Not only is October the official Security Awareness Month, but this year marks the 20th anniversary of celebrating this event! While security technologies have advanced over the years to detect and prevent many cyber threats, they are not bulletproof since people and processes make up the other critical pillars of protection. It’s been demonstrated in multiple recent data breaches that failure in processes and people-centric attacks continue to be an effective means for bad actors to exploit and circumvent technical protective measures. In the spirit of Cybersecurity Awareness Month and embedding good security practices into our everyday routine, let’s address some questions I’ve gotten and easy tips to protect you in the process:
What’s the buzz with generative AI and phishing?
Phishing is still a very popular and commonly used method by bad actors and has become more sophisticated. With the new capability from Generative AI to create more realistic emails, images, and videos, it becomes even harder to spot a phish and these advanced techniques are leveraging images and audios of senior executive teams freely available from the Internet. However, the guidance to protect yourself against phishing attacks are still the same:
- Check the sender's email address
- Hover over any links in the email to see if the destination aligns with the supposed sender's domain
- Validate with the sender first if there’s an unsolicited email or attachment
- Check with your Cyber Security team
The biggest red flags of a phishing email are when it’s asking for sensitive information, urging you to take immediate action, or requesting you to go outside of established processes or protocols.
Why are we still talking about password hygiene?
Passwords are still the primary way of authenticating to online services, from lower-risk services like streaming your favorite show to accessing your bank accounts and accessing your company resources. Password reuse, which is when you use the same passwords across multiple sites, is, unfortunately, a common practice because it’s easy to remember but also puts your information at risk when a data breach occurs because the bad actors can check that same compromised credentials to see if you also have an account on another site.
Here are some practical tips to make it easier on yourself:
- Even if you have a favorite password/passphrase you want to use, just append the name of the site to the end!
- Longer is better, so anything over 16 characters would be considered strong
- Enable multi-factor authentication (MFA) as a second layer
- Use a password management tool like KeePass (which is free!)
Are those software updates on my phone really that urgent?
Yes! No matter if you’re an iOS or Android user, those software updates should be applied as soon as they’re available for install as it can range from minor bug fixes to refine the user experience to addressing serious security vulnerabilities that can be exploited to compromise your device. Being proactive with software updates ensures that you benefit from the latest defense. Even if you don’t think that anyone would be interested in accessing your phone because you’re not a celebrity, journalist, or politician, you’re probably accessing your banking information, monitoring your stock portfolio, and a variety of other financial transactions.
Is VPN really necessary when I’m using a public Wi-Fi at my hotel or coffee shop?
While public wireless networks are convenient, they do not offer security protections like your corporate network. For low-risk activities like browsing the web, it’s fine. If you need to do work that involves non-public information, then the VPN solution (virtual private network) is your friend. It creates an encrypted channel for your communication and only adds one extra step within a few seconds to protect you and your sensitive data. If you must use public Wi-Fi without a VPN, these steps will reduce some of the risks:
- Ensure the websites you visit use HTTPS, which encrypts the information you exchange with the site
- Select “Forget This Network” on your device to prevent automatic reconnections in the future
- Turn off sharing settings for files, devices, and public folders
RECOMMENDED RESOURCES