October 1, 2022
By: Jason Middaugh

Lean Into Cybersecurity Awareness Month with These Two Key Tips

For an 18th consecutive year, October has been declared the National Cybersecurity Awareness Month. The month-long initiative is designed to raise awareness in helping both businesses and individuals protect themselves online from the many threats that seek to target their technology infrastructure and their personal or confidential data. 

The initiative was born in 2004 due to a partnership between private organizations and the federal government. Today, the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA) lead a collaborative effort between industry leaders and the government to direct Cybersecurity Awareness Month. The program typically implements themes to spotlight particular concerns and key points that address hot-button cybersecurity topics. 

The theme for 2022 is ‘See Yourself in Cyber’ and aims to direct the focus on people in improving cybersecurity. Individuals can take steps to further protect their online information and privacy. Vendors and suppliers can protect their brand and reputation with strong controls to prevent an incident at their business or further down the supply chain. Infrastructure owners and operators need to understand they are part of a larger network of systems and can provide critical support. 

National Cybersecurity Awareness Month hopes to drive home four key concepts in 2022: 

  • Enable Multi-Factor Authentication 

  • Use Stronger Passwords & Manage Them 

  • Update Your Software 

  • Recognize & Report Phishing 

Today we’ll dial in on the first two concepts and illustrate why they’re necessary for everyone, from IT departments to individuals.  

Combat the FBI’s No. 1 Cyber Threat: Business Email Compromise consistently remains the top online danger for organizations. Learn more about it, and solutions to address it, in our free ebook. Download it here. 

Institute These Two Changes for Cybersecurity Awareness Month 

The strengths of the two concepts we’ll detail below — Multi-factor Authentication and password management — is that they’re applicable for both individuals and organizations. Taking these steps on an individual level will reduce risks associated with all manner of online activity, from shopping and financial transactions to correspondence and entertainment. When utilized by businesses, both steps greatly enhance security resilience and lessen the chances of a breach or compromise at an organizational level.  

Take the Extra Step 

Multi-factor Authentication (MFA) is a security method that requires the user to provide two or more verification factors to gain access to an application, online account, website, VPN, or other resource. Rather than just submitting your username and password, MFA requires additional authentication to complete the process. This additional authentication can take many forms, like the use of one-time passwords (those codes you receive via SMS or email) or utilizing biometrics (like a fingerprint scan on your smartphone). 

MFA is a cornerstone of a strong Identity and Access Management (IAM) policy for businesses and many companies now require it for access to work applications and email accounts. The use of MFA adds another layer of protection — exponentially higher than username and passwords alone —  and decreases the likelihood of a successful cyber attack.  

But MFA is only effective if used. You should turn on MFA everywhere you are online — whether that is for remote access to your corporate network, your banking app, your personal Amazon account, or your own personal email account. MFA is seen as a huge deterrent for hackers, who will often move on to another less protected target than take the time and resources needed to work through the additional security layer. 

Change those PWs, and Keep Track 

Keeping track of the dozens (maybe hundreds) of passwords you need in your daily life is a frustration understood by everyone. Every app, every streaming service, every retailer and virtually every space online will require you to have (or set up) a username and password to use the service. It’s tempting and easy to develop a ‘go-to’ password — your pet’s name and graduation year anyone? — to make managing them all less aggravating. 

Few realize how often they use the same password, or an easily deduced combination, when setting up online accounts and services. However, it’s important to remember that each and every website, application and service you enter needing a password also leaves a potential opening. Hackers can exploit that opening, and if you’re using the same password for multiple accounts then your vulnerability expands dramatically. You may have forgotten about that free newsletter you signed up for years ago. But did you reuse those credentials for another, more vital, account or service? 

So, what can you do? Using a password manager helps you by creating unique passwords every time you need to create one, and helps you keep track of them. Password management services do more than greatly reduce your risk by ensuring every password is siloed; they can improve your user experience by taking the management of all those unique combinations off your plate and provide options to sync across all your devices so you’re never left without access. There are many affordable, and even free, options in this space to explore.  

It’s Worth the Effort 

Turning on MFA and managing passwords does require some extra effort, both from individuals and organizations. It can be a hassle to set up a password manager and no one likes having to go find that access code and input it before you get your online shopping spree underway. But the risk and cost of failure is simply too high to ignore. Imparting knowledge about those risks is one of the primary goals of this year’s National Cybersecurity Awareness Month. 

Consider the damage that can be done to your personal finances if a criminal gains access to your accounts. For example, a hacker could figure out one of your commonly used passwords through a secondary account or service — perhaps through a brute force attack. They will apply that password to any number of outlets across the internet and, if you haven’t changed passwords or enable MFA, they’ll be far more likely to gain access to financial or banking information. From there, they would be able to divert funds, transfer accounts, or divert payments — leaving your finances in tatters and perhaps even unaware of the damage until it’s complete.  

Taking these extra steps are essential to doing everything you can to protect yourself and your organization and deter malicious actors.  

Increase 24/7 Protection for Microsoft 365: It’s possibly the most popular productivity solution on the planet. Make it more secure with an assessment from Inversion6.  

Inversion6 Tackles Your Cybersecurity Concerns, Every Month 

Cybersecurity Awareness Month is a great time to re-visit and examine your overall security posture. Inversion6 has decades of experience and industry experts who give your business the confidence to improve your cybersecurity systems in a tumultuous online environment. From simple, easy-to-implement solutions and advice to cutting-edge technology, we collaborate with you to find specific tools to help you improve your security posture and serve your business interests and goals 

We understand that cybersecurity isn’t a one-size-fits-all proposition and requires consistent commitment. For us, every month is cybersecurity awareness month. Inversion6 is the proven risk management provider that brings a full suite of information security services to help you define your strategy, deploy the right technology and protect you from malicious attacks. From fractional CISOs to full-service MSSP, we partner with you to protect your business at every level. 

Connect with Inversion6 today to talk to one of our experts and learn how to improve your cybersecurity practices. 

Post Written By: Jason Middaugh
Jason Middaugh has been involved with information security and management systems for more than 20 years. As an experienced Chief Information Security Officer (CISO) and technology executive, Jason has been heavily involved in leading the transformation and management of information security, cloud services and more by advancing technology strategies. Jason is a Certified Information Systems Security Professional (CISSP) and has been with Inversion6 as a CISO since 2019.

Related Blog Posts

Let's TALK

Our team of experts in information security, storage, and networking works alongside your team to implement technology solutions that are smart, flexible, and customized to fit your needs. Ready to learn how we can help strengthen your technology environment? Fill out the form below to get started.