![](\"https:\/\/news.sophos.com\/wp-content\/uploads\/2023\/10\/CSAM.png\"\/)
<\/p>\nThis October marks the 20th annual Cybersecurity Awareness Month. The U.S. Department of Homeland Security and National Cybersecurity Alliance launched Cybersecurity Awareness Month in October 2004 to increase cyber awareness and online safety for people across the United States. Since then, it has grown in popularity and is now a focus for educational efforts around the world each October.<\/p>\n
The 2023 theme, Secure Our World<\/a>, encourages everyone to take four key actions to help them stay safe and secure online:<\/p>\n Stealing passwords remains a popular way for criminals to gain unauthorized access. Choosing a strong and complex password will make it harder for hackers to guess it – watch this short video<\/a> to learn how to create one.<\/p>\n We also recommend that you consider using a password manager, which can store, generate, and even apply your passwords – and make it easy to have different passwords for each of your accounts.<\/p>\n MFA is a security measure that requires an additional proof of identity, beyond just a password, to grant you access. Additional proofs of identity could include a one-time passcode, facial recognition, or a fingerprint which are much harder for hackers to replicate. This stops unauthorized people from accessing your systems (and the precious data contained within them).<\/p>\n To illustrate the importance of MFA, check out this article<\/a>. It details how cybercriminals accessed an organization’s security administration system and turned every security setting off \u2013 an issue MFA may have prevented.<\/p>\n Earlier this year Sophos commissioned an independent survey of 3,000 IT professionals into their experiences at the cyber front line. It revealed that email was the root cause of 30% of ransomware attacks, and that phishing is number two in their list of top security concerns for 2023[1]<\/a>.<\/p>\n Phishing emails aim to trick you into revealing sensitive information or doing something that will help the attackers.\u200bThink you\u2019ve spotted a phishing email? Report it immediately to your IT team!\u200b You’ll be helping others stay safe from similar attempts.\u200b<\/p>\n For more tips on phishing, check out this article<\/a>. It highlights the four main steps attackers take when creating convincing phishing emails. Understanding these steps helps you to spot and stop them.<\/p>\n [1]<\/a> The State of Cybersecurity 2023:The Business Impact of Adversaries – Sophos<\/em><\/p>\n The exploitation of unpatched vulnerabilities was the leading root cause of cyber incidents investigated by Sophos in 2022[2]<\/a>. Keeping on top of updates makes software less vulnerable to exploitation by malicious actors. Updates also add new\/enhanced features and boost the general performance of the software.\u200b So\u2026update now!\u200b<\/p>\n Exploited vulnerabilities can have dire consequences as millions of users of MOVEit Transfer (a system that makes it easy to store and share files) discovered earlier this year. You can learn more about this high-profile incident here<\/a>.<\/p>\n [2]<\/a> Everything Everywhere All At Once: The 2023 Active Adversary Report for Business Leaders – Sophos<\/em><\/p>\n1. Using strong passwords (and a password manager)<\/h2>\n
2. Turning on multi-factor authentication (MFA)<\/h2>\n
3. Recognizing and reporting phishing attacks<\/h2>\n
4. Updating software<\/h2>\n
Resources to help you stay secure online \u2013 The Cybersecurity Best Practices Toolkit<\/h2>\n