Cybersecurity Awareness Month: COVID-19 Brings New Challenges and Threats

Learn how changing online behavior can turn core cyber issues from vulnerabilities to assets.

During Cybersecurity Awareness Month, it is important to acknowledge the new challenges that now exist, which we couldn’t have even imagined this time last year: remote work, our kids learning online, doctors providing health care across a screen, to name just a few, but all accompanied by a dramatic increase in new and more common cyber threats.

With these challenges comes an urgent need for good cybersecurity practices. We must identify our weaknesses and help our most vulnerable organizations and institutions—small and medium-sized enterprises, as well as local and regional public services.

These pressing threats and challenges are why the Four Core Cyber Issues — Passwords, Phishing, Software Updates, and USB use — highlighted in the free Cyber Readiness Program at the Cyber Readiness Institute are now more important than ever. These issues stress the importance of human behavior.

If you don’t have an informed workforce, if you don’t have a culture of cybersecurity, then your organization is vulnerable to human error exploited by malicious actors – even if you have the latest and greatest technology. Human behavior is the foundation of cybersecurity and cyber readiness in any organization, especially small and medium-sized businesses. Human behavior can be the most important asset of an organization – or its greatest vulnerability.

If we all take the basic steps to improve our cyber readiness, to improve the cybersecurity of small businesses, then we’ll help secure global value chains. In a world of interdependencies, small businesses are the foundation of the digital economy and we have to do everything we can to help them become more cyber ready.

To create a culture of cyber readiness, your organization should focus on four core issues. Here are some tips:

Cybercriminals know that many people use easy-to-crack passwords, which is why nearly 2 out of 3 data breaches are caused by weak or stolen passwords.

Do not recycle passwords or use a favorite combination across every account. This approach just makes it easier for cybercriminals to hack the user and access multiple accounts after figuring out just one password.

Don’t make it easy for hackers. Strong, unique passwords should be used for every account, without exception. And a strong password is a passphrase of at least 15 characters. A passphrase is part of a sentence, such as “FavVacationYosemite” or a sentence, such as “I like basketball.”

Software Updates
Software updates are issued to add new features and to fix security vulnerabilities found in software. They’re released to protect users against these issues as quickly as possible. Most software companies send a notice that automatically shows up on your screen when the updates are released.

Cybercriminals know that many people ignore these update notifications for days…weeks…even months at a time. These vulnerabilities are holes in your defense. Leaving them unpatched allows attackers easy access to your network.

Some of the most devastating cyber attacks in history targeted software vulnerabilities, which had been fixed by a software update that had not been installed by users. Turning on auto-updates for software and devices, and promptly installing software updates, protects against these attacks.

Phishing attacks are email and text messages designed to appear legitimate and trick people into sharing sensitive information. Phishing works, and hackers have very clever and opportunistic ways of phishing that are hard to detect. The phishing email or text may look like it is coming from your co-worker or boss or your bank.
Hackers count on unsuspecting users to act before they think. Clicking on a link often automatically installs malware onto the user’s device to exploit their systems and data. This easy access is why 91% of all cyber attacks start with phishing.

Knowing the red flags and what to examine in a message can strengthen your defenses. Always hover over the sender’s email to verify the address before clicking on a link in the email. If you are suspicious of an email from within your company, call the sender.

USBs and Removable Media
USBs and removable media are often used to transfer and store information because they’re easy and portable. They are frequently used by people shifting back and forth from a remote environment to an office workplace.

But they can also be used to deploy malicious viruses that can compromise a company’s entire network. Many people simply plug a USB in to see what’s on it, without considering the danger. That’s why 1 in 3 malware infections originate from infected USBs

The best defense is to steer clear of USBs, and for businesses to have a plan in place to help employees make safe decisions regarding removable media. Using cloud storage instead of USBs is the most effective way to ensure you will not be compromised through USBs.

Being Cyber Ready is about having the knowledge and know-how to reduce security risk. It is about behavior. By understanding these core cyber issues, and knowing how best to address them, you can create a culture of cyber readiness and a more secure ecosystem for your business. For more tips and guides, visit