Strengthening Your Digital Armor

What everyone should know about professional digital security moving forward.

In today’s hyper-connected world, where ‘data is the new gold’ and cybercriminals are growing more sophisticated by the day, Cybersecurity Awareness Month 2023 takes on a particular significance.

A lot of cybersecurity news is about data breaches and ransomware, and it can be overwhelming. Cybersecurity Awareness Month is a chance to provide some positive direction, and it reminds us that there are all kinds of ways to keep your data protected. As the month, now in its 20th year, begins, it’s more important than ever for businesses to be involved with their cybersecurity.

Officially, the National Cybersecurity Alliance is focusing on four key behaviors: using strong passwords and a password manager; turning on multifactor authentication; recognizing and reporting phishing schemes; and updating software.

Here’s how you can incorporate those suggestions into your policies and business plans:

Review and Update Your Organization’s Cybersecurity Posture 
In the face of evolving cyber threats, complacency is the enemy of security. Regularly reviewing and updating your organization’s cybersecurity posture is paramount. Cybersecurity Awareness Month serves as an opportune reminder to assess your current defenses, identify vulnerabilities, and implement the latest security measures to stay ahead of potential threats.

Create and Use Safe Passwords (not just ‘strong’ passwords) 
While you might be familiar with the term ‘strong password’, the importance of ‘safe passwords’ is more crucial. Safe passwords are not just complex; they are unique and resistant to common forms of attacks like password spraying and credential stuffing. Tips for creating safe passwords include:

• Avoid using easily guessable information like birthdays, single words, and company names.
• Choose a unique password for each account – don’t reuse your password over and over again, even with small changes each time.
• Use a password manager. Unique and complex passwords remain the best way to keep all of your digital accounts safe. Happily, today, If you use the latest tools, you don’t need to rack your brain at every login screen. You just need to remember the one password that unlocks your password manager vault.
• Organizations should screen both internal and external usernames and passwords for compromised credentials. According to the 2023 DBIR, stolen credentials are the leading attack vector, and 49% of breaches leveraged stolen credentials for initial access to an organization’s systems.

Use Multifactor Authentication (MFA)
While MFA doesn’t enhance security or lessen the risks of compromised passwords, it can act as compensating control against threats based on credential vulnerabilities. It adds an extra layer of security by requiring users to provide several different forms of identification. However, it’s important to remember that MFA is often dependent on a password as the first factor. Therefore, even with MFA, the strength and safety of the initial password are critical.

MFA requires that at least two types of authentication methods are used. These methods are categorized into three divisions: something you know, something you have, and something you are. If a password—something you know—is used as the first type of authentication, the second should be from either of the other categories—something you have, or are. “Have” might include your phone, a USB device, or some other token; “are” might include a scan of your fingerprint or facial recognition.

If possible, implement multi-factor authentication as a supplementary control for any account that permits it, from bank accounts to social media.

Realize (and accept) Humans are the Weakest Link

According to Verizon’s 2022 DBIR, 82% of data breaches involved a human element. Combined with the fact that over 70% of users actively admit to reusing their passwords, you can see why we might be facing a compromised credential problem. When users choose weak or reused passwords for both their personal and professional accounts, it makes it easy for threat actors to move laterally. For example, from someone’s social media account to their bank account, and then to your organization’s proprietary data, payroll, and operations.

While we can’t do much to transform human habits overnight, the first step is accepting that humans are fallible. In order to systematically address the issues with passwords, businesses can scan for compromised credentials. Screening passwords against a blacklist of data will show a business if any user credentials are compromised, and allow them to take defensive actions. Try Enzoic for Active Directory Lite, a free password auditor, to see how urgent the problem really is.

As we celebrate Cybersecurity Awareness Month 2023, take the opportunity to enhance your digital defenses. In the relentless cat-and-mouse game between threat actors and cyber defenders, having a modern-day authentication security system for your business is non-negotiable. Cybercriminals are more sophisticated than ever, employing advanced tactics to breach organizations and steal identities. Modern authentication solutions leverage technologies like biometrics and adaptive authentication to stay one step ahead of cyber threats.

In the same vein, passwords and credentials can become unsafe due to a variety of factors, including data breaches, weak encryption, or phishing attacks. It’s imperative to screen user credentials on an ongoing basis so that your security team can remediate by locking a password or forcing a reset.

Review your organization’s cybersecurity posture, prioritize safe passwords, implement MFA where possible, and invest in modern authentication security. By taking these steps, you can protect your data, your reputation, and your organization’s future.