Editorial

Protect your organisation with these cybersecurity tips

Paul Kelly, director, Security Business Group at Microsoft UK shares some advice for business during Cybersecurity Awareness Month

Posted 20 October 2022 by Christine Horton


October is Cybersecurity Awareness Month, and I’m excited about what Microsoft and our partners in the industry have planned to help everyone stay #CyberSmart. While technology can help us on our journey, it’s really people who are our greatest strength.

The SANS 2022 Security Awareness Report  found that people are the primary attack vector for cyber criminals around the world. Mix that with today’s boundaryless workplace, organisations need a comprehensive approach to security that safeguard identities, data, and devices. A best in breed approach that allows you to do more with less will help you on your path. Additionally, organisations need to enable security teams to change how people think about cybersecurity and helping them practice secure behaviours.

Therefore, we want to help public sector organisations empower their people around security fundamentals, such as protecting their identities, updating their software and devices, and not falling prey to phishing schemes.

It’s up to each of us to #BeCyberSmart

In 2022, the most common causes of cyberattacks are still malware (22 percent) and phishing (20 percent). Even with the rise of sophisticated technology and tools, us humans are the most reliable, low-cost attack vector for cybercriminals worldwide. And currently, public sector organisations are a high target for criminals. That’s why we all need to stay informed about how to prevent breaches and defend ourselves, both at work and at home.

Here are some basic steps we can all take to #BeCyberSmart:

Phishing

Deceptive emails, phony websites, fake text messages — according to the government, of the 39 percent of UK businesses affected by cyber breaches in 2021, phishing accounted for 89 percent. So, how can we avoid taking the bait?

  • Check the sender’s email address for verifiable contact information. Common phishing tip-offs include a misspelled or unrelated sender address. If in doubt, do not reply. Instead, create a new email to respond.
  • Don’t click on links or open email attachments unless you have verified the sender.
  • For more tips, visit the National Cyber Security Centre’s (NCSC) phishing site.

Devices and software

Unpatched, out-of-date devices and software are a leading access point for cybercriminals. That’s why practicing good cyber hygiene is so important for avoiding destructive malware that can steal users’ personal information. To help keep your devices safe:

  • Enable the lock feature on all your mobile devices.
  • Activate multifactor authentication on your sensitive apps and accounts.
  • Run antivirus software and install system updates immediately.

Scams

Criminals can sometimes directly contact people to ‘fix’ a non-existent problem. The email or text message will contain a sense of urgency, such as “Act now to avoid having your account locked!” If you see this type of message, do not click the link. And remember to always report any suspected scam to your security team and ActionFraud. A few tips to remember:

  • Be sceptical of unsolicited tech support calls or error messages requesting urgent action.
  • Do not follow any prompts to download software from any third-party website.
  • When in doubt, open a separate browser page and go directly to the company’s webpage.

Passwords

Passwords are our first line of defence against unauthorised access to accounts, devices, and files. However, with average person now having over 150 online accounts; password fatigue is always a danger. Some tips on how to protect your passwords include:

Building a diverse cybersecurity workforce

According to Cybersecurity Ventures, there will be a predicted 3.5 million cybersecurity positions going unfilled worldwide by 2025. That’s why it’s important to work together to reskill and upskill students, veterans, people re-entering the workforce or anyone with an interest in becoming a cybersecurity defender. We have a range of initiatives to help people skill up, with learning resources, training and more.

Stay cyber smart year-round

Cybersecurity Awareness Month is a special time for us as we collectively come together—industry, academia, and government—to promote the importance of a secure online environment. We know that cybercriminals are persistent and driven, working all day, every day with no days off. That’s why we need to work together on awareness and education year-round and build a culture of cyber defenders.

Please continue to visit our cybersecurity awareness and education website to learn more about cybersecurity education programs from Microsoft and get our new cybersecurity education kit to use in your organisation. Everyone has a role to play in cybersecurity, and when we learn together, we are more secure together.

Learn more

Explore our best practices and educational resources with our Cybersecurity Awareness website.