Skip to content
Analyst Insight: Download your copy of the Gartner® Hype Cycle™ for Security Operations, 2024 Report today! | Get Report
Blogs

Tips to #SecureOurWorld This Cybersecurity Awareness Month

 

This year marks the 20th anniversary of Cybersecurity Awareness Month. In recognition of the federal designation, we’re taking a closer look at cybersecurity recommendations from the Cybersecurity and Infrastructure Security Agency (CISA) and adding in a few of our own.

What can organizations do to better protect what they own?

CISA’s Recommendations

Cybersecurity Awareness Month aims to raise awareness about the importance of cybersecurity across public and private sectors. This year, CISA announced a new program, Secure Our World, focused on the proactive measures individuals can take everyday to protect themselves from cyber threats. You can check out CISA’s overview of the program here.

In addition to recommendations for individuals, CISA has shared basic steps that businesses can take to protect themselves from online threats. These should sound familiar. If you’ve overlooked a few, or if it’s been a minute since you’ve given thought to how these measures are enforced, now is a great time to revisit.

1. Teach Employees to Avoid Phishing

Though one of the oldest hacks in the book, phishing has stuck around for a reason: it continues to work. That’s why educating employees on what phishing is and how to avoid is critical. CISA recommends that companies train employees on how to spot the basic signs of phishing, emphasize the risks of a successful attack, and reiterate this messaging often. For good measure, organizations can also reinforce employee training with test phishing campaigns.

Check out CISA’s blog on tips to avoid phishing.

2. Require Strong Passwords

That’s right, we’re still talking about the need for strong passwords in 2023. But as with phishing, it’s for good reason. Hackers continue to see success when weak passwords are all that stand in the way of system access. Do the passwords your organization requires meet CISA’s standards? According to CISA, passwords should be:

  • At least 16 characters or longer
  • Random (mixed-case letters, symbols, and numbers)
  • Unique; used for only one account

Password managers should also be used to store and protect passwords, particularly when multiple employees need to access the same password for a shared tool. Password managers make it possible to share password information across the organization safely. Long gone should be the days of shared spreadsheets labeled “Passwords”.

3. Enforce Multifactor Authentication

Strong passwords are important, but CISA recommends that organizations also use Multifactor Authentication (MFA) to verify user identify. MFA tools typically send push alerts or text messages with unique codes that employees must then validate before login is complete. CISA advises that MFA be used throughout an organization as widely as possible, with particular focus on systems that are frequent targets of attacks, like email, file storage, and VPNs. Organizations can go a step further to protect themselves with Phishing Resistant MFA, which involves the use of an external security key to prove identity. You can learn more Phishing Resistant MFA here.

4. Update Business Software

Updating business software is another basic security hygiene practice that can get overlooked when employees don’t receive adequate training and security teams don’t follow up. Teams should enable automatic updates whenever possible, and regularly educate employees on the importance of software updates, particularly if employees are working remotely.

CISA also recommends that businesses make an inventory of authorized hardware and software to identify and remove any unsupported and unauthorized assets. Which leads us to a few tips of our own…

Other Considerations to Keep in Mind

5. Know What You Own

You can’t protect what you can’t see! Security teams that lack visibility into the entirety of their attack surface are at a disadvantage against threat actors. Research finds that nearly 7 in 10 companies have experienced at least one attack on unknown or unmanaged assets. External Attack Surface Management solutions can provide the automated, continuous visibility into the full attack surface (including unknown assets) that teams need to successfully monitor and manage what they own.

6. Remember: “Good Data” Isn’t Good Enough

Your security tools are only as effective as the internet intelligence that powers them. Many security teams overlook exposures and threats because they rely on disparate, inaccurate data streams that waste critical time with low quality data and false positives. If your security team frequently spends time sifting through false positives, or lacks a complete view of its threat landscape, consider if your internet intelligence is truly superior.

Superior internet intelligence is:

1.) Complete (as in, data is based on multi-perspective scanning with global coverage)

2.) Accurate (false positives and negatives are kept to a minimum)

3.) Contextualized (data is labeled and easy to filter)

Check out this blog post for more insight into how to assess your data.

 

You can find more information about Cybersecurity Awareness Month from CISA here

Interested in learning how Censys can help support your cybersecurity strategy? Reach out to us

 

Let’s Connect

 

About the Author

Rachel Hannenberg
Senior Content Marketing Manager
As the Senior Content Marketing Manager at Censys, Rachel Hannenberg focuses on creating content that engages and informs the Censys community. Rachel has worked in marketing content strategy for nearly a decade, including at B2B SaaS companies and in higher education.

Similar Content

Back to Resources Hub
Attack Surface Management Solutions
Learn more