October is recognized as cybersecurity awareness month. Hard to believe, but this marks the 18th year. Jointly formed by the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cyber Security Alliance (NSCA), the object of cybersecurity awareness month is to provide a focused effort on educating business and individuals about the critical needs for security awareness and using common best practices.  

Take this month to focus on how you can personally improve your online and digital security as well as what you can do to improve security at your business or place of work, too. With SMBs, the focus of cybercriminals, there is an attempted attack nearly every 11 seconds in in US! It is not just the large organizations who are targets.   

Too many SMB’s think they are too small for a breach, so they do not have even the most basic, minimum-security measures in place. Often individuals feel the same about personal accounts. As an example, using two-factor authentication should not even be a question anymore. Turn the feature on where available for all your online accounts, and, if available, select using an authenticator app instead of text message codes. Another option that is gaining popularity and adoption is a physical 2FA device like YubiKey. 

The bottom line is significant cybersecurity improvements need to be made by the business we all use and trust with personal data and information, but end-users need to follow guidelines as well so as not to be the weakest link. 

• • Don’t use common passwords – choose passphrases that are easy for you to remember but contain a mix of numbers and characters and are lengthy to add to the security.   
  • Change your passphrases regularly.  
  • Consider using a password management tool like LastPass. 
  • Avoid using public Wi-Fi.  
  • Activate 2FA on all the accounts where available. Maintain vigilance when viewing emails – do not click links and refrain from downloading documents from unknown sources.   
  • Ensure your software is always up to date, including your mobile devices. 
  • If an email looks suspicious, check the email header information to see who really sent it. Phishing is still one of the most successful ways for criminals to gain access to accounts and business networks.   
  • Regularly check your credit reports, credit accounts, and bank accounts for any suspicious activity. 
  • And finally, exercise common sense. Your CEO/CFO/Manager is never going to email you to quickly purchase thousands of dollars in gift cards and email bank card numbers!