October is Cybersecurity Awareness Month. During this month, the public and private sectors work together to raise awareness about the importance of cybersecurity.

October 2024 marks the 21st Cybersecurity Awareness Month, and this year’s theme is “Secure Our World.” This month serves as a reminder that businesses must stay cyber-secure to safeguard company data, protect customers’ personal information, and ensure employee privacy.

Here are four strategies from the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance that businesses and their employees can use to stay cyber-secure throughout the year:

• Use strong passwords and password managers. Cybercriminals are often able to determine or guess simple passwords. Businesses should require employees to use strong passwords for all work-related accounts. Passwords should be at least 16 characters long, random, and unique for each account. The use of password managers—secure programs that maintain and create passwords—should be encouraged or required. These easy-to-use programs store passwords and fill them in automatically on the web.
• Implement multifactor authentication (MFA). MFA is a layered approach to securing data and applications. This tool requires a user to present a combination of two or more credentials to verify their identity for login. MFA enhances security because even if one credential becomes compromised, unauthorized users will be unable to meet the second authentication requirement and will not be able to access the targeted physical space, computing device, network, or database. Businesses should enable MFA on any site or service that offers it.
• Recognize and report phishing. Many cyberattacks result from a recipient of a phishing message accidentally downloading malware or giving sensitive information to a cybercriminal. Therefore, employees should know the signs of a phishing attack and be instructed not to click or engage in these phishing attempts. Instead, employees should recognize them by their use of alarming language or offers that are too good to be true. Phishing attempts should be reported using the appropriate IT protocols. If a business suspects that it has become a victim of a phishing attack (or any other type of cybercrime), it should immediately report the incident to its insurance partners and the appropriate government authorities.
• Update software. Businesses should ensure their software programs stay up to date by installing security updates as soon as possible. These updates close security vulnerabilities and help protect your organization from cyberattacks.

{{richtext-cta-general-2="/components/rich-text-cta"}}

More information

Contact us today for more cyber security guidance and cyber insurance solutions. For more information, visit the links below:

• A complete guide to cyber insurance in 2024
• Top 10 Cyber security threats: A small business guide to cyber risk mitigation
• Preventing cyberattacks on remote employees
• Review CISA’s webpage to learn more about Cybersecurity Awareness Month

​

This document is not intended to be an exhaustive source of information nor should any discussion or opinions be construed as legal advice. Readers should consult legal counsel or a licensed insurance professional for appropriate advice. © 2024 Zywave, Inc. All rights reserved.