October is Cybersecurity Awareness Month and to celebrate we spoke with five members of Cengage Group's cybersecurity team to get their recommendations on how to stay ahead of cyber criminals. Eric G., Jordan L., Steve C., Dwayne J. and Emma W. each share what it’s like working in cybersecurity and what they suggest you do to increase your cybersecurity and keep your information safe.
1. Choose Your Passwords Wisely
“Cybersecurity Awareness Month is an important opportunity to remind ourselves not to be complacent,” says Steve C., Creative Director for Infosec IQ, our cybersecurity awareness platform. “And having secure passwords is one way we can all practice cyber safety. Password security is easy to overlook, because let's face it: we all hate dealing with passwords. However, using old or shared passwords can give cybercriminals access to your entire digital life. It's not worth the risk.”
Steve suggests following experts’ advice to:
- Change your passwords every three months
- Keep every password unique and don’t use the same password on different sites
- Don’t re-use old passwords
“To help simplify the process, you can use an approved password manager. It stores your passwords securely and auto-fills information when you log into your accounts, which is really useful,” says Steve.
Steve says that he has “the best job in the company! Our team of crazy creatives writes and produces all the award-winning videos that goes into our library. Every day, we dream up fun and innovative ways to teach people how to stay cybersecure.” Steve says that prior to joining Infosec, “I spent 20 years as a producer and editor in Los Angeles. A few years ago, we moved back to the Midwest to be closer to family and that’s when Infosec approached me about leading their internal content team. They wanted to push past the boundaries of typical awareness training and create content that was truly memorable. It was an irresistible idea, so I joined the team. Over 30 major awards later, I think we've succeeded in our mission!”
We asked Steve, “if you could have a superpower, what would it be?” He shares, “my superpower would be the ability to plug in a USB drive correctly on the first try. Every time.” His favorite part about working in cybersecurity is “helping people stay safe online. It only takes one bad click to turn your life upside-down. If we can help someone spot a phishing email or avoid a malicious download - then we've done our job.”
2. Use Multi-factor Authentication
Having a strong password isn’t always enough to keep your information secure. Multi-factor authentication can help. “There are a handful of key security practices I tell everyone for both home and work, and multi-factor authentication is one of them,” says Eric G., Chief Information Security Officer and the leader of our cybersecurity and IT Risk Management function.
“A core problem in security is proving you are who you say you are. There are three ways to do that,” says Eric. He elaborates, “multi-factor authentication can include:
- Something you are: These are things like your voice, your fingerprint, your iris; mostly immutable attributes of you as a person
- Something you know: A password or other personal details
- Something you have: A key, a credit card, a phone, a license, etc.
Multi-factor authentication pairs two of these to get access to things, like your email or bank account. This is significantly stronger than just a password because once someone else somehow knows your password, they can pretend to be you. It’s much harder for them to both know your password and have your phone in their control, for example. This is why it’s important to set up multifactor authentication to protect your most sensitive accounts.”
Eric shared that his favorite part about working in cybersecurity is that “it’s challenging and dynamic; every time we implement a new control, the ‘bad guys’ try to find a way around it. You must always be learning, always challenging the old ways of doing things and always keeping your eyes open.”
3. Know How to Identify a Phishing Attack
Jordan L., Governance Risk and Compliance Analyst says that “one of the most common tactics is phishing, a type of social engineering where an attacker sends a fraudulent message designed to trick a person into revealing sensitive information or to deploy malicious software on the victim's infrastructure like ransomware. Unfortunately, these types of attacks are on the rise so it’s important that everyone is properly trained and well equipped to report suspicious emails. Falling for a phishing attack can be catastrophic – it can put entire company networks at risk and cost millions of dollars to recover.”
To be sure that an email is legit, she suggests:
- Checking that a company’s logo looks correct
- Looking for spelling and grammar mistakes
- Verifying the sender’s address
She adds, “If you are ever unsure, it’s best to call the sender’s company directly before clicking on a link or providing any personal information.”
Jordan says she “decided to work in the cybersecurity field because the work that we do holds crucial importance. My dad was a cop and I always admired how he kept people safe, now I get to do the same. Working in cybersecurity is like being a detective; I try to find the ‘bad guys’ online and stop them before they comprise someone else’s safety. I feel fulfilled knowing that the work I do helps protect myself, my loved ones and my colleagues. Our whole lives are on the internet, and it just keeps growing and growing, creating new opportunities for cybercriminals. Every day brings a new challenge, but that is what keeps things exciting. I enjoy learning new about new risks and discovering ways to mitigate them to keep people safe.”
4. Update Your Software
“Applying software updates is one of the easiest steps you can take to ensure your own cyber security,” says Dwayne J., Cybersecurity Analyst. “If you don’t apply software updates, it’s like going on vacation and leaving the housekey under the welcome mat.”
“Even the best development teams find bugs in their work. The danger occurs when the bad actors find the bugs before the developers do and the defect is made public,” adds Dwayne. “They know the key is under the mat and they’ve told everyone. Software updates (patches), fix those bugs before they can be used to compromise a system. By consistently ignoring updates, you may make your device an open door for attackers to use to gain access to unauthorized data whether you are at home or at work.”
Dwayne continues, “In addition to security updates, software updates frequently include updates to improve performance and reliability. A software update to your operating system could mandate an update to some other installed software. It’s important to keep all software up to date on all your devices. A vulnerability in any of your devices could expose you to unnecessary risk.”
“My favorite part of working in cybersecurity is learning. I work with very intelligent people every day. No one single person knows everything, so I learn from them the way things work theoretically, and the way things work in practice. The amount of experience that surrounds me is awesome,” says Dwayne. “I love the opportunity to harness the skills of my coworkers as they employ knowledge of things long past to solve a problem that is brand new. No two days are the same in cybersecurity, and every situation is a little different, so I get to see that convergence of proficiency happen every day.”
5. Stay Aware of Threats
“It’s important that we recognize Cybersecurity Awareness Month to raise awareness about cyber-safety and empower everyone to protect both their personal and work data from cybercrime,” says Emma W., Product Marketing Manager. She adds that “Infosec IQ's complete security awareness training platform is a fantastic resource that offers personalized training to help learners strengthen their individual security habits, improve organizational security culture, and measurably reduce human risk. Infosec also offers free, downloadable resources called ‘campaign kits’ which include resources like posters, infographics, newsletters/email communications and employee presentations that help reinforce best practices in cybersecurity.”
For Cyber Security Awareness Month, Emma and her team knocked it out of the park with a Level Up toolkit that includes a module filmed at an arcade, posters, newsletters and email communications, an infographic and an employee presentation. All this content was developed with the four key topics that the National Cybersecurity Alliance is focusing on this year:
- Enabling multi-factor authentication
- Recognizing and reporting phishing
- Using strong passwords with a password manager
- Installing software updates
Emma went on to share that “the 2022 Verizon business data breach report found that human error still accounts for the majority (82%) of data breaches. This is why it's more important than ever for organizations to implement a security awareness and training program. We have found that the most successful programs delivered learner-centric training on a monthly or quarterly basis alongside simulated phishing tests that offer in-the-moment training. . . Learner-centric is training that is tailored to an individual’s role/industry or how they have interacted with potential security threats or phishing tests. It needs to be relatable to drive engagement.”
Emma adds, “the majority of what we do is online or virtual, making cybersecurity a part of our everyday lives. For me, there are always new challenges that need to be solved and working for an industry that can help solve them is extremely rewarding.”
This content was originally posted as part of an employee takeover on our LinkedIn page. To see more, follow us on LinkedIn.