Tips from Cybersecurity Awareness Month 2022
Cybersecurity Awareness Month 2022 is reminding individuals and organizations that there are a variety of ways to protect their data—and practicing the basics of cybersecurity can make a huge difference. This year’s campaign centers around an overarching theme that promotes self-empowerment: See Yourself in Cyber. The initiative’s co-leaders, the National Cybersecurity Alliance (NCA) and the Cybersecurity and Infrastructure Security Agency (CISA), are encouraging people to focus on four key behaviors:
- Enabling multi-factor authentication (MFA) — Often called two-step verification, MFA is an effective security measure because it requires anyone logging into an account to verify their identity in multiple ways. Typically, it asks the individual to enter their username and password and then prove who they are through some other means, such as providing their fingerprint or responding to a text message.
- Using strong passwords and a password manager — All passwords should be created so that they are long (consisting of at least 12 characters), complex (including a combination of upper case letters, lower case letters, numbers, and special characters), and unique. This approach should be implemented with all accounts. Because we do more online today, it is possible to have hundreds of passwords to manage. And, if your passwords are long, unique, and complex as they should be, it can be impossible to remember and track them all. Using a secure and encrypted password manager is not only safer than using a physical notebook or a notes app to store your passwords, but it can also provide benefits such as alerting you of potential compromises and auto-generating new hyper-strong passwords that are stored along with the others.
A quality password manager should encrypt all passwords, require multi-factor authentication on your password vault, and not store the keys needed to decrypt the main password that unlocks your vault.
- Updating software — Updates resolve general software issues and provide new security patches where criminals might get in and cause problems. You should update software often, obtain the patch from a known trusted source, and make the updates automatic if available.
- Recognizing and reporting phishing — With the right training, you and your employees can learn to identify phishing, a scheme where criminals use fake emails, social media posts, or direct messages to trick unwitting victims to click on a bad link or download a malicious attachment. The signs can be subtle, but once suspect a phishing scam, you should report it immediately, and the sender’s address should be blocked.
Cybersecurity Resources
Cybersecurity Awareness Month is dedicated to providing resources to help individuals and organizations stay safe online. Businesses that need additional resources to address their specific needs can partner with an external cybersecurity expert. For example, Safe Systems offers a wide variety of compliance, technology, and security solutions to help community banks and credit unions safeguard their data.
Some of our cybersecurity products and services include:
- Cybersecurity RADAR™: A web-based application combined with a team of compliance experts to help you assess your cybersecurity risk and maturity, using the standards set by the FFIEC’s Cybersecurity Assessment Tool (CAT) or the NCUA’s Automated Cybersecurity Examination Tool (ACET).
- Information Security Program: A solution that allows you to build a customized, interactive, and FFIEC-compliant Information Security Program, complete with notifications, reporting, collaboration, approval processes, and regulatory updates.
- NetInsight®: A cyber risk reporting solution that runs independently of your existing network and security tools to provide “insight” into information technology and information security KPIs and controls.
- Security Awareness Training: Safe Systems has partnered with KnowBe4, a market leader who is in the business of training employees to make smarter security
- Layered Security: Build a basic layered approach including a perimeter firewall with content filtering, email threat filters, an endpoint malware solution, and a robust patch management process, or add more sophisticated layers depending on your security needs.
In addition, we continue to provide access to trusted information related to technology trends, regulatory updates, and security best practices on our Resource Center. Our latest white paper focuses on the leading security risk to businesses today, ransomware. Download a copy of “The Changing Traits, Tactics, and Trends of Ransomware” to discover how to better position your institution to prevent and recover from a ransomware attack.