Creating a strong password for better cybersecurity

Cybersecurity awareness month: What’s the least you should be doing?

Every October is cybersecurity awareness month. The cybersecurity awareness month was created by the U.S. Department of Homeland Security (DHS) and the National Cyber Security Alliance (NCSA) in 2004. The objective was, and still is, to ensure that all Americans have the resources they need to stay safe online. Today, in its 18th year, the initiative is co-led by the NCSA and the Cybersecurity and Infrastructure Agency (CISA) and still holds the overarching theme— “Do Your Part. #BeCyberSmart.”

Cybercrime is one of the most damaging threats facing businesses today. A recent survey shows that 50 percent of business leaders and 26 percent of employees highly prioritize cybersecurity. Given the ever-increasing threat surface, data breach costs, and data protection legislation, you should make cybersecurity a constant priority in your organizations, too. Get in the cybersecurity spirit this October by ensuring you have these basic security measures in place:

Get creative with passwords

Hackers have several ingenious techniques for cracking account passwords, such as:

  • Dictionary attacks
  • Keylogging
  • Password spraying
  • Credential stuffing
  • Rainbow table attacks
  • Brute force attacks

Strong passwords are more challenging to crack than weak ones. Develop and enforce a firm password policy to prevent user credentials from falling into the wrong hands. Such a policy should primarily check for password strength and reuse.

Enable multi-factor authentication (MFA)

Even with a firm password policy, passwords alone are not secure enough to stop intruders. For instance, credentials can get stolen, shared, or lost. Multi-factor authentication gets around these problems by requiring users to provide additional verification information besides the correct credentials. This additional information could be a one-time password sent via email or text message, biometric scan, geographical location, or security questions to prove a user’s identity.

Update to the latest security software

One of the most straightforward cybersecurity measures you can take is simply updating your software applications and security tools to their latest versions. New updates usually come with more or better security protocols and patches for known and unknown vulnerabilities.

Limit the information you post on social media

Social media is a public domain where anyone can see your posts and engagements. It’s important to check the amount and nature of information you share online not to give cybercriminals any ideas. For instance, disclosing an employee’s contact information could set the stage for elaborate phishing attacks.

Keep tabs on your endpoints

Check that all your endpoints are secure by monitoring them and ensuring they’re running safe, up-to-date apps, firewalls, and antimalware. Prioritize endpoint security, especially if you allow employees to work from home or use their own devices in the workplace.

Ensure legitimate networks

The security protocols on your corporate network can make all the difference between stopping a threat or spreading it throughout the organization. The basis of network security involves:

  • Preventing unauthorized access.
  • Minimizing lateral movement within the network.
  • Monitoring the traffic to catch early signs of an attack.

Educate your staff

Employees are the Achilles’ heel of corporate cybersecurity. Most data breaches occur due to human error, negligence, or lack of know-how. Employees can fall for social engineering scams, neglect security guidelines, or make poor decisions that jeopardize the company’s digital assets. Turn this weakness into a strength by educating your staff on cybersecurity best practices. For example, their roles in cybersecurity and the importance of observing security guidelines.

Maintaining robust cybersecurity is an involving and continuous process; there are so many factors to consider and measures to implement. To ensure your organization stays on track with what needs to be done, download this cybersecurity checklist and look it over with your IT provider or security team. Ask them if their security efforts cover this entire list. If they don’t, reach out to KME Systems to fill in any security gaps.