While cybersecurity makes headlines all year round, October’s annual National Cybersecurity Awareness Month (NCSAM) brings a fresh opportunity for individuals and organizations alike to reflect on their current cyber defense strategies and how they can improve them moving forward.
In honor of this year’s NCSAM, Merritt Group’s security practice has gathered a list of their favorite cybersecurity tips and tricks to protect cyber operations while also driving forward thought leadership in the space. Check out their advice below!
What is National Cybersecurity Awareness Month?
NCSAM was originally created in 2004 via a partnership between the National Cyber Security Alliance (NCSA) and the Cybersecurity and Infrastructure Agency (CISA). The ultimate goal of the online safety, awareness, and education initiative was to empower both individuals and organizations to own their respective roles within the cyberspace industry and provide everyone with the information they need to stay safer and more secure online.
This year’s theme is “See Yourself in Cyber,” which highlights the fact that, even though cybersecurity can be a complex (and sometimes scary!) subject, there are many ways individuals and businesses alike can protect themselves from the onslaught of attacks and disinformation campaigns.
This year, Merritt Group’s security practice experts shared their own suggestions on easy-to-implement security best practices for everyday life. Have your clients implemented any of these techniques into their thought leadership or educational content recently?
Tom Rice, Executive Vice President and Partner
I always recommend signing up for a credit monitoring service. This is one of the best ways for individual consumers to know if someone has stolen their identity, whether threat actors
are opening up new credit cards in their name or applying for a large loan. Time is of the essence when it comes to identity theft, so credit monitoring is a great way to increase consumers’ chances of recovering stolen information!
Michelle Schafer, Senior Vice President and Partner
As if phishing attacks weren’t enough of a headache, lately, it seems that voice phishing (vishing) and SMS phishing (smishing) attacks are seeing a major surge in media coverage! I recommend that my clients encourage their end users to think twice before clicking on any links or picking up phone calls from unknown numbers. Some best practices are to be suspicious of unsolicited phone calls, texts, and email messages. Consumers should never give out any financial or personal information. I like to remind my clients that the IRS will never call them, and if they didn’t order that Amazon package or Uber Eats, don’t click on the link to track it.
Julia McGavran, Account Director
Organizations should always respect the patches! We’re all busy and moving a million miles an hour, but it’s ALWAYS worth taking the time to stop, drop, and update! It’s so important to adhere to the updates when they are pushed as they often address critical vulnerabilities that, when left open and unpatched, can allow hackers to wreak havoc on your system.
Katie Pesek, Account Supervisor
Spread the word! As PR professionals, we love to talk about security tips, tricks, and misconceptions. After all, it’s our job! But it shouldn’t stop when we close our laptops. Oftentimes the people who need to hear about security most are the ones we aren’t speaking to about it. I like to encourage my clients to broaden their cybersecurity outreach to audiences that might not be as fully immersed in the subject as they are—you never know who you could reach!
Katie Brookes, Account Manager
I recommend that people always be mindful of who they’re sharing their personally identifiable information (PII) with. With everything hyper-connected today, it’s easy to accidentally give up information online and on social media. Phone numbers, birthdays, or anything that is unique is gold in the hands of a hacker!
Matt Blecker, Senior Account Executive
Considering this year’s theme of “see yourself in cyber” and the persistent skills gap within the industry, pursuing a career in cybersecurity is a hot topic right now. Whether it’s working in PR and marketing (like us here at Merritt Group), the business side, or even more technical roles like SOC analysts or CISOs, there’s plenty of affordable and accessible resources out there (not necessarily a 4-year college degree) to help people get their foot in the door. The industry is only going to continue to grow and become more important as we move into 2023—we’re going to need all the help we can get!
Ashley Long, Senior Account Executive
A common mistake I see is organizations prioritizing convenience over security. It can be really easy for people to use the same password for every website or application, leave their laptop open and unlocked when they walk away from their desk, or turn down those options to enable multi-factor authentication (MFA). However, getting hacked is far more inconvenient. Basic security hygiene tips like strong password management and MFA can go a really long way in protecting companies from attacks.
Ashley Mason, Senior Account Executive
Bluetooth is one of those technology features that is everywhere nowadays, but it can also be an easy entry point for hackers to access devices. I recommend clients develop a habit of turning Bluetooth off when not in use, avoiding public internet, and always patching when an update comes through. It may seem tedious, but cyber hygiene is a must!
Oliver Cowley, Account Executive
Verifications cannot be stressed enough! One of the tips I see all of the time is, if you see an email from a colleague, family member, or anyone claiming to be a trusted person in your life and they ask for sensitive information, ALWAYS double verify. First, verify that the email address is indeed the correct email address for that person. Second, reach out to that person through another communication channel (text or phone call). Too often individuals fall victim to identity theft and give away their personal information simply because threat actors ask for it. Stay vigilant and protect yourself at all times!
Jacob Berman, Account Executive
MFA extends far beyond just a few applications that utilize facial recognition on your iPhone. When using MFA, people should also make sure they have a secure email address linked as well. Both emails and phone numbers can easily be spoofed, so using a standard personal email address for MFA can open people up to some serious threats. One tip I like to recommend is to make sure you have a complex but memorable password in place, and don’t share that email with any other sites (shopping, newsletters, or your doctors office), so in case of a breach, that address is safe from hackers.
Julia Hawkins, Account Coordinator
Cyber hygiene isn’t just for work devices! People should also secure their personal devices too by keeping phone and laptop software up to date and staying alert when sifting through emails/texts. Additionally, I like to remind people that protecting their personal devices also includes any Internet of Things (IoT) devices that may be in their home (Alexas, Ring doorbells, etc.). These should always be password-protected and require MFA authentication whenever it’s available.
John McBride, Account Coordinator
In the same way that you wouldn’t click a link shared by a stranger, people shouldn’t scan QR codes that they find in the wild! If the curiosity is too strong, they can always do a Google search of whatever is being advertised. Similarly, rather than scanning a restaurant’s supposed menu QR code, people can manually open a browser on their phone and access the menu through the restaurant’s website. When QR codes are the only option, it’s important to make sure they are coming from a reputable source.
Emily Carter, Account Coordinator
Knowledge is key! I love staying up to date on my favorite cybersecurity-focused publications — whether it’s a technical trade like SC Magazine or Dark Reading or a well-known business outlet like Wall Street Journal or Bloomberg with a strong cybersecurity section! Cybersecurity is constantly changing, and keeping up to date on recent cybersecurity trends can be the difference between an encounter with threat actors or having a secured device with little vulnerabilities.
Have a tip or trick that has resonated particularly well with your client or target audience? Share your thoughts with us!
For more information about the history of NCSAM, how to become a NCSAM “Champion,” and additional activities or resources, please visit: https://staysafeonline.org/cybersecurity-awareness-month/. Read more about cybersecurity trends in PR and marketing, view our security practice blog posts.