October is Cybersecurity Awareness Month and I’m excited about what Microsoft and our partners in the industry have planned to help everyone stay #CyberSmart. With the increased use of personal devices, it may feel like there have been more breaches this past year than 2021, but understanding that much of what we do online is at risk should motivate us to be even better cyber defenders. As illustrated by the March 2022 attack on Shields Health Care Group1 that impacted two million people and the April ransomware attack that became a national emergency for Costa Rica’s government,2 we need to protect what matters.

Technology can’t fix everything. People are still the greatest strength we have, which is why Microsoft has partnered with the National Cybersecurity Alliance to help teach employees about the fundamentals of cybersecurity. One of the best ways to start is by protecting your identity and devices and staying away from phishing schemes. In addition to these tips, you should check out our website for more resources and ways to stay safe online–just don’t forget to be cyber-smart!

People have become the primary attack vector for cyber attackers, so it is humans that represent the greatest risk to organizations.

This sentence has been rewritten.

It’s more important than ever to be aware of potential pitfalls that could threaten the security of your company.

Creating an awareness program for your company will help safeguard your company, employees, and the data in it. A comprehensive security program requires employees to be educated about security risks outside the workplace and maintain a high level of awareness to protect themselves and their devices from potential threats. An analysis of more than a thousand security professionals from around the world found that 69% are spending less than half their time on security awareness, meaning they aren’t doing as much work to educate employees or prevent threats.

Information about cybersecurity should be a priority for online professionals. According to the SANS report, security awareness professionals should do the following:
• Enable awareness-promotion and education initiatives
• Protect privacy

Finding ways to incorporate your culture and values into leadership meetings can be helpful. Try asking questions that resonate with the CEO, so you don’t just talk about yourself. Remember that it’s always appropriate to say a few words about what you’re doing personally, but focusing on the bigger picture is always better.

For every 10 technical security professionals, you should have one human-focused security professional.

Partnering with other departments in your organization, like communications, human resources, and business operations can help you bridge the gap between effort and success.

Create training materials that are straightforward and easy to follow. “It’s all about the frequency.” Dedicate time to collecting information about the program’s impact.

In this case, it’s up to you to #BeCyberSmart

In 2022, the most common cyberattacks are coming from malware and phishing. Even with the rise of ransomware as a service (RaaS) and other sophisticated tools, human beings are one of the most reliable–and cheapest!–ways for cybercriminals to attack globally. That’s why we all need to stay informed about how to prevent breaches, both at work and at home.

As someone who has been in the business of security, it’s a relief to be able to authenticate access on my Surface and prepare for remote work.

If you want to #BeCyberSmart, then take these basic steps:

1. Social media is not the same as real life.
2. Follow the advice of cyber security experts and technicians.
3. Take care of your passwords – do not share them with anyone!
4. Avoid opening legitimate looking phishing emails, they may contain malware that could hijack your computer or personal information
5. Download anti-virus software before downloading any attachments or unknown files

Phishing scams are becoming a big problem, and they accounted for 30% of attacks in 2021. A recent Gone Phishing Tournament during Terranova spelled trouble for many participants. 19.8% of the participants clicked on the phishing email link or downloaded the fake document, while 14.4% gave their credit card information to the phony website presented to them. So how can we avoid taking the bait?

Verify that the sender’s email address is correct, and try to confirm the email with the website or enter a new email address. If you suspect a phishing attempt, do not reply. Just create a new email to respond.

One simple and effective way to protect your Facebook account is to never click on links or open email attachments from people who you don’t know.

The Federal Trade Commission offers several tips in their phishing site.

Outdated or unpatched devices and software are a leading access point for cybercriminals—which means that practicing good cyber hygiene is critical to safeguard your personal information. To help you stay on top of threats:

It’s important to keep your mobile devices locked.

#

It can be difficult to always keep track of your passwords, which is why it’s important to use multifactor authentication on your sensitive accounts and apps.

Always run antivirus software and install system updates immediately.

Scams: these criminals try to get your information and money by promising to fix an urgent problem. For example, they’ll send you a text or email with a sense of urgency, such as “Act now to avoid getting your account locked!” If you see a message like this, don’t click the link. And remember to always report any suspected scam so the organization can take action. A few tips to remember:

Health care providers and staff members should always be skeptical of unsolicited tech support calls or error messages requesting urgent action.

We do not recommend downloading any software that was not sent directly from our official website.

Your company is obviously committed to providing the best products and services in their industry, which is why you have a dedicated page on your website. If you have any questions about who we are as a company, what we do, and what sets us apart from the competition, all of these things will be answered once you open that website tab.

Passwords are important for your security. The average person now has more than 150 online accounts, so it’s easy for password fatigue to set in. Some tips on how to protect your passwords include:

Use your browser’s password generator to generate strong passwords.

Avoid personal and financial information leaks by logging off of public wireless networks when you’ve completed any tasks.

If you’ve forgotten the passwords to many of your websites, use a password manager. If you’re not going to bother with passwords anymore and want to be done with it all, consider going passwordless and relying on 2FA instead.

A diverse cybersecurity workforce is critical to fostering the innovation that will solve today’s challenges and those we’ll face in the future.
This sentence rewriter provides a variety of rewritten sentences by pairing synonyms with natural language.

As of April 2022, there are 700,000 vacant cybersecurity positions in the United States with 3.5 million going unfilled worldwide by 2025. That’s why Microsoft continues to reach out to students and other potential candidates. This year for Cybersecurity Awareness Month, Microsoft has also partnered with organizations like the Last Mile Education Fund in order to raise funds and awareness for closing the workforce gap before it’s too late. For example, they plan to reach at least 25,000 students by 2025 through scholarships and additional resources related to cybersecurity pathways.

In October 2022, Microsoft is hosting the Microsoft Student Summit, our annual virtual event designed to inspire students to pursue a future in tech. This conference provides one-day access to speakers who work at Microsoft and relevant experts in tech. The event will also offer free learning sessions aligned with Microsoft certifications for security, compliance, and identity.

The next generation of cybersecurity defenders are just getting started and it’s critical that the doors are open to everyone. That’s why we want ensure the most disadvantaged, adolescent girls, women and gender minorities, have the opportunity to learn what it takes to be an integral part of cybersecurity. We’re working with organizations such as Girl Security, WiCys and the Executive Women’s Forum to deliver a powerful message about how rapidly changing technological skills – developed in activities such as hacking competitions known as Capture the Flag (CTF) – not only provide employment options but also new types of employment. Microsoft is also partnering with other organizations such as Vwdiesel and Code Cultures who teach programming skills using different kinds of tools and tasks.

We’re always working towards new educational initiatives, so stay tuned to our blog and check our cybersecurity awareness and education website for updates.

Stay cyber-safe year-round

#

October is commonly known as Cybersecurity Awareness Month. It’s a time for us all to come together and take cyber security seriously, with organizations from all industries working together to teach people about the importance of staying safe online, no matter who they are or where they go in the world. We know that cybercriminals don’t stop working and will try their hardest to get into your system any way they can. That’s why it’s more important than ever to work together and create a culture of cybersecurity awareness year round. We invite you to visit our cybersecurity awareness website for information on Microsoft cybersecurity education programs, and also check out our new education kit here. With everyone playing their part, we feel more secure as a whole.