Did you know that October was Cybersecurity Awareness Month? Comprehensive cybersecurity education is an important part of strengthening cyber defenses for governments, businesses, and individuals. It is increasingly important for everyone to have access to actionable, engaging resources that can help them level up their cybersecurity practices.
To that end, the Be Cyber Smart Kit helps organizations and consumers be cyber smart through shareable videos, infographics, and more. Keep reading for tips to keep you and your organization secure all year round.
Your Best Password Is You
Did you know that password attacks were the most commonly observed type of threat in 2021, clocking in at 34,740 attacks every minute? Today’s hackers don’t break in — they sign in. That’s why we encourage our customers to use passwordless sign-in methods, physical security keys, and biometrics whenever possible. They are more secure than traditional passwords, which can be stolen, hacked, or guessed. They can also greatly reduce the risk that comes with having to create and secure multiple unique passwords for all of your organization’s various accounts.
If you do use passwords as part of your sign-in process, here are five tips for making them as strong as possible:
- Create a password that is at least 12 characters long (but 14 or more is better).
- Use a combination of uppercase letters, lowercase letters, numbers, and symbols.
- Don’t choose a word that can be found in a dictionary or is the name of a person, character, product, or organization.
- Pick something significantly different from your previous passwords — and never reuse the same password for multiple sites.
- Choose passwords that are easy for you to remember but difficult for others to guess.
Once you’ve created your password, keep it as secure as possible. Hackers will often target companies by attempting to trick individual employees into revealing their security logins. You can better protect your organization against password attacks by updating passwords frequently, encouraging employees to access websites only through trusted links, and reminding employees not to share their credentials via insecure channels like email or instant messages.
Protecting Identities, Devices, and Data
Along the same vein as increasing password attacks, we’re also seeing a rise in identity theft. The days of easily identifiable spam emails are quickly slipping away. Today’s threat actors are growing savvier when it comes to stealing identities to hack into devices and networks.
Many of us know to be skeptical of messages that include links or come with attached files, especially when the sender asks for personal information. But it bears repeating that you should never open an unexpected attachment, even if it appears to be coming from a trusted person or organization. If an employee is concerned that the message is important, encourage them to reach out to the sender directly — either by calling them or going to the organization’s official website for their contact information.
When part of a legitimate request, personal information should ideally be shared in real time — either in person or over the phone. It is recommended that you use encryption tools when sensitive information absolutely needs to be shared via email. Employees should also be wary of sending system definition files through insecure channels because attackers can use them to breach your digital landscape, corrupt organizational processes, and make your environment more vulnerable.
We recommend organizations strengthen their cybersecurity by installing software updates as soon as they are released. Many app, browser, and operating system updates contain security fixes for currently active issues, so installing them promptly is an important part of maintaining the latest security standards. You can further reduce your company’s attack surface by eliminating unnecessary Internet connections, restricting open ports, and using scanning tools to check your digital environment for potential weaknesses.
Ultimately, while Cybersecurity Awareness Month might only last 31 days, promoting the importance of a secure online environment is a year-round job. It comes down to all of us being cyber defenders — whether we represent a global corporation, a family-owned business, or even an individual consumer. Let’s be cyber smart together!
Read more Partner Perspectives from Microsoft.