October is Cybersecurity Awareness Month
Our chance to sharpen our cybersecurity skills, learn ways to avoid security threats and have some fun while we’re at it!
We are rolling out the red carpet by sharing helpful tips and resources to help you stay safe and secure, whether at work or at home.
If you have any questions about cybersecurity or spot something suspicious, ask us! We’re here to help.
Recognizing and reporting phishing
The reviews are in: phishing is popular among hackers and can be catastrophic for organizations. Phishing makes up 44% of social engineering incidents, and 98% of phishing incidents are via email. But it isn’t enough to simply know that phishing emails are out there; you also need to be able to recognize and report them. Let’s preview some of the scripts used by hackers in their big heists this year:
- Emails that contain an offer that’s too good to be true
- Language that’s urgent, alarming, or threatening
- Poorly-crafted writing with misspellings and bad grammar
- Greetings that are ambiguous or very generic
- Requests to send personal information
- Strange or abrupt corporate communications
- Sending e-mail address doesn’t match the company it’s coming from
If you suspect an email is phishing, it’s best to report it using the Report Phish button in Outlook or open a ticket with the Helpdesk!
Using strong passwords and a password managers
Just like you need a unique ticket for each movie you attend, you should also have a unique password for all your online accounts. Don’t reuse the same password across websites. If one of those sites gets compromised, hackers will also try that password on other sites. No matter the account, all passwords should be created with these three words in mind:
- Long — At least 12 characters
- Unique — Never reuse passwords. Each account needs its own unique password
- Complex — Use a combination of upper- and lower-case letters, numbers and special characters. Some websites will even let you include spaces.
If you haven’t already, install a password manager — never write passwords down. Password managers not only let you manage all your online accounts’ unique passwords, but they have some other advantages:
- Saves you time
- Works across all your devices and operating systems
- Protects your identity
- Notify you of potential phishing websites
Popular password managers include 1Password, LastPass and others. Be sure to check with your organization manager to ensure you are compliant with any company policies.
Updating software
We see movies being remade constantly on the silver screen to stay relevant. Just like our favorite reboots, our software and apps want the latest and greatest updates to stay secure. These updates fix general software problems and provide new security patches where criminals might get in.
Please Note: When downloading a software update:
- Only get it from the company that created it. Hacked, pirated, or unlicensed software versions often contain malware and cause more problems than they solve.
- Make sure the software or application you’re updating is approved by your organization. If you are unsure please contact our team for more information.
It is advised to turn on automatic updates. When an update is available, it will give you a reminder so you can easily start the process.
Enabling multi-factor authentication
Multi-factor authentication (MFA) is a security measure that requires anyone logging into an account to navigate a two-step process to prove their identity -- usually via a push notification; think of MFA as a sequel to a password. Remember: two factors are better than one.
How it works: When logging into your account, you first provide your password or passphrase. Next, you will provide an extra way of proving that you’re you; this is typically done through:
- An extra PIN (personal identification number)
- An extra security question like, “What’s your favorite pet’s name?”
- An additional code, either emailed or texted
- A biometric identifier like facial recognition or a fingerprint
- A unique number generated by an “Authenticator App”
- A secure token is a separate piece of hardware (like a key fob that holds information) that verifies a person’s identity with a database or system
Tuesday Training… "Removeable Media”"
What do USB drives, removable hard drives and phones have in common? They are all considered forms of removable media, and they can all be dangerous. Get the facts on removable media today.