National Cybersecurity Awareness Month is an important holiday for everyone - from users to security advocates, it’s a time to reflect on the importance of security awareness and why resources (like KnowBe4) advocate security awareness training. It’s essential to always be aware of any potential cybersecurity threats no matter what month it is. Here at KnowBe4, we’re committed to give you this month's security resources and tips and tricks to teach your users and to utilize in your own best practices.
Free Resource Kit
This month, we’re going all out with free resource kits and some surprises for you to pass along to your users! With this year's kit, we’re partnering up with our friend Captain Awareness to provide free training, a sample training plan, infographics, videos, and more for you to share with your users during the month of October. Get your kit today!
Cybersecurity Awareness Tip of the Day
Each day, our good friend Captain Awareness will be providing a tip and trick to pass along to your users. Here is the list we have so far:
- Don't click on direct links (in emails, text messages, etc.), especially those that are asking you to enter sensitive information. It's best to go directly to the source.
- Don't respond to phone requests asking for personal or financial information. If you are concerned, find the correct number and call the organization yourself.
- Don't overshare on social media. These details can provide hackers with your location, ammunition to craft spear phishing attacks, and answers to security questions. Think before you share!
- Don’t go “out of bounds” for comms. E.g. if you’re buying something on ebay, and the other party wants to negotiate via email instead of the bidding system.
- Look out for emails which claim to have your password and say they’ve seen you visit bad websites, or recorded you in compromising positions.
- Be skeptical of any request to change banking or wiring instructions, even if from a trusted person who you regularly conduct business with. Always verify before following through by calling the person using a previously discussed phone number.
- Never reuse passwords between any website or service
- Always be skeptical of any unexpected invoice, or request to get or pay for anything by using gift cards.
- Create policies which require people getting unexpected requests for payment or changes in payment information to first verify by directly calling the person using a previously trusted phone number.
- Never answer authentication recovery questions (e.g. What is your mother’s maiden name?) with real answers. Try to avoid altogether, but if forced to use, don’t use real answers. Treat each question and answer as a sort of password (e.g. frogdog65). Sadly, that means you’ll have to write down each question and answer for each website that requires them, but you’ll be far less likely to have your account hijacked.
- Patch your computers and applications in a timely manner, focusing most on browsers, browser add-ins, and operating system software for clients and web server software, databases, and server management software on servers.
- Microsoft never proactively calls you to help you with a virus on your computer.
- Avoid Smishing (SMS phishing) by treating messages the same way you would treat email, always think before you click!
- Remember, debating what your password policy should be only impacts less than 1% of the overall risk of your organization being compromised by a malicious intruder. Worry more about mitigating social engineering and unpatched software. They account for 70% to 90% of all malicious data breaches. - via Roger Grimes
- The Australian Tax Office (ATO) will never ask you to pay for anything with gift cards. NEVER EVER!
- It is ok to speak to (confirm with) an email sender’s request to transfer that $30,000 by the end of the day, even if it is your boss. Better to be safe than sorry.
- Know who to report any suspicious emails to at your workplace. Don’t delete the email - report it.
- Invest in a password management tool - ain't nobody got the time to remember all those passwords!
- Hackers are humans motivated by the same things that us non-hackers are. Pay attention!
- Be vigilant with suspicious SMSs. Your bank will NEVER ask you to access your account from an SMS.
- If you receive a call from an insurance company wanting to discuss the car accident you had three months ago - HANG UP - it’s a scam.
- You are unique - there is only one of you. Protect your important data by practicing safe cybersecurity.
That's all of our tips for NCSAM 2019!
Does Your Domain Have an Evil Twin?
Our Domain Doppelgänger tool makes it easy for you to identify your potential “evil domain twins” and combines the search, discovery, reporting, and risk indicators, so you can take action now. Plus, if you're in the US or Canada, you’ll be entered for a chance to win two pairs of Beats Studio3 Wireless Headphones, one for you and one for your doppelgänger! Find out more and enter here: https://info.knowbe4.com/domain-doppelganger-102019
We recently had a Facebook and Twitter live with Security Awareness Advocates Erich Kron and Roger Grimes!
You can also find us at the following events this month:
- CyberCon 2019 in Melbourne, Australia
- It-Sa 2019 in Nuremburg, Germany
- CISO Summit in Seattle,
- WA Cyber Awards in Perth, Australia
- Gartner IT Symposium in Orlando, FL
- FL Cyber Conference in Tampa, FL
Happy National Cybersecurity Awareness Month from all of us at KnowBe4! Be sure to mention @KnowBe4 on