Marking 20 Years of Cyber Security Awareness Month

Empowering Individuals and Businesses to Strengthen Online Safety

This year Cyber Security Awareness Month celebrates its 20^th Birthday. The theme is ‘secure our world’.  A back-to-basics message to encourage us all to think about our cyber security and what we can do to stay safe online, both personally and within the organisations we work for.

Cyber threats are ever present, whether you are an individual with a smart phone or an enterprise that manages multiple devices and digital credentials.  Keeping everything secure is a huge challenge.

The 4 key messages for this year’s campaign are:

1. Create strong passwords.
2. Turn on multi-factor authentication.
3. Recognise and report phishing attempts.
4. Keep your software up to date.

Each one of these elements is important, and together they help to form stronger and more resilient cyber security defences to protect your data and systems.

1. Strong Passwords

There is lots of speculation as to how long we will be continuing to use passwords.  However, they are still here and despite lots of attempts to get to passwordless authentication, we are still using them.

Threat actors are still keen to access and sell your personal data, so the guidance is

• Use strong passwords, the longer the better.
• Do not write them down anywhere.
• Use a unique password for every account/system you access.
• Use a password manager.
• Should your details be compromised – change passwords immediately.

As a business we suggest you also investigate something like a password security management system, where you can audit your existing password policies, and users and check them against the worlds largest breached database containing over 7 billion compromised credentials.  Our PSM will also provide notifications and alerts for the latest breaches and enable you to create policies around passwords, usage and ensures that employees don’t choose passwords already in the breached database.

2. Multi-factor Authentication

Multi-factor authentication is more than just a single password and combines more than one authentication ‘factor’ – e.g. something you have; with something you are or something you know.

E.g.. A phone would be something you have, your fingerprint or face is something you are and a PIN or passphrase could be something you know.

As cyber criminals are unlikely to have access to your fingerprint or face or all the other form factors, it can help to reduce the risk of your credentials being stolen.

Criminals are creating new sophisticated schemes to access personal and secure data all the time, so using MFA is helpful but don’t be fooled into thinking that it is totally secure.

The more factors you have to authentication the more secure the system will be.  However, it should also be as user-friendly as possible for the end-user.

We have a variety of MFA options which now include passwordless logins, pins, passkeys, patterns and devices.  Contact us to see what option best suits your organisations need.  From Passwords to PKI we have a solution to suit you.

3. Recognise and Report Phishing Attempts

Phishing is where a cyber criminal tries to lure you into giving out your credentials.  Often in an email from a recognised supplier or even one that appears to be from a colleague, where the email asks you to login to the system.

Often the email request is urgent and suggests that you may lose access to some area of your account, which may panic you into entering your details to retain access.  The moment you do, the criminal has your details.

Also, if you are re-using the same passwords across multiple accounts, cyber criminals may even be able to access more accounts causing much more harm, not just to the organisation the employee works for but to other businesses the individual has access to as well.

There are some easy ways to check if an email has come from a threat actor – check who it is from – does it look like it should – sometimes the email addresses are misspelt, the way the content is written is unusual or links go to different domains.

Be vigilant, and double check, if you are not expecting an email from someone, or it says you have logged in from another source, or you are about to lose access, these are all types of messaging used by cyber criminals to catch you out.

If you do spot a phishing email, make sure you report it.  Do not click on any links and delete the message.  If it’s a work related one, be sure to report it to your IT helpdesk.

4. Keep software up to date

Software manufacturers are regularly reviewing their security and often add patches and fixes which can help your device to run more smoothly.  Frequently these fixes include security updates to counter criminal activity and to close loopholes where the criminals might be able to access personal and secure data.  By updating your devices as new software is available, helps to ensure that you are protected by the latest patches so that criminals can’t easily steal your credentials to use for criminal purposes.

It only takes a few minutes and helps keep you and your devices secure from cyber-attacks.

If you are already doing all of the above, great – carry on and keep yourself up to date with new developments in the field.  As cyber criminals are constantly evolving, so are the software developers building new and more secure systems to counter these attacks.

Intercede are committed to providing a secure and phishing resistant solution to businesses to protect them from costly data breaches.

Our solutions include password security management, multi-factor authentication, and digital identity and credential management, all designed to make better security easy to deploy and easy to use.

Do you bit to secure our world! From Passwords to PKI we have a security solution for you.  Contact us today!