IBM reports that the typical time it takes an organization to identify a data breach is 206 days. They also found that the leading cause of data breaches is malicious or criminal attacks. This accounts for 51% of such incidents.
Welcome to cybersecurity awareness month. With cyberattacks on the rise, this is no time to celebrate. It is, however, a time for taking action.
Now is the time for beefing up security defenses. We are going to tell you about some things to be aware of, and how to protect your business.
Cyberattacks can ruin your business. There is no time to waste. Taking action starts now, so let's get to it.
Cybersecurity Awareness Month
Observed every October, Cybersecurity Awareness Month aims to increase awareness about the best practices for cybersecurity. It stresses the need for a collective effort to prevent scams and intrusions.
National Cybersecurity Awareness Month dates back to 2003. It began in partnership with NCSA (National Cyber Security Alliance) and CISA (Cybersecurity and Infrastructure Security Agency).
Verizon says that 43% of data breach victims are small businesses. Small businesses may not have the proper budget needed for keeping their business safe, but there are things they can do in terms of human behavioral prevention.
In fact, according to the World Economic Forum released a Global Risks Report, as much as 95% of cybersecurity breaches result from human error.
Cybersecurity in Social Media Platforms
Social media is a perfect platform for monitoring human behavior because people can share, connect, and discuss their lives and their thoughts in real-time. Businesses love using it to market, recruit, and more because it is authentic when reaching their audience, lending credibility to their organization and brand.
Unfortunately, many companies do not recognize or understand the cybersecurity risks associated with social media platforms. Organizations must know how a malicious actor will leverage information on social media to target their employees.
Once a user creates a digital profile on social media, anyone can see it, even a malicious actor that can harvest it. Plus, people are creatures of habit. They use similar usernames, passwords, and images on all social media platforms.
Unfortunately, social media users can use the same email address and username for their sensitive online accounts, too. Every piece of information you put online also increases your potential risk for a cyberattack.
You may believe that if you are not rich or famous, you are not a suitable target for a bad actor, yet you still are. Every person can be of interest to a cybercriminal.
It is a slippery slope, isn't it? Social media is designed to share information. At times, it can end up being too much, though.
The more you open up, you can become at risk of spear-phishing or an attack that is similar. Sharing makes you a target. That is because the more information a bad actor can put together about you, they can create a fake message to send you that appears realistic, either by email or text, too.
If you are looking to hire, a prospective employee with a habit of oversharing on social media could put your company at risk of a phishing attack.
Aggregating Data on All Social Media Platforms
It's more than the content you share, memes and quizzes can be a means for bad actors to collect information on you. It may seem harmless to respond to a meme, but it is not. Think about it, are the answers you are giving on social media a lot like the ones you give in your security questions?
Typical security questions like:
- First pet
- First car
- Favorite color
- Maiden and married name
While one or two pieces of information are unlikely to cause harm, if you are a prime target, the bad actor will search for everything. Anything you share publicly can be of use for a cyberattack.
Believe it or not, IT security professionals now leverage special search engines that cater to a security researcher's needs. These search engines are helpful for browsing valuable information that your team can use in security operations.
What can a cybersecurity professional find on these special search engines? Items like:
- Exposed internet devices
- Track threats
- Analyze vulnerabilities
- Preparation for phishing simulations
- Finding network security breaches
Plus a lot more. Why is this so important? When beefing up your security defenses, you want to start by collecting information for security.
To defend an organization's privacy and data from a potential breach, your team must be able to analyze potential threats. It is a process that has a couple of goals.
One: To gather data related to the system, such as operating system hostnames and system types. Plus, gather system banners, enumeration, system groups, and more.
Two: To collect network information. This includes information that is public, private, and associated network hosts, like:
- Domain names
- Routing cables
- Private and public IP blocks
- Open ports
- SSL certificates
- UDP and TCP running services
This is among other information as well. There is a tremendous benefit to gathering such details for your cybersecurity team.
Search engines such as these will give professionals an idea about any devices that are connected to your network, the associated user or users, and their location. This helps cybersecurity teams to secure them.
If IT professionals find a discrepancy, it will give them an opportunity to block an unwanted user or system. This protects your business's network. You can discover vulnerabilities and fix them before it becomes an issue for your security.
Use a Strong Password
When protecting your sensitive information, you want your organization and your staff to practice using good, strong passwords. There are some common mistakes one must avoid, like choosing a password based on personal information or choosing something that is easy to remember. Unfortunately, this method is easy for a hacker to crack.
Think about a four-digit pin for a moment. If it is some combination of a birthdate, address, or phone number, this can be easy to uncover.
For an email password, common words that someone can find in a dictionary or phrases are easy to discover by a cybercriminal. Intentionally misspelling something is okay, but an even better way to create a password is to leverage a series of words and choose the first letter from each word to help you decode it.
It's a lot like the brand "Adidas." The acronym derives from "All day I dream about soccer."
Next, when choosing a strong password, it must contain both length and complexity. NIST suggests you use the longest password that an account will permit you to use.
Plus, include both upper and lowercase letters. In addition, include numbers and special characters, too.
When you create a good, strong password, it is tempting to reuse it and make it easier for you to remember when logging in to multiple accounts. Especially since it is cybersecurity awareness month, we will give you a resounding response to this. Don't do it!
Just as much as a weak password puts you at risk, so does reusing a password.
As many methods there are to strengthen a password, sometimes you need to add a layer of protection, anyway. This is where 2FA comes in, or two-factor authentication. It requires over one login credential, not just the username and password.
If a user does not have the second layer of a credential, then the account cannot be accessible. It is now impossible for a hacker to enter an account with just a stolen password.
Two-factor authentication has three main types:
- Additional credentials that the user would already know, like a security question or PIN.
- Devices that the user possesses, like a mobile phone app or security token.
- Biometric details like a fingerprint or retina scan.
The type you choose is up to your organization. You can base the method on what works best for your employees.
Usually, the device method is the most common. Some employees dislike the biometric technique, as it feels that the employer is violating their privacy.
Ready for Cybersecurity Awareness Month? We Are!
Here at NETdepot, we could not be more excited for Cybersecurity Awareness Month. There is no better time than the present for beefing up your defenses. A good place to start is education.
You can train your employees on how social media platforms can lead to data breaches. Search engines can help your cybersecurity team locate vulnerabilities and stop a breach before it starts. Plus, do not forget to use strong passwords and two-factor authentication for better account security.
While these tips are all great, it is just the start. NETdepot can help your organization with cybersecurity.
We supercharge your security posture with our customer cybersecurity platform. Contact us now and learn more.