National Cybersecurity Awareness Month Resources

Protecting yourself online is more important, and difficult, than ever. Cybercriminals are constantly honing their techniques in hopes of accessing your data. Luckily, Results Technology works hard to stay a step ahead.

To chip in towards the goal to Secure Our World, we want to provide the resources you need to keep you safe. Please take advantage of the information below or reach out today for an IT risk assessment.

Get a Consultation Call Us: (877) 435-8877

About National Cybersecurity Awareness Month

In 2004 the President of the United States and Congress announced October as Cybersecurity Awareness Month. This action was taken to stress the importance of staying secure online and spark partnerships between the public and businesses within the industry to tackle the evolving threats to our data privacy.

Please take a moment to listen to the message from Jen Easterly, Director of the Cybersecurity & Infrastructure Security Agency, then check out our resources below to do your part to Secure Our World!

Secure Our World Tip Sheets

Recognize & Report Phishing – Dos and Don’ts for Safe Link-Clicking

Here are all the most important tips for better email security.

Do Verify the Sender

Always verify the sender’s email address before clicking on any links. Look for inconsistencies or unusual domains that may indicate a phishing attempt. Remember, cybercriminals often use email addresses that closely resemble legitimate ones.

Do Hover Over Links

Before clicking on a link, hover your mouse over it to see the actual URL. This simple step can reveal malicious links disguised as legitimate ones. If the URL looks suspicious, don’t click it.

Do Use Enterprise-Level Content Filters

Content filters block malicious urls and use advanced threat protection licensing on their intrusion prevention systems. These tools can help identify malicious links, adding an extra layer of security to your online interactions.

Do Report Suspicious Emails

If you receive a suspicious email, report it to your IT department immediately. Quick reporting can help prevent the spread of phishing attacks within your organization and boost email security, protecting both your colleagues and sensitive data.

Don’t Click on Links in Unsolicited Emails

Avoid clicking on links in unsolicited emails, especially those requesting sensitive information or urgent actions. Legitimate organizations will not ask for confidential data via email.

Don’t Rely on Appearance Alone

Don’t assume a link is safe just because it looks legitimate. Cybercriminals are skilled at creating convincing emails and websites. Always verify URLs before clicking.

Don’t Download Attachments from Unverified Sources

Be cautious when downloading attachments from unknown or unverified sources. Attachments can contain malware that infects your system once opened. If you’re unsure, verify the sender before downloading.

Don’t Ignore Your Gut Feeling

Trust your instincts. If something feels off about an email or link, don’t click. It’s better to err on the side of caution than to fall victim to a phishing attack.

Use Strong Passwords

Creating a strong password for new accounts can be tricky, so many people resort to password repeating. In fact, Google found that 52% of people reuse the same password for multiple accounts. The issue with password repeating is how easy it makes it for cybercriminals to gain access to all of your accounts if they manage to crack just one password.

To combat this, you should use a different and strong password for each account and enable multi-factor authentication (MFA) where possible. MFA adds an extra layer of security by requiring you to confirm your identity with a second factor, such as a code from a mobile app or a hardware token.

You can also use a password manager to generate and store strong passwords for you. This means you only need to remember one master password, and the password manager will do the rest.

Turn On Multi-Factor Authentication (MFA)

Here are the most common methods of Multi-Factor Authentication. These are listed from the weakest to the strongest options.

(1.) Email Code. The application sends a code to your pre-registered email address. The code must be entered within a limited window of time.

Costs: No costs, but the end user must have access to the designated email account at login time.
Why is this secure? This adds an additional factor for authentication with a limited time code. This method doesn’t require any special device or application.
What are the potential problems?
- Email accounts are vulnerable to hacking so the code could be captured as well.
- If the email account is compromised, the hacker doesn’t need any special device or application either.
- Email should be protected by MFA as well, so you need another way to add multi-factor authentication to the email account.

(2.) Text Code. The code is texted to your registered mobile phone number

Costs: This is a cheap and easy option because almost everyone has a text-capable phone.
Why is this more secure? The application sends a limited time code to a specific mobile phone device held only by the user via text message. A lost phone is easier to identify and report than a hacked email account.
What are the potential problems? SIMM swapping is a known way for hackers to capture texts from mobile phones, but is still much less common than email hacking.

(3.) Mobile App. The code is accessed from a dedicated mobile app.

Costs: There may be a monthly cost for the app. RESULTS Technology prefers Duo. With Duo’s mobile app, you can store TOTP (Time-based one-time passwords) codes on the app and establish push notifications with many products. If there’s no Duo integration for your app, it can be easily manually added to Duo. Some apps (like Google Authenticator) are available at no cost, but may have limited scope. Google Authenticator only supports TOTP seeds and won’t work with products that don’t use the TOTP method.
Why is this more secure? With the addition of a mobile app, the SIMM swapping problem is eliminated. A hacker would have to have physical access to both your phone and credentials for the app to access the code.
What are the potential problems? The end user must have a smart phone capable of running the app.

(4.) Hardware Token. The code comes from a hardware token that displays a time sensitive code or can be plugged into a USB port.

Costs: There is an upfront cost to purchase the tokens and management software.
Why is it more secure? Tokens are owned and managed by your company and don’t rely on end-user phones. Hackers would need physical access to the token to make use of them.
What are potential problems? No token, no login without IT support!

Biometrics (finger print or facial recognition) can be added to any of the methods above to enhance security, but is not strongly secure as implemented on phones and laptops It can be a convenience and often better than remembering and entering a really complex password, but typically does not count toward MFA by itself.

Update Your Software

Keep Software Up to Date with Three Simple Steps:

1. Watch for notifications

Our devices will usually notify us that we need to run updates. This includes our devices’ operating systems, programs and apps. It’s important to install ALL updates, especially for our web browsers and antivirus software.

2. Install updates as soon as possible

When notified about software updates, especially critical updates, we should be sure to install them as soon as possible. Malicious online criminals won’t wait, so we shouldn’t either!

3. Turn on automatic updates

With automatic updates, our devices will install updates without any input from us as soon as the update is available—Easy!

To turn on the automatic updates feature, look in the device’s settings, possibly under Software or Security. Search settings for “automatic updates” if needed.

(Source: https://www.cisa.gov/secure-our-world/update-software)