Cybersecurity Awareness Month
Are you doing what it takes to make sure your business is ready to #BeCybersmart? This Cybersecurity Awareness Month, smart companies are taking a hard look at their defenses and many times finding them wanting. However, the economic challenges brought to bear by the global pandemic have led to companies tightening their belts right when cybercrime is skyrocketing, leaving businesses in a dangerous position. But you don’t have to spend a fortune to have strong security. Smart, sensible security practices can take you far down the road to success as a savvy, cyber-resilient business.
What was that noise? Is it a ghost or one of the Monsters of Cybersecurity breaking in to steal your data? Learn how to ward off those foul fiends fast! READ IT IF YOU DARE!>>
Cybersecurity Isn’t Just for Geeks Anymore
Now in its 18th year, Cybersecurity Awareness Month is spearheaded by the US Cybersecurity& Infrastructure Security Agency (CISA) in concert with other federal agencies to help raise awareness about the importance of cybersecurity and its role in our everyday lives. Each week features a unique theme to remind everyone that cybersecurity isn’t just the province of tech teams anymore. This week, Cybersecurity Awareness Month kicks off with an initiative designed to encourage smart online behavior at work, school or home, keeping cyberattacks like ransomware front and center in the news. That’s why it’s essential that everyone understand that in today’s interconnected world it pays to be #BeCybersmart.
Computers, devices and the internet are woven into the fabric of our daily lives, making it easy for us to forget that online interactions and email messages aren’t always benign. The unfortunate results of a barrage of cyberattacks in the past year alone has clearly demonstrated that cybercriminals are putting in work to expand their operations. In fact, recent cyberattacks have illustrated just how many aspects of our daily lives are impacted by cybersecurity from getting gas to seeing the doctor. Protecting your business from cyberattacks may seem like a daunting prospect – in an IBM blog post, 25% of SMB owners said that they didn’t even know where to start with cybersecurity. However, no one has extra budget these days – a third of those SMB IT decision-makers pointed to a lack of budget or resources as their biggest blocker to cybersecurity success. But businesses don’t have to blow their budgets to make security improvements. These three tips can help every business #BeCybersmart and stand tall in the face of surging cybercrime for less.
Are you ready to fight back against cybercrime? See where 2021’s threats are coming from and what’s next. DOWNLOAD THE REPORT>>
1. Build Better Passwords
The first action that businesses can take doesn’t cost a cent: improve password security. Cybercriminals know that the easiest, fastest way for them to gain entry to your systems and data is with a legitimate password and they’re doing everything possible to snag one – the more privileged that password is, the better. That’s why it’s paramount that you establish and enforce strict rules about generating passwords in your business. The Verizon/Ponemon Institute Data Breach Investigations Report 2021 revealed that bad, cracked, stolen and recycled passwords were the biggest data breach menace that businesses of every size face. More than 60% of the businesses that they analyzed had suffered a cyberattack that began with a compromised credential and ended in a data breach.
3 Fast Facts About Password Danger
Credentials were the top type of information stolen in data breaches worldwide in 2020.
About 60% of passwords that appeared in more than one breach in 2020 were recycled or reused.
An estimated 65% of employees use the same password across multiple work and home applications.
It’s not hard for cybercriminals to find a company’s legitimate passwords through password cracking software or even just outright guessing. How does that work? People love to talk about themselves and their interests online. Does your LinkedIn talk about how devoted you are to your college football team? Is your Facebook full of Baby Yoda memes? Do you share makeup tips from Instagram influencers every day? All of these things give cybercriminals clues that help them figure out your password. Simple, common, recycled passwords make a cybercriminal’s job easy if they’re using password cracking or credential stuffing too. Why? Based on an analysis of the data that we collected in 2020 with Dark Web ID, an overwhelming majority of passwords fit into one of 20 common categories. That allows cybercriminals to use huge lists of passwords stolen in earlier breaches to conduct future cybercrime operations. Almost 60% of employees use a person’s name or family birthday in their passwords, 33% include a pet’s name and 22% use their own name. On top of that, 49% of users will only change one letter or digit in one of their preferred passwords when required to make a new password. Don’t make it that easy for the bad guys.
Password Dos & Don’ts
Don’t reuse or recycle a password anywhere for any reason.
Do build strong unique passwords for every online account
Don’t make passwords that fall into a common category
Do make sure your password isn’t easy to guess
Use our Cybersecurity Risk Protection Checklist to find vulnerabilities before the bad guys do! GET IT>>
2. Put Everyone on the Security Team
Cybersecurity isn’t just a job for the perennially overtaxed and understaffed IT department. But that can be hard for employees to recognize, especially if they don’t consider themselves “tech people”. Unfortunately, that perception often leads to employees not engaging with security awareness training and not carrying the good cybersecurity practices that they learn over into their everyday actions. That expectation may also be at work on the executive end of the equation too. By not running regular training sessions or only giving a few employees training against certain threats, companies fail to utilize all of their human resources to keep an eye out for trouble. Internal blockers can also discourage employees from taking an interest in cybersecurity, a tragedy in a time when businesses need all the help that they can get. Eliminating those blockers will create a stronger security culture, making your business more cyber resilient.
