IT to Provide Tips for Associates to Stay Alert Online During Cybersecurity Awareness Month
The IT Directorate always emphasizes vigilance online, whether you’re doing research for work or surfing the net at home. During October, which is Cybersecurity Awareness Month, IT will go further into the hows and whys of safeguarding your information on the web.
Each week during October, IT will send an email newsletter to the workforce that goes deeper into a cybersecurity-related topic. The Exchange Post will also publish weekly stories about these topics.
“There are four key points,” said Conner Vaughan, Exchange data security analyst. “Phishing, passwords, software updates and Multi-Factor Authentication.”
Kicking things off is Multi-Factor Authentication (MFA), which is familiar to Exchange associates, especially those who work remotely. Most often it’s a “push” sent to a smartphone after your initial sign-on, asking you to verify that you—and not someone else who got hold of your information—are the one signing on.
Other common forms of MFA are texts and phone calls. Entering an extra PIN, answering a security question and biometric identifiers such as facial recognition or fingerprints are also forms of MFA combinations that could be used.
“There are variations of what MFA is,” said Cybersecurity Chief Jesse Tobar. “Push notifications are by far the best. When you sign up for the account, you’re given a special key between you and the authenticator app so that it trusts your smart device. You can’t really duplicate it on another device. It’s purely between you and that application.”
Although busy workers might consider an extra sign-on step to be an inconvenience, using MFA is important. MFA makes it extremely hard for hackers to access your accounts, even if they know your password.
“A lot of people think it’s a hassle,” said Security Operations Center Manager Marco Lai,” but it’s beneficial for everyone, not just while they’re working at the Exchange but in their personal lives.”
Vaughan adds, “It’s probably the single most effective tool for protecting yourself online. If you can only do one thing, it should be to enable MFA for your most important accounts.”
The National Cybersecurity Alliance recommends using MFA whenever it’s offered, especially with bank accounts, email, social media and online stores. .
Once it’s set up, MFA only adds a couple extra seconds to the log-in process. According to Microsoft, MFA is 99.9 percent effective in preventing breaches.
Despite its effectiveness, even using MFA requires vigilance.
“Users need to be careful about MFA fatigue,” Vaughan said. “That’s where someone has stolen your log-in and password and they’re just over and over sending a push to you. You might say, ‘I’ve gotten 50 of these. I’m just going to approve it.’ That’s how they get in. You shouldn’t approve it unless you’re expecting it.”
If you start receiving unprompted approval requests, the National Cybersecurity Alliance recommends that you immediately change your password for the account and any other account that uses the same MFA service.
To learn more about the National Cybersecurity Alliance, click here. To learn more about the Exchange’s Cybersecurity Awareness Team, click here.
Next week’s topic: Phishing. Follow ExchangeAssoc Instagram, X and Facebook throughout October for posts on Cybersecurity Awareness Month topics.
