At Zscaler, we know cybersecurity is something organizations need to think about 24/7, 365 days a year, to protect users, data, and devices. But with October being Cybersecurity Awareness Month, it’s an extra opportunity to highlight the importance of security and detail key considerations that help keep your business safe.
The theme of Cybersecurity Awareness Month 2022, led by the Cybersecurity and Infrastructure Secure Agency (CISA) and the National Cybersecurity Alliance (NCA) is “See Yourself in Cyber” and drives home “the ‘people’ part of cybersecurity…now and in the future.”
With this in mind, there are four action steps that CISA and NCA are emphasizing this year:
Enabling multi-factor authentication (MFA)
Multi-factor authentication is a security technology that requires a user present multiple forms of authentication, or credentials, before being allowed access to an account.
The National Institute of Standards and Technology (NIST) lists methods of authentication as the following, “something you know (like a password or PIN), something you have (like a smart card), or something you are (like your fingerprint).” This added layer of security helps to deter cyberattackers as they need extra information to gain access to an account.
Creating strong passwords
As threat actors and cyberattacks become increasingly sophisticated, having a strong, unique password for each of your accounts is one of the simplest—and most important—ways you can protect yourself and your data.
CISA has a comprehensive guide to creating strong passwords. Some of the suggestions include using different passwords on different systems and accounts, using the longest password or passphrase allowed, utilizing a password management program, and avoiding passwords that are based on personal information.
Recognizing and reporting phishing
Phishing is a tactic used by cyberattackers to lure users into providing sensitive information that could be used against them or their organization, downloading malware, or providing sums of money. Phishing attacks typically begin with an email, phone call, SMS message, social media post, or the like that seems to be from a reputable source.
Understanding how to identify common signs of phishing and providing comprehensive training to employees is an imperative step in protecting your organization from cyberattacks.
Updating your software
CISA advises, “Don't delay -- If you see a software update notification, act promptly. Better yet, turn on automatic updates.” Software can be anything from applications to your operating system. Frequently confirming that all your software is up to date ensures any security gaps are addressed and it can help improve end-user experience, among other benefits.
As Cybersecurity Awareness Month comes to a close, we hope you’ll take these suggestions seriously and assess the security health of your organization and users. The Zscaler Zero Trust Exchange can also help reinforce your security strategy using a cloud-native approach to zero trust.