As we transition into October, it’s time again for Cybersecurity Awareness Month. Cybersecurity Awareness Month is a global campaign, with campaigns led in both the United States and European Union. Cybersecurity Awareness Month has run for 18 years as a collaborative effort between government and industry to promote online security best practices.
The 2021 them of #BeCyberSmart is just as relevant as ever, and the weekly prompts provide an opportunity to evaluate how you and your organization are doing in some of the key areas of cybersecurity.
Common sense goes a long way in protecting against cyberattacks. Yet sometimes it’s worth a reminder. For instance, earlier this year many people were posting their vaccination cards on social media, exposing their personal information. The FTC issued a statement warning that posting vaccine cards online could be welcoming identity theft: “For example, just by knowing your date and place of birth, scammers sometimes can guess most of the digits of your Social Security number.” Being cyber smart includes what information we share online and staying informed about the latest threats.
Additionally, creating strong passwords is still a relevant issue today. However, today multi-factor authentication (MFA) is the best way to create a multilayered defense against attackers. As we explained in another post, “If only it were possible to develop a single method of authentication that was 100% accurate and could not be hacked, we wouldn’t need multi-factor authentication. But passwords can be seen, overheard, guessed or bypassed; a token can be lost or stolen; and an identical twin or using a photograph may even work to fool biological recognition systems. That is why multi-factor authentication is currently very important to account security.” Learn more about MFA and how to set it up in this in-depth guide to MFA.
Just as we predicted, phishing attacks have been increasing and becoming worse in scope. Phishing attempts since the pandemic have skyrocketed. In fact, spam emails accounted for more than 50% of global email traffic in 2020. That’s why the European Cybersecurity Month is running the campaign #ThinkB4UClick, to remind web browsers that web attacks are becoming more sophisticated and commonplace.
As Dean Coclin, Senior Director of Business Development at DigiCert, explained in a recent post “Instead of a love letter or a message from a Nigerian prince that could result in stolen personal information, today’s phishing attempts could threaten the world economy, politics and leading organizations. Attackers of today are professionally organized, large-scale groups that are financially motivated. Organizations lose an estimated $2 billion a year from phishing.”
Coclin explains how enabling the Domain-based Message Authentication, Reporting, and Conformance (DMARC) protocol is the solution. “Enabling DMARC for an organization lowers the number of phishing emails trying to spoof customers,” said Coclin. “This reduces inbox clutter and makes it easier for consumers to trust the email messages in their inboxes.” For more information on DMARC and how to set it up, check out this blog post.
Individuals can also protect against phishing with these 10 steps outlined by Coclin. Furthermore, to report phishing he recommends forwarding phishing emails to reportphishing@apwg.org, to the organization being impersonated and to ReportFraud.ftc.gov.
Employees are the first line of defense for your enterprise security, and so employee training and testing at every level is necessary to protect your organization.
Additionally, organizations need to be aware of what current threats are out there and the best practices to protect against them. At DigiCert, we share our experiences and observations with a variety of industry and standards groups, including the CA/Browser Forum, CA Security Council, Internet Engineering Task Force (IETF) and more. We also share a monthly recap of industry news. Stay tuned to our blog at the end of each month to learn about the latest news in PKI.
Now is the time to put cybersecurity first. Installing best practices can protect your organization against costly attacks, downtime and damage to your reputation. Using common sense, creating strong passwords, fighting phishing and training employees should be priorities this year. Furthermore, going forward we predict that 2022 will be the year for PKI automation as the average enterprise manages over 50,000 certificates. Start preparing now for automation solutions within the next six to 12 months. Learn more at www.digicert.com/campaigns/pki-automation.