October is increasingly synonymous with Halloween as it is more widely observed in Australia and New Zealand. October is also dedicated to a subject that, if ignored, can have scarier outcomes than most people want to experience even on Halloween: cybersecurity. In today’s technology-infused world where the cyberthreat landscape is constantly evolving, staying safe online and protecting organisational data is an absolute necessity.
Campaigns such as Australia’s Stay Smart Online Week and New Zealand’s Cyber Smart Week, as well as other campaigns across Europe, Canada, and the US, all seek to raise awareness, change behaviours, and provide accessible resources to educate people on how to stay safe online.
Working with sensitive information is a daily task for most organisations so being aware of and understanding the risks associated with cyberattacks is imperative. It could cost organisations significant amounts of time and money, and damage their reputations if cybercriminals get their hands on such information.
There are five key ways for people to be more cyber-aware and responsible in the coming year:
- Update devices. While update notifications can come at the most inopportune times, they are necessary to ensure that patches are applied to rectify vulnerabilities. Malware such as WannaCry, which affected more than 200,000 computers in over 150 countries 3, exploited a patched vulnerability that many had not updated for two months, causing millions of dollars’ worth of damages. To reduce the risk of being the victim of the next such cyber-crimewave; update now and update often!
- Use a password manager. It is recommended that a different password is used for each login, but this can cause headaches for many people who struggle to remember so many different passwords. By using a trusted password manager that encrypts all passwords, users can still use unique passwords everywhere without worrying about forgetting them.
- Use two-factor authentication. Two-factor authentication greatly diminishes the ability of cybercriminals to gain access to devices and accounts, by adding an extra layer of security. Two-factor authentication combines something that people know, with something they have, such as a password or a fingerprint.
- Check privacy settings. Checking privacy settings is often the easiest but most-forgotten step in becoming more cyber-aware. Default settings may be lower than necessary and it is always a good idea to check these against organisational policies to ensure the privacy settings are as secure as possible without unnecessarily hindering productivity.
- Report suspicious activity. This is the cybersecurity equivalent of “If you see something, say something”. Even if unsure, any cyber-activity that does not seem right should be reported. This can be a suspicious email or a telephone request to enter login details to a website. While, in some cases, the request may be legitimate, in many cases these requests indicate a phishing attack, or worse, and need to be stopped in their tracks.
The common message of cybersecurity awareness campaigns across the world is that cybersecurity is a shared responsibility. It is no use for one person in a department to lock down all their devices and ensure that they are safe when the next person on the same server does not change their settings, leaving a wide gap for cybercriminals to walk through. By sharing the responsibility and ensuring that all employees across organisations know how to protect themselves and their work, it can be possible to stay one step ahead of cybercriminals.
In a world increasingly vulnerable to cyberattacks, advocacy campaigns are vital to educate and increase awareness around the importance of ensuring users and organisations are safe and secure online.
Nick FitzGerald, Senior Research Fellow, ESET