October 2023 marks the 20th anniversary of National Cybersecurity Awareness Month! This is a dedicated month for the public and private sectors to work together to raise awareness about the importance of cybersecurity. This year, the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA) are partnering to create resources and messaging for organizations to use when they talk with employees, customers, members, and donors about staying safe online. Before we dive into their advice, let’s take a step back and look at the bigger picture.
What does Cybersecurity mean today?
Cybersecurity (or the lack thereof) makes global headlines on an almost daily basis. As new technologies arise that make our lives more convenient, hackers are right there, finding new ways to exploit our data. That’s where cybersecurity – a combination of technology, strategies, and practices designed to secure online data – comes into the picture. Unfortunately, as our protection has become more sophisticated, criminals have countered by moving from attacking large corporations to smaller entities such as non-profits, which are less likely to have advanced layers of protection. Here are a few things your IT team should be defending against.
Criminals go phishing because it remains surprisingly effective, ranking as the most common type of cyberattack. A phishing scam is a message – usually an email although it can also be a text – that pretends to come from a trusted source but is a criminal trying to lure a victim into disclosing personal information that can then be used to hack into a system. Once a victim takes the bait and provides a point of entry, the hacker then generally uses that access to plant malware or ransomware or to steal data.
Malware is a broad term used for many types of software designed to disrupt a computer system or network. You’ll be able to tell when your computer becomes infected if you encounter unfamiliar pop-ups on your desktop or your browser goes to pages you didn’t ask it to see. Additional unidentified plugins might begin to appear. Viruses are one type of malware that is self-replicating, meaning that once your computer becomes infected, the virus spreads on its own to other points in the network. Another type, spyware, tracks data as it moves through networks, giving hackers insights into track activities like keystrokes, or learn about victims’ habits.
This is a Hold Up
Ransomware is a particularly destructive type of malware that garners headlines. When a computer is infected, ransomware will encrypt all its files, from Word documents to photos and even QuickBooks files. The software will then encrypt the data with a virtually unbreakable passkey, locking the information away unless the user pays the desired ransom. Organizations often end up paying large fees to hackers to have their data released.
Ways to Combat Criminals
With an ever-expanding universe of threats, CISA and NCA have teamed to try and teach organizations and the public four relatively easy ways to combat cybercriminals that your IT team should have in place.
- Use strong passwords and a password manager: Strong passwords are long, random, unique, and include all four character types (uppercase letters, lowercase letters, numbers, and symbols). Since some employees may be hesitant to use them, organizations should supply password managers to help them create, store, and remember strong passwords.
- Turn on multifactor authentication (MFA): MFA requires a second form of authentication, such as texting a code to your cell phone. This extra layer of protection makes accounts significantly less likely to get hacked.
- Recognize & report phishing: Train employees to becautious of unsolicited emails, texts, or calls asking for personal information; to avoid sharing sensitive information or credentials unless necessary; and not to click on links or open attachments from unknown sources. If they suspect a phishing attempt, have them report it to your IT team immediately.
- Update software: Updating software is the most efficient way to ensure that your team has the latest security patches and updates. Your IT experts should regularly check manually for updates if automatic updates are not available and keep operating systems, antivirus software, web browsers, and applications up to date.
Protecting Your Organization
At Cross The Divide, we have unfortunately seen what can happen if an organization falls victim to a cybercriminal before they reach out to us. Organizations have lost years of sensitive data, thousands in revenue, and the trust of the public. It’s critical that organizational leadership take cyber threats seriously and empower their IT team to combat them.
What’s the best solution for preventing loss and data corruption? Backups! Yet many organizations don’t have backups or recovery plans in place because their internal IT team is pressed just handling daily duties. With CTD’s managed IT services, we make sure every client has complete and robust backups. Having redundant backups means fewer worries if your data falls victim to ransomware. If criminals lock your data, you can simply revert to the prior backup.
Watch for additional Cybersecurity Awareness Month updates and subscribe to our blog to get breaking news and tech updates as they happen.