John Wallace, CISSP, member of the Global Security Sales Organization for Cisco, shared that businesses are now operating as integrated ecosystems. This expanded connectivity means increased chances for cyber criminals to disrupt critical infrastructure and global economies. As a cybersecurity advisor to the Global SMB Security Partner Sales Leader, Wallace is knowledgeable of the current cyber threat environment and shared his insights on CISA’s new online safety awareness program that the agency released for the 20th annual National Cyber Security Awareness Month (NCSAM). The program includes four key behaviors individuals and agencies can adopt to stay safe online: strong passwords and password managers, multifactor authentication (MFA), recognizing and reporting phishing, and updating software.
“Hackers are banking on employees reusing passwords,” said Wallace, so using strong passwords and password managers is essential.“ When an organization is hacked, hackers will reuse passwords across the web to see if they can access more valuable information.” Password management tools provide a way to store hundreds of passwords safely, so individuals never forget them and never need to repurpose passwords again.
Multifactor authentication (MFA) helps to secure online presence by verifying a user’s identity at login with two or more verification factors, such as push verification or facial recognition. For example, “MFA tools provide an extra layer of protection, even when a user’s credentials are compromised,” commented Wallace. “Whenever a user provides credentials to log into a platform, an autogenerated password is sent to the user’s cell phone or inbox to gain access. If someone tries to log in with their credentials and fails, many multifactor authentication programs will alert the user, so they can change their credentials and stay secure.” The added layer of protection ensures individuals and agencies protect their data and defend against potential malware, phishing, and ransomware attacks.
When mitigating phishing attempts, there are many tactics to consider. Wallace explained to “think before you click” and verify an email’s content before acting upon the message. The pause to process information may be the difference between protecting data and an organization’s systems. Additionally, it is essential to never share personal information or secure codes based on an email or text request. By making sure to avoid unknown senders by checking names and email addresses before responding or opening attachments, individuals can better protect against phishing attacks.
While many organizations may delay or ignore software updates necessary to protect against known vulnerabilities, this leaves an opportunity for threat actors “to gain a foothold in your data and agency data. If you don’t regularly update your environment, your software becomes vulnerable,” said Wallace. There are many ways to enforce software updates. One way Cisco is doing this is through the Network Resilience Coalition. This alliance is committed to ensuring that all networks are well-maintained and protected.
Through CISA’s four-step online safety awareness program, agencies can be better prepared to mitigate cyber threats. By using strong passwords and password managers, MFA, recognizing and reporting phishing, and updating software, individuals and agencies can protect their data and not be susceptible to vulnerabilities. To learn more about National Cyber Security Awareness Month and the online safety awareness program, click here.
