Trustwave Adds a Twist to Cybersecurity Awareness Month: More Security!

September 30, 20243 Minute Read

October 1 marks the start of Cybersecurity Awareness Month and traditionally Trustwave has discussed the general security concepts highlighted by the Cybersecurity and Infrastructure Security Agency (CISA), and National Cybersecurity Alliance (NCSA). However, this year Trustwave will take a slightly different approach. In the same vein that one can never have too much cowbell, Trustwave believes there is no such thing as too many security tips.

With this in mind, Trustwave is not satisfied with just discussing CISA's and the NCSA's 2024 themes, which are:

• Use strong passwords and a password manager
• Turn on multifactor authentication
• Recognize and report phishing

• Update software

While we note that all these topics are extremely important to maintain good cyber hygiene - and we will cover those topics in this blog - our experts believe that there are three crucial topics missing from the 2024 list:

• Managed Detection and Response (MDR) - Become aware of how an MDR program will protect your organization
• Offensive Security - Be aware of how Offensive Security and Active Defense are beneficial
• Microsoft E5 - Become aware of the security benefits of E5

We will dive into the first of these topics starting on October 7 and one per week for the rest of the month, but let's cover this year's official security issues first.

2024 Cybersecurity Awareness Month - The Basics

Recognize & Report Phishing

To stay safe from phishing attempts, it's crucial to recognize common signs. Be wary of urgent or emotionally charged language, especially messages that threaten dire consequences if you don't respond immediately. Requests for personal or financial information, untrusted shortened URLs, and incorrect email addresses or links (like amazan.com) are red flags. While poor grammar and misspellings used to be common indicators, the rise of AI means some phishing emails now have perfect grammar and spelling, so it's important to look out for other signs as well.

If you suspect phishing, resist the urge to click on links or attachments that seem too good to be true, as they may be attempts to access your personal information. Instead, report the suspicious message to protect yourself and others. You can usually find reporting options near the sender's email address or username or use the "report spam" button in your email toolbar or settings.

Finally, delete the message without replying or clicking on any links, including "unsubscribe" links. Just delete it to stay safe.

Use Strong Passwords

To create a strong password, it's essential to follow three key tips. First, make your passwords long-at least 16 characters, as longer passwords are generally stronger. Second, ensure they are random. You can achieve this by using a random string of mixed-case letters, numbers, and symbols, such as "cXmnZK65rf*&DaaD" or "Yuc8$RikA34%ZoPPao98t." Alternatively, you can create a memorable passphrase consisting of 4 to 7 unrelated words, like "HorsePurpleHatRun" for a good passphrase, "HorsePurpleHatRunBay" for a great one, and "Horse Purple Hat Run Bay Lifting" for an amazing one.

Security.org has a helpful password-strength tool to test your password's strength. Please remember, if you choose to check your password's strength, make sure only to use a trustworthy tool. Otherwise, you may well be giving your password to a threat actor who might quickly put it to use or place it into a password dictionary.

Turn On MFA

To turn on Multi-Factor Authentication (MFA) for each account or app, start by going to the settings, which might be labeled as Account Settings, Settings & Privacy, or something similar.

Next, look for the option to enable MFA, which could also be called two-factor authentication or two-step authentication. Once you find it, turn it on and select your preferred MFA method from the options provided. These options might include receiving a numeric code via text or email, using an authenticator app that generates a new code every 30 seconds, or using biometrics like facial recognition or fingerprints to confirm your identity.

Update Software

To keep your software up to date, follow these three simple steps: First, watch for notifications from your devices about updates for operating systems, programs, and apps, and make sure to install all updates, especially for web browsers and antivirus software.

Second, install updates as soon as possible when notified, particularly critical ones, as malicious online criminals won't wait.

Finally, turn on automatic updates so your devices can install updates without any input from you as soon as they become available. To enable automatic updates, check your device's settings under Software or Security, and search for "automatic updates" if needed.

Don't forget to stay tuned for our additional coverage in the coming weeks.

2024 Election Threats: Misinformation, Deepfakes, and Cybersecurity

Trustwave SpiderLabs' Red Team Flight Tests Microsoft Copilot

FINRA Warns of Rising Risks as Third-Party Cyberattacks Threaten Financial Services