Cybersecurity Awareness Month 2023 Focuses on 4 Key Behaviors
The Cybersecurity and Infrastructure Security Agency (CISA) has launched a new cybersecurity awareness program – Secure Our World – through which the agency will be promoting behavioral change across the nation. The aim of the campaign is to get individuals, families, and small- to medium-sized businesses to take action every day to protect themselves while online and when using connected devices.
The new campaign was launched as part of Cybersecurity Awareness Month, which this year focuses on four key behaviors that can greatly improve security when they are consistently adopted across an organization:
- Using strong passwords and a password manager
- Implementing multifactor authentication
- Learning how to recognize phishing and reporting phishing attempts
- Updating software promptly
While organizations should consider transitioning to passwordless authentication, until it can be fully implemented it is vital to ensure that password best practices are followed. Strong, unique passwords should be sent for each account, with passwords consisting of random letters, numbers, and special characters. Passwords should also be at least 12 characters in length, to make it harder for passwords to be cracked using automated brute force tactics. Due to the number of accounts that need to be protected, setting truly random, unique passwords is difficult so a password manager should be used. These tools help to eliminate bad password practices and can generate long and complex passwords and store them securely in an encrypted password vault.
Accounts should be protected with more than just a password. If a password is guessed or is otherwise obtained by an unauthorized individual – in a phishing attack for example – that password alone should not be sufficient to grant access to the account. Multi-factor authentication (MFA) should be enabled on all accounts and while any form of MFA is better than none, the greatest protection is provided by phishing-resistant MFA, which uses FIDO/WebAuthn authentication or public-key infrastructure (PKIO)-based authentication. These forms of MFA are resistant to phishing and push bombing, and are not vulnerable to SS1 and SIM swap attacks, unlike SMS and voice-based MFA.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Cybersecurity Awareness Month is the ideal time to assess and update security awareness training programs and ensure that all members of the workforce – from the CEO down – are provided with training on how to recognize, avoid, and report phishing attempts. Training is more effective when it is combined with phishing simulations. Phishing simulations reinforce training, identify individuals who require additional training, and help security teams gauge the effectiveness of their training programs.
It is vital for organizations to maintain a complete inventory of all software, firmware, and operating systems, and to ensure that software updates and patches are applied promptly, and where possible to configure updates to be applied automatically. Vulnerabilities in software are rapidly exploited by threat actors, with critical flaws often exploited in just a few days after disclosure. Patching promptly will reduce the window of opportunity for exploiting vulnerabilities to gain access to internal networks and sensitive data.
CISA is encouraging all businesses to ensure that they are doing all they can to ensure their software and devices are secure by building cybersecurity into the design and manufacturing of technology products and making sure all products are secure by design. A Cybersecurity Awareness Month 2023 Resources and Partner Toolkit has been developed by CISA and the National Cybersecurity Alliance (NCA) that includes resources and messaging for organizations to use when talking with their employees, customers, and members about staying safe online.