3 Facts About Employee Security Attitudes
Just under 30% of employees fail to report cybersecurity mistakes out of fear.
A full 50% of employees don’t report clicking on a phishing email to avoid disciplinary action.
An estimated 60% of employees open suspicious emails for fear of misidentifying a message.
No employee should be afraid to ask for help around security issues. When employees fear losing their jobs because of a security mishap, small problems don’t get reported, giving them time to grow into giant disasters. Improved security awareness can also quickly reduce a company’s risk of malicious insider incidents. In a business with a healthy cybersecurity culture, employees feel confident that they can ask for help freely whether they just have a question, they made a mistake, they are unsure about something or think that they have spotted a phishing attempt, and that brings benefits that can’t be measured.
Security Culture Dos and Don’ts
Don’t threaten employees with termination if they make a security mistake
Do make it easy for employees to ask questions or get help around security
Don’t just make cybersecurity the IT department’s job
Do make every employee feel that they are invested in company security
Don’t fail to set policies that encourage smart security behavior
Don’t have one set of policies for employees and another for executives
Solve five of the most exhausting remote and hybrid security problems fast with this handy infographic! DOWNLOAD IT>>
Empower Employees with the Right Training and Tools
If you want your employees to protect your business from cyberattacks, they’re going to need a quality toolkit and the training to notice potential trouble spots. The power of security awareness training is immense, and it starts right away. In a UK study on the effectiveness of phishing simulations, researchers discovered that 40 – 60% of the surveyed employees were likely to open a phishing message at the beginning of the study. However, after about 6 months of training, the percentage of employees who took the bait dropped 20% to 25%. Even better, after 3 to 6 months more training, only 10% to 18% were likely to open a phishing message, a steep decline. Regular security awareness training clearly works. Having the right tools available is also essential. If you’re relying on old, clunky, hard-to-use tools for your day-to-day operations, you’re not only opening your business up to security risks from potential cyberattacks, you’re also making it hard for your employees to follow safe behaviors or take security seriously – and that can mean the difference between a crisis averted and a disaster landing on your doorstep.
3 Facts About Security Tools
One tool, multifactor authentication, stops 99% of password-based cybercrime
Automated email security catches 40% more phishing messages than conventional security or a SEG
Security awareness training reduces the chance of a damaging security incident by up to 70%
It’s not necessary for businesses to splash out cash on dozens of fancy security tools. Having too many security tools is just as bad as having too few. But it is essential that you provide the right tools and training to build a foundation for cybersecurity success. However, a stunning one in three small businesses with 50 or fewer employees relies solely on free or consumer-grade cybersecurity tools for protection. Even worse, an astonishing 60% of business leaders revealed that their companies didn’t have a cyberattack prevention plan in place at all and had no foundation for incident response. Give your employees the tools, training and support that they need to succeed and they will help keep your business safe in a stormy cybersecurity landscape.
Training and Tools Dos and Don’ts
Don’t use security awareness training as a punishment
Do run security awareness training at least 11 times per year
Don’t make employees afraid to lose their jobs if they report issues
Do make sure that everyone from the C-suite to the interns receives regular training
Don’t rely on a patchwork of old tools that make maintaining security more challenging
Do make it easy for employees to get help when they have a security issue
50% of IT pros do not believe their organization is prepared to repel a ransomware attack. Is yours? Build stronger defenses with the strategy in Ransomware Exposed. DOWNLOAD NOW>>
Trust Sensible, Affordable Solutions to Eliminate Security Problems
Choosing new solutions or creating an updated defensive plan can seem like a daunting obstacle, but it’s not a road that any business needs to travel alone. ID Agent can help businesses of any size #BeCybersmart. Our digital risk protection platform provides powerful protection from today’s biggest risks using innovative yet sensible solutions that won’t break the bank.
- Dark Web ID – Don’t let cybercriminals sneak into your network with a compromised credential. Get the power of 24/7/365 human and machine-powered intelligence on your side monitoring your employee passwords, business and personal credentials, domains, IP addresses and email addresses on the dark web to alert you to trouble fast!
- Passly – Add one superstar solution for secure identity and access management and gain an array of credential and intrusion protection tool like MFA, single sign-on, secure shared password vaults, simple remote management and more all at one low price.
- BullPhish ID – Protecting a business from cybercrime starts with security awareness training for everyone. Educate every user on how to spot and stop the latest threats including phishing, ransomware, compliance, password safety and more.
Contact an ID Agent solutions expert today to see how we can help you defend against cybercrime in a volatile world.
Use our Cybersecurity Risk Protection Checklist to find vulnerabilities before the bad guys do! GET IT>>
Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!
See our innovative, cost-effective digital risk protection solutions in action.
Contact us for an expert analysis of your company’s security needs and a report on your Dark Web exposure!