Keeping Yourself Safe Online Beyond Cybersecurity Awareness Month

by Sandra Lee, Senior Director, Sales – Greater China, ASEAN, Korea, Sophos

While October was global Cybersecurity Awareness Month to raise awareness for the importance of protecting ourselves and our businesses online, it takes more than a month of awareness to reduce the risk of a cyberattack. That is why initiatives like that of the Malaysian Government, which allocated RM60 million to bolster the nation’s cybersecurity measures to combat scams and cyberattacks on an ongoing basis are critically important.

However, while the government is making inroads to help the nation become more secure, the onus is on individuals and businesses to do all they can to protect themselves from becoming victims to a range of online criminals through phishing, scams and system breaches.

Here are four simple actions everyone should take to stay safe online:

1. Use Strong Passwords (And A Password Manager)
Stealing passwords continues to be a commonly employed method by criminals seeking unauthorized access. To enhance protection, choose a strong and complex password, thereby making it harder for criminals to hack it.

Also consider using a password manager, which can conveniently store, generate, and auto-fill your passwords, simplifying the practice of using distinct passwords for each of your online accounts.

2. Turn On Multi-Factor Authentication (MFA)
MFA is a security measure that requires additional proof of identity, beyond just a password, to grant you access. Additional proofs of identity could include a one-time passcode, facial recognition, or a fingerprint scan which are much harder for hackers to replicate. This stops unauthorized people from accessing your systems and gaining access to valuable data.

3. Recognize and Report Phishing Attacks
Earlier this year, Sophos conducted an independent survey of 3,000 IT professionals, into their experiences at the cyber front line. The survey found that 30% of ransomware attacks could be traced back to email as the primary entry point, with phishing ranking as the second most pressing security concern for 2023.

Phishing emails are designed to manipulate individuals into revealing sensitive information or taking actions to help the attackers get access. If you suspect you’ve come across a phishing email, it is crucial to promptly report it to your business’s IT team. By doing so, you contribute to the collective effort of safeguarding others against similar malicious attempts.

4. Update Your Software
The exploitation of unpatched vulnerabilities was the leading root cause of cyber incidents investigated by Sophos in 2022. Staying vigilant with software updates is a vital practice as it makes software less vulnerable to exploitation by malicious actors. Furthermore, updates often introduce new features, enhance security, and improve overall software performance. Therefore, it’s advisable to ensure your software is up to date.

The ramifications of exploited vulnerabilities can be severe, as demonstrated by the incident earlier this year involving millions of MOVEit Transfer users, a system for file storage and sharing.

Beyond Cybersecurity Awareness Month, it’s crucial to keep in mind the importance of protecting our digital presence. By remaining conscious and implementing these practices throughout the year, we can collectively contribute to a safer and more secure digital environment that benefits us all.