October is Cybersecurity Awareness Month – Takeaways for the Entire Year

This month is the 20th annual Cybersecurity Awareness Month, co-sponsored by the Cybersecurity and Infrastructure Agency and the National Cybersecurity Alliance. This year’s theme is “Secure Our World.” The takeaways from this month include “Four Easy Ways to Stay Safe Online” for businesses and organizations to employ and educate their users for use at home:

1. Use strong passwords and a password manager.
2. Turn on multifactor authentication (MFA).
3. Recognize and report phishing. Think before you click or act.
4. Update software.

These basic safeguards are part, but just part, of effective security.

It’s a good time to explore developments in these safeguards and to incorporate the changes into cybersecurity programs. For example, using passkeys to replace passwords is becoming more common following adoption by major technology companies like Amazon, Apple, Google, and Microsoft. Federal agencies are increasingly warning about using SIM swapping (cloning a victim’s cell phone) to defeat SMS (text message) MFA and encouraging the use of authenticator apps instead of SMS. Phishing is becoming increasingly sophisticated, including using artificial intelligence by attackers, increasing the need for technical defenses and regular user training. There seem to be almost daily reports of new zero-day vulnerabilities (for which security updates are not yet available), which makes it increasingly important to regularly check for and promptly apply updates when they become available, and replace devices and software that no longer receive updates.

Cybersecurity Awareness Month is a time to raise awareness about the importance of cybersecurity. It is important for all users to be attentive to security every time they are using technology, all year long.

If you have questions about the content of this alert, please contact David Ries (dries@clarkhill.com; 412.394.7787), Richard Halm (rhalm@clarkhill.com, 312.985.5564), or another member of Clark Hill’s Cybersecurity, Data Protection, and Privacy Group.