As Cybersecurity Awareness Month (CAM) 2022 draws to a close, members of the C8 team share their own insights. The team draws on what they have seen and heard during a busy CAM whilst working alongside C8’s roster of excellent cybersecurity companies, sharing top tips, useful links, and personal anecdotes to help you protect yourself and your organisation.
Don’t get angry about cybersecurity education exercises; get vigilant!
Helen Hopper – Associate Copywriting Manager
A friend recently ranted to me about an in-house anti-phishing test email that was “too good”, in that the only way to spot that it wasn’t a genuine email from HR was by hovering over one of the many links and noticing that it said, “don’t click this”. My friend was angry that they had been duped by their company’s cybersecurity education programme, which they felt was deliberately trying to catch them out. But that’s the point really, phishing emails are extremely sophisticated, and they are deliberately trying to trick you. Better to be “caught” by your employer and become more vigilant than to actually fall for a phishing attempt.
Phight the Phish!
Ameesha Patel – Senior PR Executive
This year’s cybersecurity awareness month has really emphasised personal accountability and the importance of taking proactive steps to enhance security at home as well as the workplace. It comes as no surprise to me mail continues to be the most common attack vector to gain initial access in ransomware attacks. We are even seeing a rise in Business Email Compromise attacks, in which threat actors take a page out of the old psychology textbook, sending emails from fake senior staff with a sense of urgency to invoke and prey on the recipient’s fear…
Anyone can be sent a phishing email so you should never let your guard down. Take a moment to process the contents of your emails before opening and help those that aren’t as computer literate. The most effective method is to make sure to not click on emails you may think are harmful – these could include those marked as flagged, high importance, or those with attachments. Hover over the email to check the sender, even URLS and logos can be spoofed!
The first and last line of defence against phishing is the employees themselves so let’s #PhightthePhish together!
The Password: The First Defence
Liam Hodgson – PR Executive
This month’s theme of ‘See Yourself in Cyber’ is a smart way to highlight personal responsibility for your cyber protection. As we continue to move more of our lives online, one of the easiest ways you can protect your personal information is through a good, solid password. I think we’re all guilty of choosing a memorable password, which could be as easy as your favourite colour (you know what that is, and that’s what’s important, it’s your password, right?). However, the easier the password is, the easier it is for bad actors to access your information and utilise it for their own gain.
A top tip I’ve learned this month is to remember these three words: long (at least 12 characters), unique (try to create a new password for each account), and complex (combination of upper- and lower-case letters, numbers and special characters). Easy to remember and easy to apply, perfect!
Myth busting Cyber Scaries!
Natalie Young – PR Executive
I loved the Cybersecurity Awareness Month blog from BlueVoyant this year. The author likens cybersecurity to a spooky Halloween scare and works to dispel the myths surrounding internet threats. It discusses the cyber secure stances which ensure cyber threats aren’t as scary as we think.
Myth 1 is that hacking is easy – but hacking is largely carried out by cyber professionals who have researched a target, usually, over an expanse of time. So, with a strong security posture, you increase the hack difficulty level. Myth 2 is that once compromised, nothing else matters. However, security practices such as multi-factor authentication and changing passwords are still the most effective way to stay protected. Myth 3 is that it doesn’t matter if someone is hacked because they have nothing to hide. However, the key issue here is that we exist in an ecosystem of interconnected networks and if one is breached it has implications for the wider group. So, make sure everyone in your network has brushed up on their cyber hygiene and there will be no need for a cyber threat actor to haunt you this Halloween!
Jim Pople – PR Director
With such an emphasis on mental health at the moment – and rightly so – I found this piece from Owen Hughes in ZDNet, discussing the findings from a Mimecast survey that one-third of professionals are considering leaving their roles in the next two years, both illuminating and concerning. With data breaches and cyber-attacks only increasing, the fact that cybersecurity professionals are reaching their breaking point demonstrates that not enough is being done to support them. This will likely have a snowball effect, as companies struggle to make sense of the avalanche of data, and do not have the funds to outsource cyber expertise externally. As the article suggests, this is also making it more difficult to attract talent into an industry that needs it more than ever.
Yes, this month is about YOU
Megan Mackintosh – Senior PR Executive
The cybersecurity industry moves very quickly as attackers find more vulnerabilities, tactics and even new cybercrime business models to take advantage of. Cybersecurity Awareness Month is the opportunity for the industry to communicate its key pieces of advice to the rest of us, employees working outside of IT teams but still operating within businesses that could very well be the target of an attack.
My top tip for Cybersecurity Awareness Month is simply to pay attention. As customers and as employees, good cyber hygiene is an essential part of modern life and it is easy to forget how intertwined we all are in keeping safe the data of our loved ones, our colleagues and those customers, clients, and partners who put their trust in us to protect their networks in turn. No one is above improving their personal cybersecurity habits, so when the industry’s experts distil their year of threat intelligence and research into four simple tips for us all to follow – make sure to listen.