Thycotic Telephone Number +1-202-802-9399 (US)
The Lockdown

Thycotic’s Cyber Security Blog

Trick or Treat? Stay safe during National Cybersecurity Awareness Month in October, and beyond

Written by Joseph Carson

October 8th, 2019

Ah, October! Summer has officially come to an end and we’ve quickly moved on to jumpers, football, and pumpkin everything.

October is also National Cybersecurity Awareness Month. The theme for 2019 is “Own IT. Protect IT. Secure IT.”  But it needn’t be scary, and the tricks or treats you get at the end of the month should be the fun and entertaining variety—not something that poses a risk to your online identity or IT security.

Learn the ‘tricks’ that will help keep you, your family and your organization’s information safe

Let’s review some key methods to own, protect and secure IT so you can keep you, your family and your organization’s information safe this October, and the whole year through.

Strong Passwords: The Foundation of your Personal Cyber Security Strategy

Passwords are a daily part of life. We need them to log in to email, social media accounts, work computers, bank accounts, and just about everything online. And many of us have a favorite password we reuse across a number of these accounts. But that’s incredibly risky! Creating a unique password for each account is key to personal and company security.

Another key component is passphrases. They are longer and harder to hack, but easier to remember. A good example of a passphrase is (though please don’t use this as your password because it’s now no longer a secret.)

pinKie13complAin65Vanilla#b0st0n

Your password or passphrase should be at least 16 characters in length to minimize the risk of a cyber-criminal cracking your password using a brute-force attack.  The longer your password is, the more complex. And using unique passwords for each account makes it more difficult, time consuming and costly for cyber-criminals to target you as a victim.  We must not make it easy for them, and these key methods make it more difficult.

Your company may have defined password policies that you must adhere to. Sometimes these policies meet best practices for password strength, but not always. Don’t be afraid to use more characters or complexity than those policies define. It will increase the security of your passwords.

Multi-factor Authentication: Cyber Security Goes Beyond Strong Passwords

How can you further secure important accounts? Multi-factor authentication provides an additional layer of security and is available with many online systems, applications, and websites. Multi-factor authentication, or MFA, requires two or more independent factors to gain access; these factors include knowledge (usernames and passwords, PINs), possession (security token, key fobs, ID cards), inherence (biometrics, such as retina or fingerprint scans), location, and time. This means that even if your password is compromised, an attacker still needs to clear one or more authentication steps before they’re given access.  It is also important to note that biometrics should not be the only security factor as they are not secrets and should therefore be combined with additional security factors.

Password Managers: Because a Robust Cyber Security Strategy Could Still Use Some Help

With so many passwords to remember, a password manager will help you out in a number of ways beyond saving your memory and reducing cyber fatigue. A password manager securely stores your credentials and passwords, automatically creates new complex passwords, and allows you to update passwords when needed. Generally, you should change passwords every six to twelve months, and immediately after being notified of a breach. Most password managers provide a report on password age and strength, so you have easy visibility into which passwords need to be changed, as well as possible weak passwords and breached passwords.

Note: I do not mean using the password extension in your favorite browser, as most of these have vulnerabilities that could lead to your passwords being stolen.

Phishing: The Trick That Even the Cyber Genius Fears

Now that your passwords are complex and long, are secured by multi-factor authentication, and are stored in an encrypted password manager, you’re all set, right? Wrong!  We still see frequent attempts to get you to provide your credentials to an unauthorized party through phishing. And even those with elevated cyber security awareness have been known to slip up when it comes to this trick.

These attacks keep getting more and more authentic-looking

Phishing is a cyber-crime where you are contacted via email, messenger apps, social media, telephone, or text message by someone posing as a legitimate contact or institution. The idea is to lure you into providing sensitive data, such as personal identifiable information, banking and credit card details, and passwords, or clicking on a malware attachment. And these attacks keep getting more and more authentic-looking.  It is important to always be suspicious and think before clicking.

To help prevent yourself from becoming a phishing victim, do these things:

  • Check for spelling and grammatical errors
  • Ensure the “from” address matches the actual domain
  • Don’t click links or attachments in emails unless you’ve confirmed they’re legitimate
  • If an email seems suspicious, reach out to that person via a separate communication or phone directly to confirm they sent it
  • If you can’t verify the email’s authenticity, report it to your IT security team or to your email provider

Remember, if an email seems unusual, always check its authenticity BEFORE acting on anything the email is asking you to do.

Cyber Security Awareness Training for Employees

Employee cyber security habits can be alarming and create significant risk, so many organizations offer cyber security training and awareness programs that employees can apply to both company and personal account security. Take advantage of this training. It will teach you how to look out for the creative new techniques cyber-criminals are using to target your information, so you don’t fall victim to an attack.

Free IT Tools

Thycotic reduces companies’ risks from cyber-attacks by developing innovative solutions that secure privileged access across the modern enterprise. Our passion is making you a self-sufficient security champion, so we make available these free IT tools and educational resources to help secure your organization’s passwords, secrets, and privileged accounts:

  • Browser-Stored Password Discovery Tool
  • “Cybersecurity for Dummies” digital book
  • Secret Server Free password vault
  • Weak Password Finder for Active Directory
  • Security Policies Template for Privileged Passwords
  • Privileged Access Management Maturity Assessment

About National Cyber Security Awareness Month

Held every October, National Cyber Security Awareness Month (NCSAM) is a collaborative effort between government and industry to raise awareness about the importance of cyber security, and to ensure that you have the resources you need to be safer and more secure online, both at home and at work.

NCSAM 2019 emphasizes personal accountability and stresses the importance of taking proactive steps to enhance cyber security at home and in the workplace. This year’s overarching message—Own IT. Secure IT. Protect IT.—focuses on key areas including citizen privacy, consumer devices, and eCommerce security. Learn more about National Cyber Security Awareness Month  and download the great security resources offered by NICCS.

What does cyber security like this cost?
Not as much as you think.

Get a quote for the ONLY enterprise-grade PAM solution available both in the cloud and on-premise.

 

Like this post?

Get our top blog posts delivered to your inbox once a month.

SHARE THIS


The following two tabs change content below.

Joseph Carson

Joseph Carson has over 25 years' experience in enterprise security, is the author of "Privileged Account Management for Dummies" and "Cybersecurity for Dummies", and is a cyber security professional and ethical hacker. Joseph is a cyber security advisor to several governments, critical infrastructure, financial and transportation industries, speaking at conferences globally. Joseph serves as the Chief Security Scientist at Thycotic.