What is Cyber Security Awareness Month?
Cyber Security Awareness Month is an annual campaign that aims to raise awareness of cyber security and provide valuable information and resources for people and businesses to protect their data.
2023 is the 20th Cyber Security Awareness Month, and this year, we will be providing unique resources to help keep people safe online.
Brief Overview of Cyber Awareness Month
Cyber Security Awareness Month originated in the United States in 2004. The idea was simple yet profound: Dedicate a month to raise awareness about online threats and encourage safer internet practices. Over time, the recognition and importance of this month have grown internationally, with businesses from all over the world combining to provide tips on keeping personal and sensitive data safe.
When is Cyber Security Awareness Month in the UK?
Cyber Security Awareness Month in the UK is in October of 2023, starting from Sunday 1st October, with the last day of Cyber Security Awareness Month ending Tuesday 31st October.
Cyber Security Facts in Q4 of 2023
Each year, a staggering number of cyberattacks are recorded globally. These aren’t just statistics – they represent real people, companies, and consequences. Data breaches can lead to financial loss, identity theft, and other complications.
Ransomware: This malicious software is designed to block access to a computer system until a sum of money is paid. As demanding as it sounds, it’s become one of the top threats to individuals and businesses.
Ransomware has been on the decline in recent years, but the number of ransomware attacks is still far higher than in previous years.
Phishing: These are deceptive attempts, usually via email, to obtain sensitive information like usernames, passwords, and credit card numbers by posing as a trustworthy entity.
The financial sector is the highest-targeted industry for phishing attacks, receiving 27.7% of all phishing attacks, whilst SaaS (Software as a Service) hold second place for receiving 17.7% of all phishing attacks.
Internet of Things (IoT) Vulnerabilities: Our homes and offices are getting smarter with devices that can connect to the internet, from refrigerators to security cameras. While this offers convenience, it also presents new opportunities for cyber threats if not properly secured.
The Human Element
When considering cyber security, focusing solely on technology – firewalls, antivirus programs, and sophisticated algorithms is tempting. However, the individual behind the screen often becomes a pivotal factor in the success or failure of cyber security measures.
Social Engineering: Social engineering exploits human psychology to manipulate individuals into revealing confidential information, often leading to data breaches. Instead of targeting technology, attackers ‘hack’ human behaviour. Key techniques include:
- Phishing: Deceptive emails or messages impersonating trusted sources trick recipients into divulging sensitive information.
- Pretexting: Attackers use a fabricated scenario to extract details, e.g., posing as tech support for “verification”.
- Baiting: Victims are enticed with a lure, often leading to malware installation.
- Tailgating: Gaining unauthorized access by closely following someone with valid access into a secure area.
These human-centric vulnerabilities often result in breaches when trust is exploited. Combating this requires focused education and awareness. Training can help individuals recognise attempts while fostering a security-conscious culture ensures proactive prevention.
Phishing: Modern phishing attacks are more sophisticated and tailored, often appearing as legitimate messages from reputable organizations. Whether it’s a fake bank email or a scam “friend” message, the goal remains to trick individuals into giving away sensitive information. A widespread phishing scam is the Microsoft OneDrive scam. Other popular phishing scams include fake Amazon emails.
Weak Passwords: It might sound basic, but password security remains a significant concern. Today’s digital landscape sees millions of attempted breaches daily, and you’d be surprised how often “password123” or “admin” still grants access to critical systems. We strongly recommend creating strong and unique passwords, using a multitude of random half words, symbols, numbers, uppercase and lowercase letters, too. In addition, we highly recommend all passwords should be unique to each platform and a minimum of 12 characters.
Password Strength Guide: We’ve included a graph demonstrating how safe your password is. As of October 2023, this infographic is 18 months old. We expect that the time for your password to be guessed has since decreased, and strongly recommend all passwords are a minimum of 12 characters in length.
We also strongly recommend utilising two-factor authentication on every account log-in possible to maximise safety.
Making it difficult for cybercriminals to gain access to your sensitive information is vital. With a strong and unique password, two-factor authentication and general cyber security awareness, you’re already on your way to doing the fundamentals. Other resources to help protect you and/or your business from cybercrime include:
Cyber Essentials: Cyber Essentials is a scheme by the UK and Welsh Government to help businesses stay safe online. Cyber Essentials protects against 80% of common cyber threats and comes with an advanced certification, Cyber Essentials Plus. Cyber Essentials is one of the requirements for businesses looking to work with the Government.
Secure IT: SecureIT is our cyber security awareness training platform. It’s short, affordable, interactive, and is sent to your inbox as often as you’d like. SecureIT helps employees reduce the risk of human error by providing risk assessments and phishing simulators so cyber security is always at the front of people’s minds.
Google Cyber Security Certificate: Google’s recent course on cyber security is for people looking for advanced learning. You’ll learn how to identify common risks, threats and vulnerabilities, gaining job-ready skills.
How to set up two-factor authentication:
National Cyber Security Centre: Top tips for staying secure online by the National Cyber Security Centre.
Cyber Security Jargon: Learn cyber security terminology with our 50+ word guide.
Remote Cyber Security Tips: Work remotely? The remote cyber security tips guide has you covered.
Remember, cyber security isn’t a one off. Cyber Security Awareness should be all year round, not just one month of the year.
Excellence IT are a cyber security-first Managed Service Provider, help businesses in South Wales and Bristol with cyber security and IT support. If Excellence IT can help your business, get in touch today by submitting the form below or email email@example.com
Writes about IT Support and Cyber Security.