Here’s a quick reminder of the basics which I’ve covered many times here on TLS. It’s a good time to publish a reminder for Cybersecurity Awareness Month (CSAM).
Now in its 19th year, CSAM continues to raise awareness regarding the importance of cybersecurity in America, ensuring that everyone is prepared with the tools and resources they need to be safe and secure online. CSAM is a collaborative effort led by the Cybersecurity and Infrastructure Security Agency and the National Cybersecurity Alliance and is dedicated to empowering the public to be resilient against cyber threats and attacks. Since 2004, the impact of CSAM has continued to expand, reaching consumers, corporations, and institutions across the nation.
The three pillars of cybersecurity are people, processes, and technology. The CSAM 2022 campaign theme is “See Yourself in Cyber,” which focuses on the “people” part of cybersecurity and highlights several key behaviors. It encourages individuals and organizations to take ownership of the critical role they each play in protecting cyberspace, stressing personal accountability and the importance of taking proactive steps to enhance cybersecurity. Everyone has a duty to do their part, whether on the job, at home, or at school—now and in the future. Cybersecurity must be a priority and not an afterthought. Actions taken today can affect the future of personal, consumer, and business cybersecurity. Individuals can take basic steps to protect their online information and privacy. Organizations, vendors and suppliers, and critical infrastructure owners and operators can help prevent cyber incidents while protecting their brand and reputation. No matter what role you play, see yourself in cyber!
Enabling Multi-Factor Authentication
Identity, authorization, and authentication controls are security requirements that ensure access is controlled and securely provided to only authorized individuals, systems, and processes. An authentication control is a process used to validate a user’s identity. An example of this control is multi-factor authentication (MFA), which helps protect online accounts from unauthorized access. MFA is an effective measure to protect users from account compromise via credential theft or exposure as part of a data breach. Even if a threat actor gains access to an account password, they will not be able to access the associated account without the user’s second factor of authentication.
MFA requires two or more different factors and consists of a variety of authentication methods:
- Something you have includes physical objects, such as authentication apps on smartphones, smart cards, USB devices, and security hardware tokens.
- Something you know includes anything that can be remembered and then typed, verbalized, performed, or recalled, such as passcodes, PINs, combinations, code words, and answers to security questions.
- Something you are includes any part of the human body that can be used as verification, such as fingerprints, facial recognition, palm scans, retina scans, iris scans, and voice verification.
Using the same factor twice, such as two separate passwords, is not considered MFA, as this does not include two or more different factors. Authentication apps, hardware tokens, or biometrics are recommended as a second factor over SMS-based authentication due to the risk of SIM swapping, though any form of MFA is beneficial.
Usernames and passwords provide a layer of security to systems and services; however, they are not sufficient in protecting against cyberattacks. The increase in password reuse, credential stuffing attacks, data breaches, and dark web and public disclosures necessitate the adoption and implementation of MFA. Additionally, enabling MFA can largely prevent account compromises resulting from password theft, disclosure, or guessing. Enabling MFA is highly recommended for all accounts, where available, to protect against a cyberattack that could potentially cause significant financial loss, affect business continuity, and violate regulatory compliance.
Using Strong Passwords and a Password Manager
Many users connect to the internet and access multiple accounts and services for business, including email platforms, applications, and vendor websites. The increased use of online accounts and services, combined with users engaging in risky password management practices, puts both themselves and their employers at risk of account compromise and data breaches. Therefore, it is important to practice good password hygiene to protect accounts and data.
Strong, unique passwords for each account help prevent password reuse attacks, in which threat actors obtain the password for one account and use it to compromise an additional account using the same credentials. Threat actors succeed when users reuse credentials across multiple accounts and do not enable MFA. Strong, unique passwords also help secure information, networks, servers, devices, accounts, databases, files, and more against cyberattacks.
Users may keep a list of passwords that is stored in a safe, secure place offline and away from the computer or use a service like a password manager to keep track of their passwords. Password managers establish unique and complex master passwords and enable MFA using an authentication app or hardware token. These accounts hold very sensitive data and should be given the highest degree of security available. Users are encouraged to thoroughly research password manager providers prior to use.
It is important to stay informed about publicly disclosed vulnerabilities and to update all device hardware, operating systems, applications, software, and anti-virus or anti-malware programs to ensure they are patched against flaws that threat actors could exploit to gain unauthorized access to devices or data. Other protective technologies include endpoint detection and response software, host-based firewalls, and device and file encryption. Important or sensitive data should be backed up regularly and kept offline by periodically moving or copying data onto a USB drive or other external storage device.
Recognizing and Reporting Phishing
Phishing attacks can lead to account compromises and malware infections, including ransomware. Users can reduce their likelihood of falling victim to phishing attacks by understanding common red flags and tactics.
Threat actors employ a variety of tactics in social engineering schemes to convince users to divulge sensitive information, click malicious links, or open malicious attachments contained in phishing emails. Portraying a sense of urgency is one of the most commonly used and highly effective tactics in these schemes because the targeted user may be less likely to scrutinize the email if they are acting quickly on the request. In addition, threat actors may convey a sense of authority or legitimacy by impersonating known entities, organizations, or individuals and creating the appearance that the phishing email is part of a long chain of communication.
Phishing emails often contain links or attachments that, if clicked or opened, install malware or direct users to spoofed websites to steal users’ credentials or information for financial theft and fraud. Examples of phishing emails include updates for financial account information, shipping and delivery notifications, and shopping sales and coupons. It is important to confirm the email’s legitimacy via a separate means of communication and navigate directly to authentic vendor websites. If suspicious, report it to your respective agency.