, fully supported software and that all software updates are applied within 90 days of released updates?
• Have all computing platforms implemented Security Continuous Monitoring solutions that provide real-time alerting of insider threat or bad actor behavior? 

Everyone has a right to have their personal, private data protected and to have a safe internet experience, so let’s all remember to play our part and #BeCyberSmart. 

Learn more about phishing resilience and “how to avoid the hook” here.