October is Cybersecurity Awareness Month – a four-week international effort to raise awareness of the importance of cybersecurity and educate everyone about online safety and the steps that can easily be taken to protect personal data. In the United States, the federal lead for National Cybersecurity Awareness Month is the Cybersecurity and Infrastructure Security Agency (CISA) and resources have been made available by the National Cybersecurity Alliance (NCA) to help organizations communicate to their employees and customers the importance of cybersecurity.
This year, the theme of the month is “Secure Our World,” and the focus is on four simple and easy-to-implement steps that everyone can take to significantly improve defenses against cyberattacks and prevent unauthorized access to personal data. Those steps are:
- Use strong passwords and a password manager
- Enable multifactor authentication
- Update software
- Recognize and report phishing
Passwords should be set that are resistant to brute force guessing attempts. That generally means setting a password that is complex and uses several different character sets to increase the number of potential combinations. The standard advice is to ensure that each password contains at least one capital letter, lowercase letter, number, and special character. Ideally, a password should consist of a random string of all of those characters and be at least 8 characters long. Since strong passwords are difficult to remember, a password manager should be used. Password managers can help to generate truly random strings of characters and store them (and autofill them) so they do not need to be remembered.
The U.S. National Institute of Standards and Technology (NIST) has recently updated its password guidance and suggests moving away from enforcing complexity rules in favor of longer passwords, as they are easier to remember and are less likely to see individuals taking shortcuts that weaken password security. NIST recommends a password of at least 8 characters, ideally 15 characters or more, and to allow passwords of up to 64 characters. Enforced password changes should only be required if a password is compromised, and businesses should maintain a list of weak and commonly used passwords and prevent them from being set. A unique password should be set for each account. Only 38% of people set a unique password for all accounts.
A password alone should not be enough to grant access to an account, as while strong passwords may be difficult to guess, they can be obtained through other means such as data breaches or phishing attacks. To better protect accounts, multifactor authentication should be enabled. If a password is compromised, another method of authentication is required before access to an account is granted. For the best protection, phishing-resistant multi-factor authentication should be used.
While the exploitation of vulnerabilities is not the main way that cybercriminals gain access to devices and networks, everyone should ensure that their software and operating system are kept up to date and running the latest version with patches applied promptly. Software should ideally be configured to update automatically, but if not possible, should be checked regularly to ensure it is running the latest version.
One of the most important defenses is to improve education about phishing, as it is one of the main ways that accounts are compromised and networks are breached. This is an area where employers need to take action. Education of the workforce about the threat of phishing and malware is vital, and it should be provided often. Employees should be taught how to identify phishing attempts, and they should be provided with an easy way of reporting potential threats to their security team and be encouraged to do so. A one-click option in their email client will make this quick and easy.
This is an area where TitanHQ can help. TitanHQ’s SafeTitan security awareness training platform has an extensive library of training content that teaches cybersecurity best practices to help eradicate the risky behaviors that open the door to hackers and scammers. The platform allows training courses to be easily created and tailored for different roles within the organization. The platform also delivers training in response to security mistakes, ensuring training is immediately provided to correct poor security behavior at the time when it is likely to have the greatest impact. The training content is constantly updated using real-world examples of the latest tactics, techniques, and procedures used by cybercriminals to ensure the workforce is kept aware of the latest threats. The platform also includes a phishing simulator, that businesses can use to reinforce training. Internal campaigns can be easily configured and automated, with reports generated to demonstrate how training is improving over time. The simulator can also be configured to immediately generate relevant training in response to a failed phishing simulation.
TitanHQ also offers a range of cybersecurity solutions that provide cutting-edge protection against phishing, social engineering, malware, and other threats. These include SpamTitan antispam software to prevent threats from reaching inboxes. SpamTitan is a cloud-based email filtering service with an exceptional detection rate thanks to AI- and machine-learning capabilities, dual anti-virus engines, a next-generation email sandbox, and the information of SPF, DKIM, and DMARC to prevent spoofing. The solution also includes an Outlook add-in to allow employees to easily report suspicious emails to their security team.
PhishTitan is an anti-phishing solution for Microsoft 365 that provides excellent protection against phishing threats, adds banners to emails to alert employees about messages from external sources, and allows security teams to rapidly remediate phishing attempts on the organization. WebTitan is a DNS-based web filtering solution that prevents employees from visiting malicious web content, blocking malware and potentially risky file downloads from the Internet, and allows organizations to carefully control the web content that can be accessed on and off the network.
This Cybersecurity Awareness Month is the ideal time to improve your defenses against phishing and other cyberattacks through our anti-spam service and security awareness training platform. Give the TitanHQ team a call today to discuss these and other solutions that can help improve your security posture. All TitanHQ solutions are available on a free trial and product demonstrations can be arranged on request.