Originally Posted: Oct 9, 2023 | Updated: Nov 12, 2024
As we approach 2025, the urgency for cybersecurity preparedness is at an all-time high, with IBM reporting the average cost of a cyberattack now at $4.88 million. Cyber threats are becoming increasingly sophisticated, making it essential for individuals and organizations to prioritize their security measures. While Cybersecurity Awareness Month emphasizes this need, ongoing vigilance is crucial. In this discussion, we’ll cover key dos and don’ts that can help everyone protect their digital assets effectively, ensuring we stay informed and proactive in navigating the complex cyber landscape.
What Individual Users Should Keep in Mind
The Don'ts
- Don’t Reuse Passwords: Have you ever used the same passwords for different accounts because you couldn’t remember multiple passwords? It’s a mistake that many people make, however it has the potential to lead to more than one of your accounts being compromised. Don’t make it easier for hackers by giving them access to all your accounts. Either write down your passwords physically or use a secure password management tool to keep track of them.
- Don’t Share Personal Information: Legitimate organizations never ask for sensitive information like your social security number, bank account details, credit card information, or passwords, through email or text. Since Personally Identifiable Information (PII) can be misused by cyber criminals for identity theft, be wary of sharing sensitive information through unencrypted channels like social media, sms messaging, email, and text.
- Don’t Use Public Wi-Fi: “Free Public Wi-Fi Available!” – Sure it’s free, but using the public Wi-Fi to access your online banking or shopping puts you at risk of being tracked by cybercriminals who consider public wi-fi an easy and irresistible target. Instead use a virtual private network (VPN) on your phone or tablet to add a level of security that is essential when using a public wi-fi.
- Don’t Fall For Fake Pop-Ups: Be cautious of deceptive pop-ups, especially on banking or vendor sites, as they can pose serious security risks by tricking users into clicking malicious links or revealing sensitive information. Attackers often use screen overlays and fake alerts, like fraudulent “Mac Defender” warnings, to create urgency. If you encounter a suspicious pop-up, close it immediately and run a malware scan with trusted tools.
- Don’t Download Suspicious Software: Looking for a cracked version of a popular software? Think twice. Downloading software or apps from untrusted sources can put your device at risk of being exposed to hackers. Stick to official app stores or reputable websites when downloading applications or software.
The Dos
-
- Create Strong Passphrases for Enhanced Security: In 2025, protecting your online accounts starts with using strong and unique passphrases instead of traditional passwords. For example, instead of using a password like “P@ssw0rd123,” which can be easily cracked, opt for a passphrase such as “BlueSky!Hiking77PineTrees,” which is longer and combines unrelated words, numbers, and special characters. Aim for passphrases that are at least 12-16 characters long for better resistance against hacking attempts. Additionally, consider using a trusted password manager to generate and securely store your passphrases.
- Use Multi-Factor Authentication (MFA): Enabling MFA whenever possible for your online accounts is always the best idea. This adds an extra layer of security, requiring both a password and a secondary verification method, like a text message or a pin, to access your account. So even if a hacker gets your password they can’t get into your account without the secondary authentication.
- Ensure Regular Software Updates: Don’t put off security updates. Keep your devices, operating systems, and software up-to-date as these updates often contain security patches that protect your devices from known vulnerabilities.
- Expect Phishing Attacks and Stay Alert: Be cautious with emails, messages, and even ads from unknown senders. Cybercriminals increasingly use AI to create personalized phishing attacks that trick individuals into revealing sensitive information. For instance, an email might mimic your bank, urging you to “verify your account” via a link to a fake website or download a malicious file. Phishing can also occur through social media ads or messages on platforms like Facebook, making them harder to detect. Always verify the sender’s identity before clicking any links or downloading files, or engaging with unsolicited communications.
- Perform Regular Backups: You should regularly back up your important data and files to an external device or cloud storage. In case of a cyberattack or data loss, having recent backups can save you from significant trouble.
