Security Behaviours to Protect You All Year Round

Cybersecurity Awareness Month takes place in October every year to increase awareness of digital security across the globe. Cyberattacks are more common than ever, and threats are both frequent and sophisticated. However, whilst keeping a watertight security posture is vital, cybersecurity incidents are often a result of simple mistakes and human oversight. In fact, the World Economic Forum Global Risks Report 2022 found that 95% of breaches are down to human error.

Even in an organisation where cybersecurity is deemed a priority, it just takes one person to open the door for a cyberattack. That’s why improving security awareness and employee behaviours is critical in keeping your business safe and should be a core part of any security strategy. Cybersecurity Awareness Month was created to help this cause.

As news about data breaches and hackers is always hitting headlines, it can feel difficult to know how to keep sensitive information and online workspaces secure. However, when you know what to look out for, it’s easier than you think. With the right guidance, you can learn the how to spot suspicious activity and secure your online accounts.

For this Cybersecurity Awareness Month, we wanted to focus on a few key behaviours that can help you improve security hygiene and awareness in your business. By helping employees protect their workspaces and spot the red flags for phishing and other cyber threats, you can create a safer and more secure digital environment all year round.

Improving Cybersecurity Awareness All Year Round

Recognising phishing and social engineering

Phishing is one of the most common types of cybercrime. The UK Cybersecurity Survey found that around 90% of cyberattacks targeted at businesses in the UK were phishing scams, while nearly 30% were social engineering attempts.

Phishing is when a hacker sends an email designed to trick the receiver into revealing sensitive information or clicking on malicious links. In social engineering, cyber criminals pose as a trusted source in an attempt to gain access to data or workspaces. These two types of attacks are very similar, where cybercriminals typically use trust or urgency to dupe people into handing over data, money, or other private information.

Here are some things to look out for when it comes to phishing and social engineering attempts.

1. A sender requests sensitive information. Things such as passwords, bank details or personal data. Legit businesses wouldn’t request this type of information and should be deleted and regarded as spam.

2. Misspelt names or odd email domains. Check both the name of the sender and the email address. Is the domain correct? Are there any additional numbers or letters in an email address? Hackers will often pose as a legit company by slightly tweaking an address. For example, instead of [email protected], they would use [email protected]. It’s subtle a change which can easily be missed when you’re busy.

3. Spelling and grammar mistakes. Similar to the above, odd language and misspelt words are key signs of spammy email or scam.

4. The sender can’t verify their identity. If something feels suspicious, we recommend trying to contact the person through a different channel to the original message. A legitimate sender would be happy to provide proof.

5. Requests are urgent. For example, an urgent request to download a file or piece of software. Hackers want you to act quick before you have time to assess the situation. Always double check requests and verify senders.

6. Something seems too good to be true. Winning a prize or voucher that can only be claimed through clicking a link or providing some kind of information. If it’s out of the blue and too good to be true, it probably is.

7. Email footers and logos look off. Is the logo a bit wonky? Is the company address wrong? Always check and double check and refer back to emails from a sender in the same organisation to compare.

Remember, hackers will often pose as someone you trust. Whether it’s a colleague, a CEO, or a supplier – if you receive a suspicious message or email containing links or downloads, be sure to ask them about it first via a known method of communication before taking action. You can find more information about spotting social engineering here.

Using strong passwords and a password manager

Passwords are a prime target for cybercriminals. This is because despite endless warnings, many of us are still using passwords that are easy to guess. Shockingly, “12345”, “Qwerty” and “Password” are still some of the most commonly used passwords by people today.

Simple passwords are no go. Your password should be at least 12 characters long using a mix of special characters, numbers, uppercase and lowercase letters to increase complexity. Your passwords shouldn’t be based on your information that is easy to find, so avoid using include things like names of pets or hometowns.

Think about how many online accounts you use – it could be easily go over 100. That’s why you also shouldn’t use the same password for every account, as if a hacker guesses one password, they could gain access to all your data and online accounts. Managing tonnes of complex passwords can be a challenge, so a password management tool or password account vault. It helps you generate strong passwords, monitor your personal information, store digital records safely and much more.

Enabling multi-factor authentication (MFA)

Using extra authentication methods beyond a single password significantly increases the costs and effort for attackers. Multi-factor authentication (MFA) is a simple but very effective way of keep employee accounts secure. It’s makes people use a combination of passwords, One Time Passcodes (OTP) or biometrics (i.e. fingerprints or facial recognition) to access their accounts.

MFA makes digital workspaces incredibly difficult for hackers to access as even if they have the right password, they won’t have the device or app to input a print or OTP. That’s why the rate of compromise of accounts where MFA is enabled is less than 0.1%. For support in rolling out MFA across your organisation, get in touch with a member of the 848 team today.

Updating software

Hackers will often look for security gaps and bugs in dated software, as they provide an easy way to access sensitive data and networks. Regular software updates will often include security updates and patches. Ensuring your software is regularly updated is a simple way to protect your workspace. It can be tempting to keep clicking “remind me later”, but a simple software update can be the difference between a breach and a secure account.

More Tips to Stay Secure During Cybersecurity Awareness Month and All Year Round

For more cybersecurity awareness tips and advice on staying safe online, we’ve compiled a list of resources from our blog that can help:

Get Cybersecurity Advice

Cybersecurity should be a core focus not just for one month of the year, but all year round. At 848, we know it is important that your approach to security is continuously updated and optimised. We can help you improve cybersecurity awareness in your business and implement security controls that keep users protected from threats. For more information, get in touch with our team today. We have a dedicated cybersecurity practice with a team of security specialists to assess, improve and implement your security strategy.

More About Cybersecurity Awareness Month

Cybersecurity Awareness Month is a collaborative campaign between Government and industry agencies designed to improve online security across the UK. It’s a time dedicated to creating resources and sharing knowledge to help people stay safe in a digital world. This is the 19th year Cybersecurity Awareness Month has taken place. For more information, visit: staysafeonline.org.