

Cybersecurity Awareness Month
Andor IT Blog
Secure Our World - October 2024
1st October, 2024
Since 2024, October has been declared Cybersecurity Awareness Month. This time is dedicated for the public and private sectors to work together to raise awareness about the importance of cybersecurity.
​
Over the years it has grown into a collaborative effort between government and industry to enhance cybersecurity awareness, encourage actions by the public to reduce online risk, and generate discussion on cyber threats on a national and global scale. October 2024 marks the 21st Cybersecurity Awareness Month.
​
Secure Our World
Starting in 2023 with the launch of the Cybersecurity and Infrastructure Security Agency (CISA) cybersecurity awareness program, secure our world is the enduring Cybersecurity Awareness Month theme. This theme recognises the importance of taking daily action to reduce risks when online and using connected devices. Organisations can use the Secure Our World theme when planning for this and future Cybersecurity Awareness Month campaigns.
​
This Andor IT blog post aims to support your Cybersecurity Awareness Month activities. Throughout this post, we have highlighted simple steps which everyone can take, not just in October, but year-round, to stay safe online.
​
Four Ways to Stay Safe Online
Let's work together to build a safer digital world. We can increase our online safety through four simple actions, and whether at home, work, or school, these tips make us more secure when connected. Take time to discuss them with your family, friends, employees, and greater community so we can all become safer online.​
​
-
Use strong passwords and passphrases
-
Turn on multi-factor authentication
-
recognise and report phishing
-
Keep software up to date
​
​
Passwords and Passphrases
Use Strong Passwords
Simple passwords such as 1234, birthdays, and pet names, are not safe for protecting important accounts holding personal information. Using an easy-to-guess password is like locking the boor but leaving the key in the lock. Weak passwords can quickly be broken by computer hackers. Creating unique strong passwords for every account is critical as if one account becomes compromised, your other accounts remain secure.
​
Strengthen your passwords with these three simple tips:
-
Make them long.
-
Make them random.
-
Make them unique.
​
It can be difficult to remember a unique and strong password for every account. The good news is that creating and storing passwords with the help of a password manager is one of the easiest ways to protect our sensitive information.
Strengthen Your Cybersecurity With Passphrases
To further enhance your online security, make yourself a harder target by using different passphrases for each of your accounts. Passphrases are the most secure form of passwords, consisting of four or more random words that are harder to guess, yet easy to remember. Create passphrases that are long, unique and unpredictable.​ Employing the help of a password manager can also assist you in generating and securely storing your unique passphrases.
​
Password Managers
Frequent advice states that strong and unique passwords should be used for our online accounts, however with so many accounts to manage, creating and remembering different passwords for each one can be extremely difficult.​
​
This is where a password manager comes in handy. A password manager will securely store all of your passwords, so you don't have to remember them. This enables you to create strong, unique passwords for every account without the risk of reusing the same password across multiple platforms. In addition to this, some password managers will generate passwords for make it easier for you to keep your online accounts safe and secure.
​​
In addition to this, password managers are helpful because they can:
-
Synchronise your passwords across your different devices.
-
Help spot fake websites, which will protect you from phishing attacks.
-
Let you know if you're re-using the same password across different accounts.
-
Notify you if your password appears in a known data breach.
-
Work seamlessly across multiple platforms such as Windows and iPhone.
​
Multi-Factor Authentication
Secure your online presence by always enabling multi-factor authentication (MFA). MFA adds an extra layer of protection by requiring two or more verification steps before granting access to your account. It enhances security, making it significantly harder for unauthorised users to gain access.​
​
MFA typically involves a combination of:
-
Something you know (PIN, password),
-
Something you have (phone, card, token),
-
Something you are (fingerprint)​​
There are multiple authentication methods available to enhance security through MFA. Including:
-
Physical and digital tokens
-
Biometrics
-
Authenticator apps
-
One-time PINs
​
Physical tokens are small devices which display a one-time pin on their screen to be entered when accessing accounts and information. Digital tokens function like a digital key and can be plugged into your device via USB or used wirelessly.
​
Biometrics, such as fingerprints, facial recognition, or iris scans are a more widely used form of MFA and are extremely common on mobile devices as they offer a fast login for the user, without compromising on security.
​
Authenticator apps such as DUO generate one-time PINs on mobile devices. One-time PINs are the most common form of MFA and is also utilised outside of authenticator apps by sending the user a one-time PIN via text message or email to verify account access or confirm specific actions.
​
Recognise and Report Phishing
Scammers use phishing to deceive you into sharing your personal information. This typically involves sending fraudulent emails or text messages that appear to be from well-known organisations which are trusted. Scammers may attempt to steal sensitive data, such as your online banking credentials or credit card information which can result in financial loss, information loss and identity theft.​
​
How to Identify Phishing Attacks
Phishing emails are designed to imitate legitimate individuals and organisations. Therefore, they are often difficult to identify at first glance. Some common warning signs to watch out for include:
-
An email address not linked to a legitimate domain name
-
Generic greetings such as "customer" or "account holder"
-
An unusual sense of urgency, or an imposed short-term time period
-
Poor grammar, punctuations, and spelling in the message body
-
Links in the message that do not match the sender's domain
​
Sophisticated phishing attempts may lack these warning signs, often using logos and graphics of trusted companies to enhance credibility. Some attackers even code the entire email body as a malicious hyperlink to increase the likelihood of successful phishing.