October is Cybersecurity Awareness Month in the U.S. and in Europe. This is intended to nudge individuals and companies to reflect on their security best practices and ensure they are building the safest habits to protect themselves from what seems to be a myriad of cybercrime.
Looking into the central themes for 2021 is Troy Gill, Senior Manager of Threat Intelligence at Zix | AppRiver.
Gill explains to Digital Journal that cybersecurity is not something companies can afford to take for granted. The current event provides an opportunity for focus: “Cybersecurity Awareness Month is an important reminder for individuals and companies to reflect on their security best practices and ensure they are building the safest habits to protect themselves from a myriad of cybercrime.”
Gill also points out that attacks are on the increase: “The number of headline-grabbing breaches and attacks that have taken place during 2021 highlight the critical need for safeguards across the entire company network. This is the perfect opportunity for organizations to educate their employees on what they can do individually to protect the company, especially as remote work continues to add to the rise of attacks as many organizations are still trying to secure their devices, remote access points and overall networks.”
The pandemic has created additional pressures for systems, explains Gill, and has created a more challenging environment. He notes: “The shift to remote work has also accelerated cloud adoption and increased cloud storage rates. While, in many ways, the cloud is a safer environment than on-premise, attacks do still happen. It is critical for companies to maintain a third-party backup of business-critical data so they can move their business forward in the event of an attack.”
Gill identifies the main paths that cyber criminals take as: “Email has proven to be a common point of attack vector because it often contains sensitive and valuable communications, which is why phishing scams are a popular choice for cybercriminals.”
Hence, as a solution he recommends: “Organizations should consider implementing a more comprehensive email security solution that conducts a security audit to analyze its admins, users, mailboxes, and rules for vulnerabilities such as outdated passwords so they can be resolved before a breach happens. Companies should adopt a multi-layered cybersecurity strategy to safeguard their email against sophisticated threats. By implementing a layered approach to email security, enterprises can remove substantial gaps and preserve productivity even when facing a malicious threat.”
Gill advises that along with investing in proper security solutions, organizations should encourage their employees to follow key strategies to keep their workforce safe against email-based attacks.
He identifies these as:
- Never reuse passwords – Never reuse the same password on different services, if the service is compromised attackers will try that same password for others.
- Use a password manager – These solutions help by remembering passwords for their customers, but many of them also have built-in tools for generating strong passwords that organizations and users can then use to protect their accounts.
- Always use multi-factor authentication (MFA) – As an additional layer of email security this mechanism requires that all users provide multiple factors of authentication such as a security key to successfully log in, helping protect an account even if a phisher compromises login credentials.
- Verify suspicious messages – If there is any suspicion about a message or transaction, it never hurts to call the sender. Most will be glad of your security protocols in place to help prevent fraud.
- Avoid clinking links – Users can avoid falling victim to phishing attacks by exercising caution around all email links, and organizations can reinforce this behavior using ongoing security awareness training.
Based on these salient points, Gill advises that: “Awareness is a key part to protecting organizations, from employees all the way to the executive level. Companies should leverage this month to evaluate their internal security practices and solutions and send reminders to employees about how they can do their part to protect the company as a whole.”