What Organizations Must Keep in Mind
The Don'ts
- Don’t View Cybersecurity as a Hindrance: Cybersecurity does take extra steps to make sure things are secure and that can seem like red tape hindering everyday tasks. However, it is not a hindrance but an essential enabler of everyday tasks, ensuring the protection of sensitive data and maintaining trust with customers. By integrating security seamlessly into their operations, your organization can create a resilient and efficient environment that fosters innovation and growth.
- Don’t Rely Solely on Technology: Thanks to the advent of Artificial Intelligence (AI) and Machine Learning (ML)-based tools, automation has made daily tasks easier. However, automated cybersecurity is not perfect and requires human intelligence and oversight. To ensure robust cybersecurity management, it’s essential to have a dependable cybersecurity team that works in tandem with AI and ML tools to continuously monitor company assets and respond effectively to evolving threats.
- Don’t Take a Reactive Approach: In an era where cyber incidents happen in a matter of minutes, it is reckless to wait for a cybersecurity incident to happen before taking action. CISOs should adopt a proactive approach when dealing with their organization’s security – conducting regular vulnerability assessments, security audits, and signing up with a reliable attack surface management platform. A quick, proactive incident response from an organization’s security team may not only prevent a major attack, but also ensure lower financial losses.
- Don’t Overlook Third-Party Risks: Third-party attacks are a point of concern as 55% of security professionals reported that their organization experienced a cybersecurity incident involving a third-party vendor in 2023. With a marked increase of 430% in supply chain attacks, with major examples being the Apache Log4J, GoAnywhereMFT and MOVEit hacks, the possibility of PII being leaked due to third-party breaches is tantamount. It is crucial for organizations to consider the security posture of their third-party vendors and partners as they can pose risks to organizations if not adequately secured.
- Don’t Use Siloed Security: Cybersecurity should be integral to all aspects of your business so that the security team is able to handle breaches with dexterity. Isolating security functions within your organization is an unwise approach. To create an impenetrable network, it’s essential to fully integrate cybersecurity measures across all assets, departments, partners, and operational development. Organizations should use risk-based proactive security approaches such as attack surface management that can help identify and address weaknesses by continuously monitoring vulnerabilities, evaluate security controls in controlled environments, strengthen defenses and reduce the risk of successful cyberattacks across the asset network.
The Dos
- Conduct Regular Risk Assessments: Conduct regular organizational risk assessments to identify vulnerabilities and prioritize security measures. This helps in understanding potential threats, identifying unpatched endpoints, and mitigating them effectively.
- Provide Employee Training: Most security breaches come from social engineering attacks such as phishing attacks. Chief Information Security Officers (CISOs) must ensure the employees are cyber aware and knowledgeable about cybersecurity best practices. Regular company-wide training is crucial to reinforce security best practices and keep employees aware of the risks of a social engineering attack. Educated and cyberaware employees are your first line of defense against social engineering attacks, phishing emails and other cyber threats.
- Have an Incident Response Plan: Develop a well-defined incident response plan that outlines steps to take in case of a cybersecurity incident. Then review and update it regularly to ensure complete readiness of your organization’s security team.
- Implement Regular Software Patching: Your organization should implement a robust patch management process to ensure that all software and systems across the network are up-to-date with the latest security patches.
- Perform Continuous Security Monitoring: To effectively address the escalating frequency of cyber incidents, it’s crucial to establish or adopt a continuous security monitoring mechanism that can detect and respond to threats in real-time. Some service organizations opt for implementing tools such as intrusion detection systems, security information and event management (SIEM) systems, and user behavior analytics. These proactive measures have become more necessary than ever, given the year-on-year increase in cyber incidents.
Cybersecurity Awareness Month serves as a timely reminder of the importance of cybersecurity for both individuals and organizations. By following the dos and avoiding the don’ts outlined here, people can better protect their digital presence or strengthen their organization’s security posture.
In our increasingly digital world, cybersecurity awareness is not just a one-time effort; it’s an ongoing commitment to safeguarding our digital lives and the integrity of our organizations.