CISA’s New Secure Our World Initiative

Cybersecurity awareness month is held every October to raise awareness about cybersecurity and promote online safety. Since 2004, this campaign has been educating individuals, businesses and organizations about current threats and the best practices for safeguarding sensitive information. Government agencies, private companies and cybersecurity experts collaborate to provide resources, guidance and information on preventing cyber threats like phishing, malware, data breaches and identity theft.

Many activities are held during cybersecurity awareness month, including webinars, workshops and public service announcements designed to empower people with the knowledge and tools to improve their online security. The month serves as a reminder that cybersecurity responsibilities extend beyond IT professionals to everyone who uses the internet.

This year, the Cybersecurity & Infrastructure Security Agency (CISA) launched the Secure Our World initiative as part of its cybersecurity awareness month campaign. This awareness-raising program will be an ongoing campaign to encourage individuals and businesses to understand threats better and use cybersecurity best practices. CISA emphasizes four steps businesses can take to improve cybersecurity:

1. Train Employee About Phishing Danger

An online attack usually begins when someone clicks and downloads a malicious attachment from an email, direct message or social media post. Phishing attempts can result in stolen passwords, which criminals can use to log into sensitive accounts and steal data or money. Additionally, phishing can result in users unwittingly downloading malware or ransomware that damages systems.

To help employees avoid phishing attacks, CISA recommends businesses identify training resources and train employees on how to spot phishing, alert employees to the risks of phishing attacks and develop a culture of awareness at the workplace.

2. Implement a Strong Password Policy

Cybercriminals regularly target small and mid-size enterprises (SMEs), and stolen or weak passwords are a common entry point. By implementing intelligent employee password practices, SMEs can ensure a safer workplace.

CISA recommends that firms require passwords that are:

  • Long: At least 16 characters (even longer is better).
  • Random: A string of mixed-case letters, numbers and symbols, or a passphrase of five to seven random words.
  • Unique: Used for only one account.

In addition, SMEs should provide an enterprise-level password manager for employees and require default credentials to be changed on software and hardware products.

3. Deploy Multifactor Authentication

Using passwords alone does not always protect an organization’s data and systems adequately. Multifactor authentication (MFA) requires a second step to log in; for example, using a code sent to your phone. By requiring MFA, an organization can protect itself against many account compromise attacks. Regarding MFA, companies should require MFA wherever possible, use the strongest level of MFA and educate employees about the benefits of enabling MFA.

4. Regularly Update Software

Out-of-date software poses a significant risk to businesses. Software vulnerabilities are exploited by criminals to steal sensitive data. Many software updates are created to patch these vulnerabilities. To keep ahead of vulnerabilities, CISA recommends businesses use automatic updates for all operating systems and third-party software, replace unsupported operating systems, applications and hardware, and train employees on how to update devices and software.

Cyber criminals are always looking for easy targets online. A business that fails to take these precautions is asking for trouble.

MBL Technologies provides comprehensive cybersecurity services for long-term, sustainable solutions that address every facet of the evolving threat landscape. We help you boost your cybersecurity posture and implement cybersecurity best practices at your organization. Contact us today to learn more.

Learn more about our diverse set of technology services for the federal and commercial markets.