In 2004, October was declared Cybersecurity Awareness Month. Dedicating October to cybersecurity helps raise awareness about the importance of protecting our personal and professional information. As we see this focus on cybersecurity remain central to business strategies year after year, it is a reminder that we are still battling security risks, old and new.
This year, as this month draws to a close, we want to talk about the importance of ongoing security measures for your business and your personal life. Let’s take a look at what this year’s cybersecurity theme was, why this is critically important for businesses of any size, and what you can do to become more cyber-secure.
The People Side of Cybersecurity
This year the theme for Cybersecurity Awareness Month was “See Yourself in Cyber.” The goal was to raise awareness around the vital role people play in the success of any cybersecurity strategy. You can put into place all the best security tools and systems, but the people factor is often the weakest link in your cybersecurity stack.
As you think through your business’s cybersecurity strategy, start to consider: How are you addressing the people side of cybersecurity?
It is important to continually educate yourself, your employees, and your family members on best practices related to cybersecurity. Everyone needs to know how they can protect themselves in relation to their own personal use of cyber systems and the ones they use at work.
To help you on your company’s path toward improved cybersecurity, here are three main tactics you can implement to help improve the people side of your cybersecurity strategy.
#1: Multi-Factor Authentication
It's important to continually evaluate and implement security programs and protocols that will create the best layers of defenses your business can afford. Even if you operate a small business with a limited budget, the majority of systems used today offer improved levels of protection at no extra cost.
One such layer that is incredibly helpful in protecting everyone’s business and personal information is multi-factor authentication.
Multi-factor authentication is a type of challenge system. You may have encountered it on a log-in yourself. With multi-factor authentication, when someone attempts to log in to a platform, the system will require a PIN, a confirmation message via email, or a code that is texted to the user in addition to their password. This secondary challenge helps ensure that even if a password is hacked, it is impossible for a bad actor to access the system.
Multi-factor authentication is no longer a “nice-to-have” for businesses. It is a must-have. If multi-factor authentication is not set up for a system your company uses, or you are unsure if it is, it is highly recommended to contact the business in charge of your system management. Ask them about how they secure your data and request that multi-factor authentication is activated.
#2: Training Employees Through Year-Round Campaigns
One of the best ways to improve cybersecurity at any business is to invest in employee training programs year-round. Training your employees with a cybersecurity-specific program is as important as any other component of your current security system. When you don’t train your employees, they can become your biggest weakness.
You can train employees using fake phishing campaigns, which help teach employees how to identify potential security risks. It will also help you identify your “click happy” end users. You can then provide further training to help these employees understand how to identify risks.
Additionally, you can use video-based training to reinforce cybersecurity tips. You can even host monthly cybersecurity town halls where you cover a new cybersecurity topic each time and open up the floor for Q&A from employees.
#3: Updating Password Protocols
Another human weak point in many businesses’ cybersecurity strategies is the use of weak passwords by employees. The recommendations for strong passwords have shifted over the last few years. It is no longer recommended to enforce password changes every 90 days and have them be a minimum of 8 characters with the use of letters and special characters.
A longer password of a minim of 12 or 14 characters is recommended now, and employees should be encouraged to create a phrase they can remember. This phrase can be strengthened by incorporating special characters and purposeful misspellings.
To learn more about updated password protocols, check out our blogs on the topic:
- 5 Ways to Create a Strong Password
- What to Avoid When Creating or Changing Your Password
- 5 Signs That It Is Time to Update Your Password
Make sure that you continually train employees on best practices around password creation. Encourage employees to not only institute these guidelines at work but also for their personal use.
Cybersecurity Is a Group Effort
Everyone must work together to protect our personal information and the information of the people around us. It is imperative that we help those who may not have the knowledge or ability to do this and continually reinforce best practices.
Cybersecurity Awareness Month is a great time to consider how to strengthen your efforts around best practices and employee training. Before the next October rolls around, be sure to consider how you can help improve the people side of your cybersecurity efforts. No one is secure until we are all secure.