October is celebrated as Cybersecurity Awareness Month across the globe. The aim of this annual campaign is to spread awareness about best practices for staying secure online.
A brief background
In October 2004, the National Cybersecurity Alliance and the United States Department of Homeland Security declared October to be National Cybersecurity Awareness Month, which aims to promote awareness of the significance of cybersecurity and provide resources to assist Americans in remaining secure online. The global reach of the month-long campaign to educate and empower the public to protect their data and privacy online has now expanded beyond national lines as corporations and government agencies from around the world join the effort to educate and empower the public.
Zoho Corporation and cybersecurity
Both of the key divisions that make up Zoho Corporation—Zoho (software for businesses) and ManageEngine (software for IT management and security)—provide services to millions of customers all over the world. Our products, our employees, and our business processes reflect our commitment to providing a secure environment for our customers and other stakeholders.
This year, Zoho is pleased to announce its participation in the Cybersecurity Awareness Month campaign, where, along with our employees, customers, and partners, we seek to significantly enhance our cybersecurity online both at work, and at home.
This year's theme: "See Yourself in Cyber"
The slogan "See Yourself in Cyber" for the 2022 campaign illustrates that each person is responsible for their own online activities. This October, the focus is on the "people" aspect of cybersecurity, giving knowledge and tools to educate and guarantee that all individuals and organizations make prudent decisions on the job and at home—now and in the future.
The objective of this year's campaign is to have everyone apply the following four measures to improve online security:
- Enable multi-factor authentication
- Use strong passwords
- Recognize and report phishing
- Update your software
Organizational practices such as remote and hybrid work cultures, BYOD (bring your own device) and even bring your own SaaS have blurred the barriers between the private and professional environment. Both employers and employees must protect the security of their devices and digital space even while they are not at work.
95% of cybersecurity breaches are caused by human error. (World Economic Forum)
Let’s see how we can leverage tools and practices to improve online security:
Enable multi-factor authentication
We’re all required to have passwords to access our email systems, social media, work applications, and online banking accounts. However, the reality is that passwords no longer provide an adequate level of protection when used on their own. Password managers are now required.
Did you know:
- 90% of passwords can be cracked in less than six hours.
- 92% of organizations have credentials for sale on the Dark Web.
- 81% of hacking-related breaches used stolen passwords and/or weak passwords.
Multi-factor authentication (MFA) is a method of authentication that requires the user to prove their identity in two or more ways before they can use any application or company resources or a VPN. Multifactor authentication makes it more difficult for the ordinary criminal to steal your information.
In addition to the username and password, MFA requires users to provide more proof of identity using methods such as one-time password (OTP) over short message service (SMS), OTP over email, push notifications, authenticators (e.g., Google, Microsoft, Zoho), and more.
Use strong passwords
The Password Security Report reported that SMB employees deal with over 85 work passwords and employees at larger companies deal with over 25 passwords.
On average, 37% of people deal with more than 20 passwords at a time. According to a vendor survey, online users have around 100 accounts linked to one email, with this number doubling every five years.
Creating strong passwords is an easy way to improve your cyber security. Strong passwords include one uppercase letter, one lowercase letter, at least one number and 11 or more characters. Be sure to use different passwords for different accounts.
Here’s an interesting article by TechJury on how to be creative and create a strong password. The author demonstrates the ideal technique to establish a difficult-to-crack password by translating an easily remembered sentence into a code.
As an illustration, he constructs a strong password, “Ihv1Wf&2Kds,” from the sentence “I have a wife and two children.”
You can also use a random password generator tool, such as password generator by Zoho Vault, to define your password parameters and efficiently create multiple strong passwords with cryptographic, secure random values that cannot be predicted by attackers.
Using a password manager is the most effective approach to generate and manage strong passwords for the growing number of online accounts. Password managers, such as Zoho Vault, save your usernames and passwords in a secure, encrypted database. When a new password is required, you might receive a suggestion that is automatically saved in the password manager.
