October is Cybersecurity Awareness Month, and it’s worth taking a minute to reflect on your security stance and what you can do better to protect sensitive data and accounts.
The Current State of Cybersecurity in 2022
Cybersecurity incidents and data breaches continue to increase across all industries. A 2022 report noted a 42% increase in cyberattacks for the first half of 2022 compared to the same period in 2021.
The healthcare sector also continues to be a target. The same report noted a 69% increase in cyberattacks targeting the healthcare sector. The Office of Civil Rights also noted that breaches affecting 500 or more individuals increased from 663 in 2020 to 714 in 2021.
Even more concerning, 74% of the breaches reported to OCR in 2021 involved hacking or IT incidents. In the healthcare sector, hacking represents the greatest threat to the privacy and security of PHI. Organizations must take the threat seriously and take concrete steps to protect their systems.
4 Essential Steps for Better Cybersecurity
So what can you do to avoid falling victim to a cyberattack? The Cybersecurity & Infrastructure Security Agency (CISA) recommends these four essential steps that all employees can take to protect their accounts.
Watch Out for Phishing Scams
Think before you click! Educate employees on common phishing tactics, create policies to help reduce risk, and invest in tools that flag suspicious emails. Phishing tactics are successful because they prey on common human impulses to manipulate individuals into taking quick actions.
Teaching employees what to look out for and putting in place email filtering systems to flag suspicious senders and links can drastically reduce your risk and the probability of your organization falling victim to a hacking incident.
Many people find software updates annoying and snooze them for as long as possible. However, many software updates include security patches for recently identified vulnerabilities. By not updating to the latest version, it leaves your organization vulnerable to attacks.
Use Strong Passwords
It’s an obvious tip to many security professionals, but many people still use weak passwords that are easy to guess. Today it is easier than ever to crack simple passwords using dictionary attacks or finding credentials on the dark web.
Employees should use unique passwords for each account. In addition, passwords should be:
- Randomly generated
- Use a combination of letters, numbers, and characters
- At least ten characters
- Stored securely in a password manager
- Not shared with other employees
Enable Multifactor Authentication
As we mentioned above, cracking passwords is getting easier, especially if employees are not using strong, complex credentials. Enabling multifactor authentication adds another layer of security to account logins. Multifactor authentication requires users to present two or more credentials to log in to their accounts. The first factor required is a typical username and password. The second factor is usually a code contained within a text, email, or push notification. The user must enter this numerical code to confirm that they are logging into the account. Even if your username or password is compromised, a hacker will not be able to access the account without that second factor. It’s wise to require the use of multifactor authentication, especially for accounts that contain sensitive data.
Of course, these tips only scratch the surface of a successful security and compliance program. To get started, complete a risk assessment to identify gaps and areas to improve. LuxSci is here to help improve your email security.