This Cybersecurity Awareness Month, Don’t Lose Sight of Human Risk

This Cybersecurity Awareness Month, Don't Lose Sight of Human Risk

This month we celebrate the 20th anniversary of Cybersecurity Awareness Month — a dedicated time for industry, government, academia, and nonprofits to come together and raise awareness about the importance of cybersecurity for everyone.

Since its creation, Cybersecurity Awareness Month has grown from a national US initiative to a global movement that educates individuals and organizations about best practices and promotes a culture of cybersecurity. By dedicating a specific month to awareness, the industry encourages proactive measures, knowledge-sharing, and collective responsibility — ultimately helping more people envision their roles in cybersecurity and in making organizations and the world safer.

Cybersecurity knowledge-sharing is particularly important, as human risk has become one of the strongest vectors that modern security organizations must contend with. Today it accounts for more than 80% of cybersecurity incidents. Companies must find an effective way to uplevel cybersecurity education across the entire organization — not just within their security teams — if we hope to strengthen our collective security postures.

Read on to learn how technology can help security teams drive greater results, and explore key behaviors to focus on when spreading cybersecurity awareness across your organization.

4 User Behaviors to Emphasize In Cybersecurity Education Materials

At its core, cybersecurity awareness is about managing human risk. Companies can help advance this mission by providing cybersecurity education and skilling resources across their organizations. Education can include tips ranging from the fundamentals of cyber hygiene to day-to-day behaviors, such as identifying and avoiding tech support scams, advice on improving data and device security practices, and more.

In honor of Cybersecurity Awareness Month, here are the top four areas that Microsoft recommends focusing on to advance employee education and “cyber smartness.”

Enabling Multifactor Authentication

Multifactor authentication (MFA) can protect against 99.2% of attacks by offering stronger security than traditional passwords. As such, it’s an incredible tool in the average employee’s arsenal to uplevel security practices across your organization. We recommend periodically reminding users to enable MFA measures, such as biometrics or single-use codes, across their devices, apps, and account settings.

Strengthening the Sign-In Process

Along the same lines, it’s important to remember that hackers don’t break in. They sign in. If passwordless authentication is not an option, encourage employees to create stronger passwords using their browser’s password generator. Length matters more than complexity here, so any passwords created should be at least 12 characters long. A password manager can be particularly helpful in tracking all current passwords.

Updating Software

Keeping software current with the latest security updates and patches is a vital step in protecting Internet-connected devices. On the individual user level, employees should be encouraged to set up automatic software updates to decrease the risk of vulnerabilities that can lead to ransomware and other malware. Likewise, consider creating an educational pamphlet that teaches employees how to check privacy and security settings against your desired level of information-sharing any time they register a new account, download an app, or acquire a new device.

Recognizing and Reporting Phishing

Finally, phishing scams are a significant threat vector that criminal actors leverage to infiltrate networks and steal sensitive data. Employees should be educated on best practices to avoid phishing scams, such as checking the sender’s email address for verifiable contact information or an unrelated sender address and verifying the sender before clicking on links or opening email attachments. 

While the above tips are focused on changing user behaviors, technology has a role to play, too. Innovation is critical in creating new efficiencies for already overburdened security teams. By embracing leading technology advancements, such as generative AI, security teams can simplify complex toolsets and surface deeper insights across their entire data estates to better monitor threat activity in real time. This combination of leading technical innovations and broader user education can help empower security teams to streamline workflows and focus more of their time on the day-to-day work of cyber defense.

We invite you to leverage cybersecurity awareness not only this month, but all year round, to make sure everyone in your organizations is empowered to be cyber smart and assume a role in fighting cyber threats.