Fitting in with the theme of scaring us on Halloween, October is National Cybersecurity Awareness Month, a period in which we recognize the ever-increasing threat of cybercriminals and remind ourselves of the best practices to prevent cybercrime from occurring.
The history of Cybersecurity Awareness Month
National Cybersecurity Awareness Month was founded in 2004 as a collaboration between the private and public sectors to recognize the ongoing challenges businesses and critical infrastructure face from cybersecurity threats, domestic and foreign. Law enforcement, education, healthcare and the energy sector — are all targets for cybercriminals.
Calling attention to the need for greater cybersecurity: The Colonial Pipeline hack of 2021
A recent large-scale cyberattack on the Colonial Pipeline in May 2021 highlighted the increased need for cybersecurity in American life. During this attack, a major pipeline that supplies roughly half the fuel for the entire East Coast became a target for ransomware and the stealing of company information. In response, the pipeline was shut down, which influenced panic buying of sizeable amounts of fuel. Colonial Pipeline was the largest publicly disclosed cyberattack on critical infrastructure in U.S. history.
The attack occurred because a password for a VPN service was compromised, highlighting the need for vendors and employees to practice creating strong, unique passwords.
The National Institute of Standards and Technology proclaims four areas as the subject for 2022
According to the National Institute of Standards and Technology (NIST), the focus this year is on four areas:
- Multi-factor authentication. You're probably using some accounts that have encouraged you to use multi-factor authentication to help protect them. This means using another device such as a phone or tablet in tandem with a password to verify your identity. Typically, you're texted or emailed a code you need to enter after inputting your password. Because the service provides the code on a separate account or phone number, it's far less likely for a cybercriminal to break into your account, even if they have your password.
- Strong passwords in conjunction with a password manager. Strong passwords contain a variety of upper- and lower-case letters, numbers and special characters. They should not include any words found in a dictionary or personal information such as your name, email address or birthdate. Your passwords should be unique across different accounts and kept secure with a password manager, which will manage them for you with one master password.
- Update software, especially security software. The apps and software you use across all your devices need to be updated regularly to reduce the risk of security breaches. Many software utilizes these updates to patch security holes in their code. Security software is especially important to keep updated because it's constantly looking for new threats and adapting to prevent potential attacks.
- Recognize and report phishing. Noticing phishing attacks can be difficult, as they're often extremely well disguised to look exactly like a legitimate email. However, there are some differences you can spot. These can include urgent calls to action that threaten something bad if you don't click on a link provided, such as the closure of an account. Poor spelling and grammar are also signs of a phishing attack. Emails that don't address you using personal information can be a giveaway, such as if it opens with "Dear customer" or "Dear employee." Suspicious senders are also important to notice. If an email claims to be from Google and the address contains something like "user.google.com" then it may not be legitimate. If you receive an email from someone that looks suspicious and you're not sure if it's real, contact them via another means and ask — do not reply to the email.
How we learn from our mistakes: white hat vs. black hat hackers
Part of Cybersecurity Awareness Month is recognizing the efforts of "white hat" hackers, who work to improve cybersecurity for anyone who hires them.
Not all hackers are malicious actors trying to cause damage. Many businesses and public entities hire hackers who are termed white hats. These are individuals who try to break into systems with the aim of pointing out security flaws in them and explaining to businesses that hire them where cyberthreats are likely to come from.
Contrast white hat hackers with black hat hackers. The former hack legally and for noble causes — but black hat hackers are stereotypical cybercriminals. Black hat hackers are trying to steal personal information and company data for profit or sport. Like white hat hackers, they too find vulnerabilities in corporate networks but don't tell the business when they've found issues. Instead, they exploit them, intentionally causing as much damage as possible.
The white hat hacker aims to find holes in a company's cybersecurity before a black hat hacker finds them first.
Keep your systems safe year round
Cybercriminals don't take the rest of the year off. While November is Cybersecurity Awareness Month, without constant vigilance from cybersecurity professionals, we would have no chance of keeping up with bad actors' attacks on government, infrastructure and private entities. This year, the focus is on just a few good practices when it comes to cybersecurity, but there's a world of information out there on how to keep you and your business safe from cybercrime. This month and every month after, stay educated on how to prevent cyberattacks to keep your personal and company data safe.