Technology can only do so much; it’s people who remain our greatest strength. That’s why we are taking this opportunity during Cybersecurity Awareness Month to help security professionals educate their employees on fundamentals highlighted by the National Cybersecurity Alliance, such as protecting their identities, updating their software and devices, and not falling prey to phishing schemes.3 Be sure to explore the resources and skilling opportunities in our Cybersecurity Awareness Month website, such as the #BeCyberSmart education kit with assets to help people to protect their data both at work and at home.
In today’s boundaryless workplace, comprehensive security is essential. That kind of 360-degree protection requires education and awareness to safeguard identities, data, and devices. Awareness programs help enable security teams to effectively manage their human risk by changing how people think about cybersecurity and helping them practice secure behaviors. The SANS 2022 Security Awareness Report analyzed data from more than a thousand security professionals from around the world to identify how organizations are managing their human risk. The report found that more than 69 percent of security awareness professionals are part-time, meaning that they spend less than half their time on security awareness.
According to the SANS report, cybersecurity awareness professionals should endeavor to:
- Engage leadership by focusing on terms that resonate with them and demonstrate support for their strategic priorities. “Don’t talk about what you are doing, talk about why you are doing it.”
- Consider having a 10-to-1 ratio of technical security professionals to human-focused security professionals.
- Partner with other departments in the organization—such as communications, human resources, and business operations—to help engage and communicate with your workforce.
- Make the training simple to understand and follow. “Just like working out—it’s the frequency that’s important.” And dedicate time to collecting information about the impact of your awareness programs.
In 2022, the most common causes of cyberattacks are still malware (22 percent) and phishing (20 percent).4 Even with the rise of ransomware as a service (RaaS) and other sophisticated tools, human beings remain the most reliable, low-cost attack vector for cybercriminals worldwide. For that reason, it’s vital that we all stay informed about how to prevent breaches and defend ourselves, both at work and at home.
Here are some basic steps we can all take to #BeCyberSmart:
Phishing: Deceptive emails, phony websites, fake text messages—
- Check the sender’s email address for verifiable contact information. Common phishing tip-offs include a misspelled or unrelated sender address. If in doubt, do not reply. Instead, create a new email to respond.
- Don’t click on links or open email attachments unless you have verified the sender.
- For more tips, visit the Federal Trade Commission phishing site.
Devices and software: Unpatched, out-of-date devices and software are a leading access point for cybercriminals. That’s why practicing good cyber hygiene is so important for avoiding destructive malware that can steal users’ personal information. To help keep your devices safe:
- Enable the lock feature on all your mobile devices.
- Activate multifactor authentication on your sensitive apps and accounts.
- Run antivirus software and install system updates immediately.
Scams: Criminals will often contact you seeking to “fix” a nonexistent problem. The email or text message will contain a sense of urgency, such as “Act now to avoid having your account locked!” If you see this type of message, do not click the link. And remember to always report any suspected scam so the organization can take action. A few tips to remember:
- Be skeptical of unsolicited tech support calls or error messages requesting urgent action.
- Do not follow any prompts to download software from any third-party website.
- When in doubt, open a separate browser page and go directly to the company’s webpage.
Passwords: Passwords are our first line of defense against unauthorized access to accounts, devices, and files. However, the average person now has more than 150 online accounts; password fatigue is always a danger. Some tips on how to protect your passwords include:
- Use your browser’s password generator to create stronger passwords.
- Avoid accessing personal and financial data using a public wireless network.
- Use a password manager, or consider going passwordless.
Fostering a more diverse cybersecurity workforce
As of April 2022, there are more than 700,000 vacant cybersecurity positions in the United States, with a predicted 3.5 million cybersecurity positions going unfilled worldwide by 2025.7 That’s why Microsoft continues to reach out to students, veterans, people re-entering the workforce—
This blog is an excerpt from a blog originally published by Microsoft as part of their Cyber Security month campaign: https://www.microsoft.com/security/blog/2022/10/04/cybersecurity-awareness-tips-from-microsoft-to-empower-your-team-to-becybersmart/