As Cybersecurity Awareness Month kicks off in October, it’s a great time to remind everyone at your company to practice cybersecurity awareness to protect against cyberattacks and data breaches. Of course, there’s no completely foolproof way to keep threat actors from attempting to infiltrate your network. But taking these four preventative steps can significantly reduce your cyber risk.

Use strong passwords

Using strong passwords is an easy way to safeguard your apps and digital accounts. At Pondurance, we recommend that users choose passwords with at least 16 characters including uppercase, lowercase, numbers, and symbols. Also, we suggest that users choose a unique password for each of their accounts and never reuse their personal passwords for company accounts.

Like most people, you probably have dozens of accounts with passwords, and remembering all those passwords is a difficult task. That’s where the use of a password manager comes in. A password manager program generates strong passwords, stores them, and autofills the passwords. That way, you don’t have to remember your passwords or write them down. But be sure to use a strong master password that you can easily memorize for the password manager account.

Implement MFA

Turning on multifactor authentication (MFA) can make it especially tough for a threat actor to access your accounts. That’s because MFA requires two or more factors, such as a password, PIN, or verification code, to authenticate your identity at login. The added layer of protection may be the single most important thing you can do to defend against threat actors. Your company should have MFA implemented on every device to avoid being vulnerable to exploitation.

MFA has even become a strict requirement to qualify for a cyber insurance policy. Increasingly, cyber insurers want to see that companies have MFA implemented on every device on a company’s network.

Identify phishing

The Pondurance security operations center (SOC) team ranks phishing as the top method of credential compromise for email users. During a phishing attack, a user gets an email from someone claiming to be a known, reliable source and is fooled into providing credentials, such as passwords, credit card numbers, or bank accounts. The team reports that phishing emails with a financial lure are common fraud schemes during tax season, and malware delivery via phishing emails is an increasing threat. FBI data confirms the team’s conclusions, showing that phishing/spoofing is reported over five times more often than any other type of cybercrime.

In past years, phishing emails were often easy to identify due to their awkward language and poor grammar. Today, it’s not as easy to distinguish a phishing email. Artificial intelligence (AI) services, such as ChatGPT, are now making phishing emails more difficult to detect because AI helps threat actors use convincing language and proper grammar in the email text.

To reduce the risk of an attack, the SOC team suggests that you set inbox rules to detect any unauthorized activity and provide user awareness training for everyone at your company. User awareness training helps your employees, executives, and board members identify phishing emails and learn how to report suspicious activity.

Make updates

Updates fill the gaps or vulnerabilities that threat actors look to exploit in operating systems, software, and apps. Making updates can fix security bugs, protect against malware, improve performance, and more. The cybersecurity team at your company should stay informed about newly disclosed vulnerabilities and perform needed updates and patches as quickly as possible to keep threat actors out of your network.

Conclusion

Making cybersecurity awareness a priority at your company can help you protect against cyberattacks and data breaches. Using strong passwords, implementing MFA, identifying phishing, and making updates are four preventative steps that can significantly reduce your cyber risk during Cybersecurity Awareness Month and all year long.

Author Bio: Mike has enjoyed a career of more than forty years of operations and sales experience in the information technology and cybersecurity industry at IBM, Siemens, Sprint, and AT&T as well as several smaller and startup businesses. He has spent the past twelve years at Pondurance helping organizations tackle the challenges of cybersecurity to better protect their clients and their hard-earned brand reputation. Mike is active in the Central Indiana Information Systems Security Association (ISSA) chapter and is a member of InfraGard, a partnership between the FBI and members of the private sector.