#BeCyberSmart All Year Round With Educational Resources from Microsoft

istock 1199145131

Did you know that October was Cybersecurity Awareness Month? At Microsoft, we pride ourselves on educating everyone — not just security teams — on best practices and the latest attack vectors. After all, when our customers know better, they can do better. Comprehensive cybersecurity education is an important part of strengthening cyber defenses for corporate IT professionals, small businesses, and everyday consumers alike. That’s why Microsoft’s mission is to provide actionable, engaging resources to level up cybersecurity practices for all.

To that end, we have created the Be Cyber Smart Kit curated by Microsoft’s security experts to help organizations and consumers be cyber-smart through sharable videos, infographics, and more. Keep reading for tips to keep you and your organization secure, and get your Be Cyber Smart Kit with tips and tricks that you can use all year round.

The best password is no password at all

Did you know that password attacks were the most commonly observed type of threat in 2021, clocking in at 34,740 attacks every minute? Today’s hackers don’t break in — they sign in. That’s why we encourage our customers to use passwordless sign-in methods like the Microsoft Authenticator App, physical security keys, and biometrics whenever possible. They are more secure than traditional passwords — which can be stolen, hacked, or guessed — and can greatly reduce the risk that comes with having to create and secure multiple unique passwords for all of your organization’s various accounts.

If you do use passwords as part of your sign-in process, here are five tips for making them as strong as possible:

  • Create a password that is at least 12 characters long (but 14 or more is better)
  • Use a combination of uppercase letters, lowercase letters, numbers, and symbols
  • Don’t choose a word that can be found in a dictionary or is the name of a person, character, product, or organization
  • Pick something significantly different from your previous passwords — and never reuse the same password for multiple sites
  • Choose passwords that are easy for you to remember but difficult for others to guess

Once you’ve created your password, keep it as secure as possible. Hackers will often target companies by attempting to trick individual employees into revealing their security logins. You can better protect your organization against password attacks by updating passwords frequently, encouraging employees to only access websites through trusted links, and reminding employees not to share their credentials via insecure channels like email or instant messages.

Protecting identities, devices, and data

Along the same vein as increasing password attacks, we’re also seeing a rise in identity theft. The days of easily identifiable spam emails are quickly slipping away. Today’s threat actors are growing savvier when it comes to stealing identities to hack into devices and networks.

Many of us know to be skeptical of messages that include links or come with attached files, especially when the sender asks for personal information. But it bears repeating that you should never open an unexpected attachment, even if it appears to be coming from a trusted person or organization. If an employee is concerned that the message is important, encourage them to reach out to the sender directly — either by calling them or going to the organization’s official website for their contact information.

When part of a legitimate request, personal information should ideally be shared in real time — either in person or over the phone. It is recommended that you use encryption tools when sensitive information absolutely needs to be shared via email. Employees should also be wary of sending system definition files through insecure channels, as attackers can use them to breach your digital landscape, corrupt organizational processes, and make your environment more vulnerable.

We recommend organizations strengthen their cybersecurity by installing software updates as soon as they are released. Many app, browser, and operating system updates contain security fixes for currently active issues, so installing them promptly is an important part of maintaining the latest security standards. You can further reduce your company’s attack surface by eliminating unnecessary internet connections, restricting open ports, and using scanning tools to check your digital environment for potential weaknesses. Windows 11 offers Tamper Protection to block unauthorized changes to your security settings.

Ultimately, while Cybersecurity Awareness Month might only last for the month of October, promoting the importance of a secure online environment is a year-round job. It comes down to all of us being cyber defenders — whether we represent a global corporation, a family-owned business, or even an individual consumer.

You can learn more about cybersecurity best practices by visiting our Cybersecurity Awareness site. Let’s be cyber-smart together!


Copyright © 2022 IDG Communications, Inc.