A password manager liberates you from storing notebooks or Excel sheets with your most critical passwords and requires you to remember only one password to unlock the password manager vault. You can learn how to make the best use of a password manager from this beginner’s guide by Zoho Vault.
Recognize and report phishing
Be wary of unsolicited emails. Email phishing is currently one of the most widespread threats to the regular user.
Check out our recent blog to know more about the significant dangers to an email system—including spamming, spoofing, and phishing—and how users can proactively spot these assaults in their email and take steps to avoid them.
NIST defines phishing as a technique for attempting to acquire sensitive data, such as bank account numbers, through a fraudulent solicitation in email or on a website in which the perpetrator masquerades as a legitimate business or reputable person.
According to a recent analysis by INKY, Microsoft is the most impersonated brand, with Microsoft-related phishing emails accounting for about 70% of brand impersonation phishing attempts in 2020. Zoom, Amazon, Chase Bank, and RingCentral follow in second, third, and fourth place, respectively.
The purpose of a phishing email is to obtain information about you, steal your money, or infect your device with malware. Be wary of all unsolicited emails that request your financial or personal details, lead you to click on links and download software, or those that impersonate a member of your family, a close acquaintance, or a coworker.
Certain email platforms allow users to report phishing attempts. If you suspect an email is an attempt to phish for your information, you should report it immediately. If the phishing email was sent to your work email, notify your IT department immediately. For instance, in Zoho Mail, you can mark an email as spam, report phishing, block and reject future mails, or report phishing by selecting the dropdown next to the reply tab.
You can also report to the admin as you encounter harmful scripts or tags or emails with fraudulent display names and cousin domains and have them set up organization-level filters. Ensure to check the sender’s name and domain name for spelling errors and an ‘External’ tag in the case of work email before clicking on suspicious links.
An Automox survey revealed that phishing attacks accounted for 36% of breaches, followed by missing OS patches (30%), missing application patches (28%), an OS misconfiguration (27%), an insider threat (26%), credential theft (22%), and brute force attacks (17%).
Check out the blog post titled "What's your email security awareness score?" to see how IT departments and email administrators may leverage Zoho Mail's security settings and capabilities to prevent various email security threats.
Update your software
Updating your software and applications is one of the simplest ways to safeguard your data.
Vulnerabilities in software, firmware, or hardware (caused by software programming errors) are exploited by malicious actors to perform unauthorized actions within a system. Utilizing these flaws, attackers infect computers with malware or conduct other malicious actions.
Network defenders are working diligently to fix them as soon as possible, but their efforts depend on all of us updating our software with their most recent patches.
The operating systems of your mobile phones, tablets, and laptops should be brought up to date. Additionally, update your applications, particularly your web browsers, on all of your devices. Enable automatic updates for all hardware, software, and operating systems.
Ensure your office device or BYOD device has an office-provisioned endpoint management tool such as ManageEngine Endpoint Central or Mobile Device Manager Plus installed so the IT team can deploy updates and patches as soon as they are available.
Individuals and teams may sign up for a free trial or enroll in the "freemium" version of a product without involving IT, resulting in a shadow IT system within the organization. According to data on shadow IT compiled by Productiv, 43% of an organization's applications aren't managed or purchased by IT and lack security features.
Inform your IT department or system administrator of all of your and your teams' shadow applications within the workspace. Ensure that the IT department is involved in the evaluation of all applications you or your team intend to implement. The IT team will be responsible for the secure implementation and configuration of the tool, as well as the application's overall governance.
Summing up: A month of cybersecurity awareness
Take the time to educate yourself on hacks, breaches, and leaks along with their backstory and the consequences. Staying informed about cyber events and crimes enhances our knowledge of cybersecurity and enables us to protect ourselves and our workplace more effectively.
It can be overwhelming to learn about cybersecurity and incorporate good security practices into your daily life. Nonetheless, you can complete your cyber hygiene in increments as well as continuously throughout the year.
Check out these entertaining quizzes, games, and e-cards that ManageEngine has created as part of their cybersecurity awareness campaign 2022. ManageEngine is a division of Zoho Corp that offers IT management suite of software.