For some time now, the cybersecurity aspect has not been restricted to the environment of large organizations. Malicious attackers have been targeting their criminal activities on companies and individuals every day, greatly increasing cyber risks. In this case, the main motivations of these agents are to improperly steal personal and sensitive data, modify settings on devices, and gain unauthorized access through privileged credentials. And with cyber risks increasingly associated with business risks, the consequences of phishing or ransomware attacks can be disastrous for any company.

For these reasons, since 2003, October has been established as the month of cybersecurity awareness in places like Europe and North America. This initiative was conceived through a partnership between governments and the private sector, to increase the level of awareness regarding digital security and empower individuals and organizations to protect their data from the action of digital criminals. And when it comes to cybersecurity, small actions can make a huge difference in ensuring digital sovereignty over data.

According to Verizon’s 2022 Data Breach Investigations Report, 82% of cyberattacks involved the human aspect. This is because it is useless for organizations to increase their cybersecurity budgets and invest in state-of-the-art cybersecurity solutions without addressing the weakest link in the chain: people. Yes, cybersecurity may seem like a complex issue, but at the end of the day, it is all about people.

Precisely for this reason, the Cybersecurity and Infrastructure Security Agency (CISA) in the United States has elected the theme “See Yourself in Cyber” for the cybersecurity awareness month campaign in 2022. This year, the American campaign focuses on four user behaviors that can make a big difference between being a victim of a cyberattack and not.

They are as follows:

MFA adds a layer of security to the user authentication process, and is one of the simplest methods of increasing the level of cybersecurity. For this, the user is required to combine two or more forms of identity verification. This can be through something the user knows (a password), something associated with who they are (such as biometrics), or something they have (such as an access token);

Using a strong password makes it very difficult for malicious agents to guess the password or carry out brute-force attacks. However, it is worth remembering that, if the user uses the same strong password in several services, they may still be the victim of an attack called credential stuffing. In this type of attack, an attacker uses a leaked password from one service to perform an attack attempt on another service the user has access to. Therefore, to further increase the level of security, it is recommended that users use password generation and management solutions, including Privileged Access Management (PAM) tools.

Malicious agents try to exploit vulnerabilities in device operating systems such as computers, tablets, and smartphones every day. This is not surprising, considering that these devices store a huge amount of information from people and organizations, such as their online habits as well as personal and financial data. Thus, enabling automatic updating mechanisms to keep your devices’ software up-to-date is an effective way to protect yourself against financial, data, and credential theft.

Who does not know someone who has been the victim of a phishing attack? In this type of cyberattack, attackers use emails, social media posts, or messages to trick the user into clicking a link or downloading a malicious file. When this occurs, the user may allow the attacker to steal the data stored on the devices or even encrypt data, preventing access by the victim until a ransom amount is paid. In this case, it is important not to click on any link (including an unsubscribe button) or open attachments until the veracity of the message can be verified. If a phishing attempt is detected, the user must delete the message immediately and report the attempt to the respective provider.

In Europe, the European Union Agency for Cybersecurity (ENISA) is organizing the tenth edition of the cybersecurity awareness month together with the European Commission and member states. In 2022, the themes of the campaign in the European Union are phishing and ransomware, subjects in common with the American campaign.

Moreover, through the campaign’s official website (https://cybersecuritymonth.eu/), one can have access to a series of materials and resources that address the topic of cybersecurity. These resources include blog articles and rich content, as well as tests to verify user knowledge of cybersecurity, and a help session with frequently asked questions about the subject.

Here at senhasegura, it is no different: throughout October, we will offer exclusive content on the subject of cyber awareness. This content includes tips on how to create an efficient cybersecurity awareness campaign, as well as topics that should be present in these campaigns. In addition, we have content presenting what solutions should be implemented in companies to increase the level of cybersecurity and a webinar describing what Information Security leaders should do if they are victims of a cyberattack.

If you want to raise your level of cybersecurity awareness and reduce the risks of a cyberattack, you should not miss anything about our campaign! Don’t be left out!