While most people think of October as the crux of autumn and the month to celebrate Halloween, it’s also Cyber Security Awareness Month, or “Cyber Month.” This month is meant to be a time to learn about the dangers in our cyber world and what we can do to protect ourselves and our workplaces.
Cyber Month began in 2004 in the US and has since become a much larger, global event–especially as we spend more and more time online. These days, cyber security is just as important as physical security, and sometimes moreso. After all, according to the ITRC’s annual data breach report, there were 2,365 cyber attacks in the United States in 2023, with a whopping 343,338,964 victims. In Canada, StatCan found that 70% of Canadians experienced a cyber security event in 2022.
Why does cyber security awareness matter?
It’s easy to think that you’re the exception and the things you read about won’t happen to you, but the truth is that hacks, breaches, scams, and other cyber crimes are all around us and it’s only a matter of time before you’re affected in some way. In fact, it’s more likely that you already have been! And that’s exactly why it’s important to learn what to watch out for, how to protect yourself, and what to do if your security has been compromised.
If you still think you haven’t been affected, a great first start to understanding the extent of data breaches is to check https://haveibeenpwned.com/. The site searches your email address against all reported data breaches to let you know if your information may have been part of it. Most likely, if you search your email address, you’ll find dozens of hits. (And you should take it as a good sign to change all of your passwords on accounts associated with that email address, if you haven’t already.)
Additionally, the annual password table from Hive Systems has become one of my favourite tools to demonstrate, in a single image, how important password security is. You can see in the table how quickly a hacker can brute force hack a password based on the complexity of the password. Of course this is not the end all, be all of security, but it’s one aspect that can be easy to understand the severity of.
We simply can’t escape security risks online anymore. Whether it’s a data breach, the phishing emails you probably receive daily, or something more severe, everyone needs to know what cyber threats to expect and how to deal with them.
Here is an example of an unsafe password compared to a safe password:
How does cyber security affect businesses?
The number one threat to your organisation’s security is social engineering type attacks. That is to say, cyber criminals have realised that the most effective way into your computer system is through employee access. Every day, we all receive dozens of spam emails telling us to click some link, not to mention the spam texts and calls. These social engineering attempts–whether they’re phishing, smishing, vishing, or other types–are an attempt to get your sensitive information to use for criminal gain. And these attacks can be used on businesses too.
Imagine a cyber criminal sends out a fake link asking employees to tell “IT” their username and password. If even one person falls for it, they can then use that information to log into your organisation’s system and access all sorts of information. And once they infect one user, it becomes far easier to spread. Users who identified the original message as a scam might trust a message from a compromised company account because it appears legitimate. The damage they can do grows exponentially once a bad actor has access to your system.
That example is just one way employees are preyed upon. Social engineering comes in lots of different forms, with more appearing and changing every day. Now, we’re even starting to see the use of AI-generated materials like deep fake videos of CEOs or other highly positioned people to perpetuate scams.
All of which is to say, cyber security education and basic measures are more important than ever.
What should everyone know about cyber security?
It may seem overwhelming, but at the end of the day, being cyber secure is about establishing good, practical habits. If you’re in charge of your organisation’s security solutions or training, you should consider setting up events and training this month (and throughout the year). Even if you’re in a different role, this information is beneficial to learn and share with your colleagues.
For now, here are some of the top basic security tips:
Configure multi-factor authentication everywhere possible. Second factors can be authentication apps, biometrics, or codes sent via text, phone, or email. This makes it harder for other people to log into your account, even if they get your password.
Use a different password for every account. It may be easier to use one password everywhere, but that makes your accounts extremely vulnerable if one gets hacked.
Don’t save passwords. Using browser or site password saving/autofill is not recommended. Instead, if you need to keep track of multiple passwords, consider using a password manager like LastPass or 1Password.
Avoid oversharing information online. Don’t make it easy for hackers; the more you share online, the more likely they can find information they can use to access your accounts (answers to reset questions like mother’s maiden name or first pet’s name, etc.).
Look out for the signs of social engineering attempts. Pay close attention to the messages you receive. Hover over the sender to see their actual email address, look for language trying to get you to act fast, check for mistakes in text or logos.
Never click links or attachments in unexpected messages. If the message is not from someone you know with content you were expecting, do not click the links or download attachments.
Install antivirus software. If you don’t already have antivirus software, it works to actively protect your device. There are many options to choose from, including several free options. You can find some suggestions here: https://www.pcmag.com/picks/the-best-free-antivirus-protection
Install firewall software. Like antivirus software, a firewall helps protect your device. To learn about free options, refer to: https://privacysavvy.com/security/safe-browsing/best-free-firewall/
Set your devices to automatically update. By setting your device to automatically update, you know it has the latest security updates and patches at all times.
Limit your use on public wifi. It’s fine to use a cafe or airport’s wifi for some things, but don’t use it for anything sensitive, like banking or work, unless you have a VPN.
What to do for Cyber Month
There are a lot of good resources available from government and private entities that you can use to plan your Cyber Month events or learn for yourself! In specific:
Canada's Get Cyber Safe campaign has some great resources that you can give directly to employees: https://www.getcybersafe.gc.ca/en
Get Cyber Safe also has resources for cyber month: https://www.getcybersafe.gc.ca/en/cyber-security-awareness-month
The USA’S NIST has plenty of cyber month resources as well: https://www.nist.gov/cybersecurity/cybersecurity-awareness-month
The USA’s Cybersecurity and Infrastructure Security Agency (CISA) put together a best practices list: https://www.cisa.gov/topics/cybersecurity-best-practices
MetaCompliance has a nice guide about phishing: https://www.metacompliance.com/lp/ultimate-guide-phishing
IMA uses Cyber Month to continue employee education in a fun way. We like to send out weekly educational emails with different fun resources, like quizzes and videos. At the end of the month, we then have an event where employees are entered to win a prize!
There are a lot of other options and approaches you can take, especially if you work in an office environment and can put up physical posters or hand out materials. The main point is to use this as an opportunity to engage your employees on the topic and provide some fun for a pretty serious topic.
No matter what you do, remember to take your cyber security seriously and have a safe Cyber Month!
About IMA
IMA is a leading Material Master data cleansing and governance provider. With a wide breadth of experience and unmatched technology, we offer the most customizable services to meet any organisation’s needs. For more information on what we do, check out our website.
Comments