October marks cyber security month, an opportunity for businesses and organizations to reflect on their current cyber security practices, consider the current threat landscape, and plan for meaningful change. Below are the four areas of emphasis for 2025:
Teach Employees to Avoid Phishing Scams: Phishing tricks employees into opening malicious attachments or sharing sensitive information. Train staff to recognize and report suspicious activity.
- Make sure that your entity has a plan for verifying whether an email was sent from a real contact person or a scammer.
- This plan should always include person-to-person validation, such as walking down the hallway to ask, or calling the coworker directly at a known phone number. Do not reply to the email as a form of verification, do not start a new email as a form of verification as we assume the inbox has been compromised, and do not call a phone number from the email as we assume that has been compromised as well.
Require Strong Passwords: Strong passwords are a simple but powerful way to block criminals from accessing your accounts through guessing or automated attacks. Make them mandatory for all users.
- It is important to always make unique passwords and never use the same password or the same password scheme (your pet name + and escalating number) for multiple sites
- Visit https://haveibeenpwned.com/ and enter your work and personal email address in the search field. See how many times your email address has been included in a database of hacked data and imagine if you used the same password from any of those breached sites elsewhere…this would be an easy way for hackers to access additional accounts!
Require Multifactor Authentication: MFA adds an extra layer of security beyond passwords. Require it to make accounts significantly safer. Use phishing-resistant MFA where available.
- Tokens and security keys are generally viewed as the most security type of MFA.
- If you want to use your mobile device for your MFA token, a protocol that requires you to match a code from an authenticator app is more secure than receiving a text code.
Update Business Software: Outdated software can contain exploitable flaws. Promptly install security updates and patches to keep your systems protected.
- A key update to consider right now is the Windows 10 to Windows 11 upgrade. Microsoft will not longer provider security and firmware updates for Windows 10, so any Windows 10 computers in your home and business will be more susceptible to malware, viruses, ransomware, etc. This can also impact other computers and servers on the same network.