Last month was National Cybersecurity Awareness Month (NCSAM). But just because we’ve moved into November, that doesn’t mean security is no longer important. Microsoft used NCSAM as an opportunity to highlight import security issues and help raise awareness with its customers to improve their security posture. Vasu Jakkal, Corporate Vice President for Security, Compliance and Identity, wrote:
Most of us think we’re too smart to fall for a phishing scam, and our confidence only grows when we’re logged onto a company network. Statistics show that nearly one in three security breaches starts with a phishing attack, costing the affected organization an average of $1.4 million. With the rise in people working from home, new attacks such as consent phishing have cropped up to take advantage of remote workers dealing with home-life distractions.
Jakkal takes an interesting position on the use of artificial intelligence (AI) and people in cybersecurity. Jakkal says that AI is one of the most effective tools for combating cybersecurity threats. But that effective AI also requires a diverse set of experiences, including gender, ethnic diversity, cultures, opinions, and many other factors.
If a team consists of only those from the same background with similar skills, it risks losing creativity and making poor decisions. Microsoft has a blog post on the subject here. Jakkal says that diverse teams can create AI systems that people trust to protect IT assets and data.
On a more practical note, Microsoft emphasized different ways organizations can improve security using its products. Here are some of the main points Microsoft had to make.
Microsoft would prefer that you didn’t use passwords at all. Or if you must, they should be protected using multifactor authentication (MFA). But Microsoft also realizes that not all organizations have the resources to deploy MFA or go passwordless. So, there is some advice on how to create strong passwords and secure them.
For instance, passwords should be at least 12 characters long but preferably 14 or more. And you should use a combination of uppercase and lowercase letters, numbers, and symbols. Passphrases, like “6MonkeysLooking^” are easier to remember than passwords. You should use a unique password for each service or site.
And to help you remember the passwords, a password manager is preferable to writing them down. And don’t be tricked into revealing passwords or send them by email. Finally, if you can enable MFA, then you significantly increase the cost for attackers and passwords are much less likely to be compromised.
For more information on passwordless sign-in, check out How to Set Up Passwordless Sign-in Using the Microsoft Authenticator App for Microsoft 365 on Petri.
It won’t come as a surprise that Microsoft wants you to use Windows 10. It has lots of security protections built in, including Microsoft Defender Antivirus, Windows Defender Credential Guard, Application Control, and the list goes on. But seriously, if you are still on Windows 7, then unless you have paid for extended support from Microsoft, it really is time to upgrade because you won’t be receiving security updates.
As Jakkal noted, it’s important to educate users so that they can protect themselves against attacks and scams. Microsoft has a good article on its website that explains some common cyberattacks, how to recognize them, and what to do if you think you might have fallen victim.
If you are using Wi-Fi at home, make sure you secure your home router by changing the default administrator password and updating the firmware. Setting up a guest network for untrusted devices can be used to segregate devices like TVs and smart devices. You can also have your friends and clients connect to the guest network instead of handing them the password to the network that your sensitive devices are connected to.
As more of us work from home, following basic security best practices is more vital than ever. Many attacks are automated so even if you think that your business has nothing worth stealing, that doesn’t mean you won’t be a victim. And remember, a single compromised device can lead to an entire network being infected with ransomware or other types of malware that can prove costly to remove.