October is Cybersecurity Awareness Month
October 2023 marks the 20th anniversary of Cybersecurity Awareness Month.
It’s a collaboration between the government and private industry to empower everyone to protect their personal data from digital forms of crime. It’s celebrated all over the world, and as we become more dependent on technology, it’s more important than ever to strengthen and adapt our cybersecurity habits.
The theme is Secure Our World as you can see above. And this year’s focus is on 4 simple actions we can take as individuals and business owners to make our networks more secure.
- Create Strong Passwords and Use a Password Manager
- Turn on Multi Factor Authentication (MFA)
- Recognize and Report Phishing
- Update Your Software
Consider this:
Only 33% of individuals create unique passwords for all accounts. (National Cybersecurity Alliance)
Imagine 2/3 of your team using their work password as their streaming services password, or for their social account, or their Amazon password. Now if any of those get breached, they’re all at risk.
No matter how many layers of protection you have in place on your business network, a non-unique password opens it right up.
This is why building employee awareness is so important and why Cybersecurity Awareness Month has been around for 20 years and continues to make an impact.
For an infographic you can share with your team, click on the image below to view and download.
And for tips throughout the month, visit our Facebook and LinkedIn pages.
You can also meet our new mascot here.
Warn Your Social Media Managers
A new malware attack is targeting millions of businesses on Facebook. It has a 1 in 70 success rate according to Guardio researchers so please be alert.
It begins as a message through Facebook Messenger. The topic may be about misusing a photo, the business page violating Facebook policy, or someone claiming they want to buy your product.
The good news is that each of these attacks include a link with .rar in the name, and if your people are up on their awareness training, they’ll know to never trust an unsolicited RAR file.
If you don’t already know, a RAR file is similar to a ZIP file; it’s a data container or archive containing one or more compressed files. It can contain almost anything and should never be opened or extracted when sent unexpectedly.
But it’s still good to share the alert since it’s clearly being successful. Unfortunately, people will always be curious and tempted to click and see the photo they’re being accused of misusing or just exactly how they supposedly violated policy, etc.
Fake Scan Details in Email
Researchers at Bleeping Computer shared this warning just a few days ago:
“Hackers are utilizing a new trick of using zero-point fonts in emails to make malicious emails appear as safely scanned by security tools in Microsoft Outlook.”
Essentially, the criminals insert text or characters in a message that looks like an official statement of the email being scanned, and then set the font size to 0. That makes the text invisible to readers but not to the email system. Then in the email listing pane, that fake secure message shows up and could easily trick someone into thinking it’s real.
In the image below, the red-boxed text in the listing pane is not visible in the email preview. It says, “Scanned and secured by Isc®Advanced Threat protection (APT): 9/22/2023T6:42 AM.” It should appear in the message where the yellow highlighting is, but the font size was set to zero.
This tactic alone is not going to download malicious files, but it could make someone who is quickly scanning their emails believe the message is legitimate. And that person could click on a link they never would have otherwise.
It’s just something new to be aware of so we won’t be fooled by it if we see it.
