Components of DOT Security’s Services
Explore each of the core elements that combine to form DOT Security’s complete offering
See how it all comes together
DOT Security’s holistic service- A plan to get back up and running if a problem occurs
- Comply with data security laws and industry regulations
- Expert planning and training to improve overall security
- Protection for a controlled internal environment
- Coverage for individual systems and devices
- Control who can get into your networks
- Improved insight into data and communications
- Extra fortification for your most sensitive data
Risk Assessment
InsightsCybersecurity insights and analyses
Dive into the world of modern cybersecurity with explanations, predictions, and expert opinions
Find blogs, infographics, videos, and more
DOT Security insights- Definitions for industry terms and acronyms
- The complete beginner’s guide to everything cybersecurity
Cybersecurity Consulting
Cybersecurity Awareness Month 2022: See Yourself in Cyber
October 11, 2022
6 minutes
The theme for Cybersecurity Awareness Month 2022 is “see yourself in cyber,” focusing on the human element of cybersecurity. What can individuals, cybersecurity professionals, and businesses do to stay secure and make smart decisions now and in the future?
As a Cybersecurity Awareness Month champion, DOT Security feels that it’s important to join in and speak to the ever-changing threat landscape.
Sign up for our newsletter!!
In this article, we’ll explore how that landscape affects the lives of individuals as well as the existence of organizations, and how we can all sustainably operate within it.
Want to focus on your organization first? Access DOT Security’s checklist, How Covered Is Your Business?, to explore what makes up a complete strategy for keeping your company safe today.
Cybersecurity Awareness Month 2022
The Cybersecurity & Infrastructure Security Agency (CISA) and National Cybersecurity Alliance (NCA) that jointly put on Cybersecurity Awareness Month are breaking the theme down into four key steps everyone can take:
- Enable multi-factor authentication
- Use strong passwords
- Recognize and report phishing
- Update your software
Let's explore each of those steps so you can understand why they’re so important and how to actually implement them.
Enable Multi-Factor Authentication (MFA)
If you’ve ever been prompted for additional verification that you are who you say you are after entering your password on a website, you’ve used multi-factor authentication (MFA). It’s an additional level of identity and access management protection that is easier to implement than you think, and extremely effective.
When you use MFA, in addition to entering your password (or a passwordless authentication option), you’ll be asked to provide a code texted to your phone, accessed through an authenticator app, or accept the login from an alternate device.
By requiring multiple methods of verification, it lessens the impact of a bad actor who has stolen or otherwise compromised credentials. In fact, MFA can prevent 99.9% of account compromise attacks.
While not every online account you have will offer multi-factor authentication as an option, whenever you do have the choice, we suggest you opt to set it up. It can almost always be completed in just a few minutes, and the additional security it provides is invaluable.
Use Strong Passwords
A password is the primary way for users to prove their identity online. It’s probably the key to most of your accounts. But if your password is simple, easy to guess, or repeated across multiple sites, it’s easy for hackers to gain access to at least one of your profiles, if not your entire online persona.
So, what constitutes a strong password? Best practices say that it should be at least 16 characters and contain numbers, special characters, and uppercase and lowercase letters. Passphrases are more secure than passwords.
Additionally, it should be unique, so even if a hacker manages to get one of your credentials, they won’t have full access to all of your accounts. And ideally, it should be updated every 3-6 months to throw off any attackers who may have slipped past your other defenses and are laying low before doing anything harmful.
Of course, that’s a lot for just one online account, let alone the dozens most people handle on a regular basis. That’s where a password manager comes into play. Using secure software that remembers your passwords for you makes it much easier to actually follow this Cybersecurity Awareness Month 2022 suggestion without spending undue time memorizing lists of complicated phrases!
Recognize and Report Phishing
Billions of dollars in the US go into protecting companies from some of the worst threats they could possibly face, but the biggest security threat is the one sitting at the keyboards inside the office. The overwhelming majority of data breaches occur due to innocuous human error, and of those, the most common type of breach happens due to phishing attacks.
Protecting yourself from phishing is relatively simple, as long as you know what elements of a phishing scam to look for:
- Creating a false sense of urgency
- Receiving messages that you’re not expecting
- Grammar and spelling errors throughout the message
- Malicious or hidden/shortened links
- Requests for sensitive or personal information
- Suspicious or incorrect email addresses
Any one of these things isn’t in and of itself proof of a phishing attempt. But if “your friend” John Doe at ABC Company sends a sudden email urgently asking you to submit an important password through a Bitly link, particularly if the email is coming from “Jon" Doe with an address like [email protected] instead of [email protected], you should escalate it to your cybersecurity team.
Update Your Software
If you regularly click “remind me later” on your software update notifications, you’re not alone. According to the 2021 Cybersecurity Behaviors and Attitudes report, about a third of all consumers fail to stay on top of them. But it turns out, one of the best things you can do to stay secure is update your software.
These updates are often patches for a weakness in the software that has been exposed. Sometimes, those vulnerabilities are discovered by “white hat” hackers, but it usually happens when clients are actually attacked. Each update is a race against the clock to fortify as many users as possible before the bad actor can target them.
Failing to update your software doesn’t guarantee that you’ll be attacked, especially for software with a massive pool of users, like Microsoft or Google. But for Cybersecurity Awareness Month 2022, we suggest that you get in the habit of setting aside a few minutes at the end of each day to check for and install updates. It’s an easy way to keep your defenses as fortified as possible.
Even if you have next-gen antivirus (which proactively monitors, learns, and creates patches for threats before they ever reach your system), there’s no reason to make the AI’s job harder. Regularly updating your software will help it learn even more to keep you even safer.
Bottom Line
Cybersecurity is, of course, far more extensive than these four key Cybersecurity Awareness Month 2022 steps would suggest. Do you regularly scan your network for stray threats? Do you know how hackers can use information or photos shared on your personal social media profiles against you? What steps have you taken to test your backup and disaster recovery plan?
Consider working with specialists and penetration testers for the best possible plan. They can review your network and cybersecurity strategy, point out vulnerabilities, and suggest software and training for yourself and your organization that can improve your overall posture.
Before undergoing a complete risk assessment, though, you can start gaining insights and improving your security yourself. Beginning with education and basic awareness training gives you the best foundation to supplement any software, lowers the risk from personal human error, and allows you to fully see yourself in cyber.
DOT Security’s checklist, How Covered Is Your Business?, can help you begin exploring the layers of a complete cybersecurity strategy and how they can be implemented at your organization. Access it today to get started!