October is Cybersecurity Awareness Month

In 2004, the President of the United States and Congress declared October as Cybersecurity Awareness Month. The goal of this designation is to help individuals protect themselves online as daily threats increase - not only in their personal lives but also in the business world.?

This year the Cybersecurity Awareness Month’s campaign theme is “See Yourself in Cyber” and identifies that cybersecurity is ultimately about people, which means seeing yourself in cyber no matter your role. Cybersecurity may seem like a complex subject that only concerns IT organizations, but, ultimately, it is also about the people. As an individual - whether in your personal life or as an end-user in your company - you are responsible for your behavior. Hence it is important to be aware of your role in cybersecurity.

What does that mean for me?

We encourage all of you to take an active role in cybersecurity and engage in this year's effort to create awareness. You need to enable yourself with basic cyber hygiene practices, including:

• Only use good, strong passwords and change them regularly. Do not reuse passwords across different platforms (e.g., your email account and your social media account). Each password should only be used once. Try using a password manager like OnePassword, KeePass, etc.
• Think before you click - if you don’t know the source or sender, never click on links. Always suspect that a link can be malicious.?
• Use multi-factor authentication (MFA) whenever possible. MFA enables a second means of authentication in case your username and password gets exposed. Most online platforms (e.g., social media, email clients, online banking) offer MFA in the form of receiving a PIN code or token sent to your mobile phone, or an alternate authenticator application.
• Update your software and applications - don’t delay updates, do them immediately. As soon as a security update is publicly available, there is a known weakness. If possible, turn on automatic updates. This is true not only for your computer, laptops, and tablets but also smartphones, etc.

The best tools in cybersecurity cannot 100% guarantee to stop an attack from happening. In many cases, the weakness lies with us, the “people” - because we reuse passwords or click on links (phishing emails). Social engineering is on the rise, which means that hackers/attackers gain knowledge about the people and environment before they start the attack. With that knowledge, the attacks are much more sophisticated and more challenging to detect. Social engineering attacks oftentimes come with the urge to act immediately. Typical examples are the request to send a wire transfer the same day or to buy vouchers and gift cards and send them back immediately. Be aware that these attacks typically coincide with an actual event - e.g., the manager going to a conference and asking one of the employees to purchase a gift card for a customer.

Be Suspicious and Second-Guessing

Being suspicious and skeptical helps to stay safe. Always second-guess a request or email, and never click on links you don’t know. If your manager asks you to do something suspicious, it is better to second-guess than to fall into the trap. Second-guessing means, for example, picking up the phone and asking to confirm the transaction. If the CFO asks you to wire the money immediately, or your manager sends you an email to buy a gift card immediately, and they tell you it needs to happen ASAP - just ask yourself - why didn’t he call me instead? If I need something asap from my employees, I should give them a call and explain exactly what I need. The turnaround time is usually quicker and accurate when speaking on the phone.

Stay up to date in the world of cybersecurity, especially topics relating to SAP, with my newsletter.?