Trustwave's 2024 Financial Services Threat Reports Highlight Alarming Trends in Insider Threats & Phishing-as-a-Service. Learn More

Trustwave's 2024 Financial Services Threat Reports Highlight Alarming Trends in Insider Threats & Phishing-as-a-Service. Learn More

Services
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Security
Unlock the full power of Microsoft Security
Offensive Security
Solutions to maximize your security ROI
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

Trustwave Adds a Twist to Cybersecurity Awareness Month: More Security!

October 1 marks the start of Cybersecurity Awareness Month and traditionally Trustwave has discussed the general security concepts highlighted by the Cybersecurity and Infrastructure Security Agency (CISA), and National Cybersecurity Alliance (NCSA). However, this year Trustwave will take a slightly different approach. In the same vein that one can never have too much cowbell, Trustwave believes there is no such thing as too many security tips.

With this in mind, Trustwave is not satisfied with just discussing CISA’s and the NCSA’s 2024 themes, which are:

  • Use strong passwords and a password manager
  • Turn on multifactor authentication
  • Recognize and report phishing
  • Update software

While we note that all these topics are extremely important to maintain good cyber hygiene - and we will cover those topics in this blog - our experts believe that there are three crucial topics missing from the 2024 list:

We will dive into the first of these topics starting on October 7 and one per week for the rest of the month, but let’s cover this year’s official security issues first.

 

2024 Cybersecurity Awareness Month – The Basics

Recognize & Report Phishing

To stay safe from phishing attempts, it’s crucial to recognize common signs. Be wary of urgent or emotionally charged language, especially messages that threaten dire consequences if you don’t respond immediately. Requests for personal or financial information, untrusted shortened URLs, and incorrect email addresses or links (like amazan.com) are red flags. While poor grammar and misspellings used to be common indicators, the rise of AI means some phishing emails now have perfect grammar and spelling, so it’s important to look out for other signs as well.

If you suspect phishing, resist the urge to click on links or attachments that seem too good to be true, as they may be attempts to access your personal information. Instead, report the suspicious message to protect yourself and others. You can usually find reporting options near the sender’s email address or username or use the “report spam” button in your email toolbar or settings.

Finally, delete the message without replying or clicking on any links, including “unsubscribe” links. Just delete it to stay safe.

 

Use Strong Passwords

To create a strong password, it’s essential to follow three key tips. First, make your passwords long—at least 16 characters, as longer passwords are generally stronger. Second, ensure they are random. You can achieve this by using a random string of mixed-case letters, numbers, and symbols, such as “cXmnZK65rf*&DaaD” or “Yuc8$RikA34%ZoPPao98t.” Alternatively, you can create a memorable passphrase consisting of 4 to 7 unrelated words, like “HorsePurpleHatRun” for a good passphrase, “HorsePurpleHatRunBay” for a great one, and “Horse Purple Hat Run Bay Lifting” for an amazing one.

Security.org has a helpful password-strength tool to test your password’s strength. Please remember, if you choose to check your password’s strength, make sure only to use a trustworthy tool. Otherwise, you may well be giving your password to a threat actor who might quickly put it to use or place it into a password dictionary.

 

Turn On MFA

To turn on Multi-Factor Authentication (MFA) for each account or app, start by going to the settings, which might be labeled as Account Settings, Settings & Privacy, or something similar.

Next, look for the option to enable MFA, which could also be called two-factor authentication or two-step authentication. Once you find it, turn it on and select your preferred MFA method from the options provided. These options might include receiving a numeric code via text or email, using an authenticator app that generates a new code every 30 seconds, or using biometrics like facial recognition or fingerprints to confirm your identity.

 

Update Software

To keep your software up to date, follow these three simple steps: First, watch for notifications from your devices about updates for operating systems, programs, and apps, and make sure to install all updates, especially for web browsers and antivirus software.

Second, install updates as soon as possible when notified, particularly critical ones, as malicious online criminals won’t wait.

Finally, turn on automatic updates so your devices can install updates without any input from you as soon as they become available. To enable automatic updates, check your device’s settings under Software or Security, and search for “automatic updates” if needed.

Don’t forget to stay tuned for our additional coverage in the coming weeks.

ABOUT TRUSTWAVE

Trustwave is a globally recognized cybersecurity leader that reduces cyber risk and fortifies organizations against disruptive and damaging cyber threats. Our comprehensive offensive and defensive cybersecurity portfolio detects what others cannot, responds with greater speed and effectiveness, optimizes client investment, and improves security resilience. Learn more about us.

Latest Intelligence

Discover how our specialists can tailor a security program to fit the needs of
your organization.

Request a Demo