CISA’s New Four-Step Online Safety Awareness Program for NCSAM

Facebook
Twitter
LinkedIn

This year is the 20th annual National Cyber Security Awareness Month (NCSAM). The month’s focus is on a new online safety awareness program that the Cybersecurity and Infrastructure Security Agency (CISA) is launching. The program encompasses four key behaviors individuals and agencies can adopt to stay safe online: strong passwords and password managers, multifactor authentication (MFA), recognizing and reporting phishing, and updating software. James McGregor, Product Business Manager for Cisco Security at TD SYNNEX, aims to ensure that partners are aware of the security solutions offered to them and shared his thoughts below on CISA’s new program.

The first step of CISA’s new online safety awareness program is to use strong passwords and a password manager. It is essential today to maintain different passwords for each account, which makes remembering the correct one difficult. Many individuals either have varied login credentials for countless accounts or have one login for all, which is the worst possible solution. McGregor shared that if “someone malicious was able to access the single login, they would now have access to all your accounts. The idea is to have not only multiple passwords for all your accounts, but also strong passwords.”

Turning on multifactor authentication (MFA) is the next step in the program. MFA products, like Duo, seek to remove the need for passwords by allowing the users to access other solutions besides passwords, such as push notifications, a token to a device only the individual can access, or even biometrics. “Since the password system is flawed, it has led to the development of alternatives, like MFA,” said McGregor. With the cyber threat environment, gaining access to passwords jeopardizes sensitive information, so “solutions to minimize that risk of loss or damage is incredibly important.”

Next, the program emphasizes the need to recognize and report phishing attempts. McGregor advised that the primary step should be looking at the email domain and determining its origin. For example, a phishing attempt may say that your account has been compromised and to click a link to fix it. The domain, however, is coming from a generic email account rather than an organization’s support domain. “If it looks suspicious, that should be your first red flag.” Another way social engineering occurs is through impersonating people within your organization. This can be identified if the email doesn’t include the common email signature or if the email is delivered in the middle of the night when most people are sleeping. “It’s best to err on the safer side and report emails that seem suspicious in any way,” said McGregor. 

Updating software is the final step in the online safety awareness program. McGregor shared how organizations continuously look for bugs in their systems since they want their products to be flawless. While this may not be completely attainable, this is where threat actors look to find vulnerabilities and infiltrate environments. By maintaining consistent software updates, individuals can stay up to date on their system’s security and mitigate any potential vulnerabilities.

CISA’s new online safety awareness program prepares agencies to defend against threat actors and guides them to adopt safe online practices. With strong passwords and password managers, MFA, recognizing and reporting phishing, and updating software, individuals can be better equipped to diminish the possibility of cyberattacks.

To learn more about National Cyber Security Awareness Month and the online safety awareness program, click here.

Author

More Like This