When thinking of October, Halloween and other fall festivities naturally come to mind, but October is also Cybersecurity Awareness Month. In fact, this year is actually the 20th Anniversary of Cybersecurity Awareness Month! That’s right, 20 years! With the change of seasons, also comes the need to change with the times when it comes to the ever-evolving world of technology. The following four behaviors are highlighted as part of this year’s Cybersecurity Awareness Month campaign. In this second article, we’ll review and explore how these individual steps can impact cybersecurity.
- Turning on Multifactor Authentication (“MFA”)
Some may be more familiar with two-factor authentication. Microsoft Security defines Two-factor Authentication or 2FA as “an identity and access management security method that requires two forms of identification to access resources and data. 2FA gives businesses the ability to monitor and help safeguard their most vulnerable information and networks.”
In contrast, Multifactor Authentication (“MFA”) encompasses three common factors as also explained by Microsoft Security. Essentially, it breaks down to the following:
- Something you know
Actually, this component connects to the utilization of strong passwords. A password is just one example of how you can use a means that is particularly personal to you to better protect yourself against potential cyber vulnerabilities. As Microsoft noted, “Compromised passwords are one of the most common ways that bad guys can get at your data, your identity, or your money. Using multifactor authentication is one of the easiest ways to make it a lot harder for them.”
- Something you have
Many today own a smartphone, and this is an example of how something you have can add an additional layer of protection on a cyber level. On a global scale, there are approximately 5.25 billion smartphone users in 2023 alone as reported by Oberlo. In fact, Statista determined that the most smartphone subscribers reside in the following countries: China, India, and the United States. Due to the volume of smartphone use across countries, this is a very manageable means to employ this second factor of MFA.
- Something you are
Finally, facial recognition would be just one way to better protect against information being improperly accessed. As described by Norton, “Facial recognition uses technology and biometrics — typically through AI — to identify human faces.” While posing some privacy concerns, facial recognition can be used to better protect one’s identity from a cyber perspective.
These additional safeguards via MFA provide additional layers of protection that help to deter bad actors from being able to access information. Depending on the industry, utilization of multifactor authentication may be a required as opposed to an optional safeguard. For example, New York State’s Department of Financial Services instituted 23 NYCRR 500 as a means to foster improved cybersecurity regulation.
A covered entity under 23 NYCRR 500.1 (c) extends to “any Person operating under or required to operate under a license, registration, charter, certificate, permit, accreditation or similar authorization under the Banking Law, the Insurance Law or the Financial Services Law.” This covered entity definition encompasses a large group of affected entities. In 23 NYCRR 500.12 (b), multifactor authentication is required unless the applicable entity’s “CISO [chief information security officer] has approved in writing the use of reasonably equivalent or more secure access controls.”
- Using Strong Passwords & a Password Manager
Another advantageous step is not only selecting a strong password, but also utilizing a password manager. There are a variety of password managers available, such as Google Password Manager. Essentially, a password manager helps an individual to store passwords for future accessibility, helping to alleviate the “I forgot my password” issue.
- Updating Software Regularly
When starting your day, it’s oftentimes a common occurrence to receive a reminder that it’s time for a software update. While it could be tempting to put it off until later, those updates help to protect the many different varieties of information stored on one’s computer.
- Recognizing & Reporting Phishing
As cyber criminals become more sophisticated, recognizing a phishing email has only become even more challenging. As noted in a recent Synapse blog article, (https://www.synapsellc.com/national-construction-appreciation-week-recognizing-the-nuances-of-cyber-risk-and-the-construction-industry-part-one/) phishing “involves a hacker sending a request, often in the form of an email, designed to look like it has been sent from a trusted organization or company. Phishing emails attempt to entice a recipient to give up sensitive data (such as a password) or download an attachment containing malware” as explained by Maryville University’s “Types of Security Breaches: Physical and Digital” article.
The sheer volume of emails received daily only adds to the problem, and the number is only expected to dramatically increase. According to Statista, the number of emails sent and received on a global basis has increased every year from 2017 going forward. For example, the number of emails sent/received is anticipated to increase on a global scale to 392.5 billion emails in 2026 as also noted by Statista. As of 2022, the number of emails sent/received totaled 333 billion; this would be a projected increase of 59.5 billion emails over only a four-year span, encompassing emails sent/received from 2022 to 2026.
Moving forward, there are many proactive as opposed to reactive approaches to cybersecurity that can be utilized. Cyber insurance is just one of those risk management strategies that should be examined. There are many costs with a cyber event; business interruption and public relations costs are just some of the associated costs that may be included under a cyber insurance policy. The world of cyber is a very nuanced one, so it’s necessary to inquire about what coverage options are available, especially for the more challenging classes of business to place that include but are not limited to casinos, managed service providers (“MSP”), construction and manufacturing. Afterall, cyber issues are not specific to any one industry. Rather, it’s an issue that affects all sectors!
Those cybersecurity protocols referenced above are just a snapshot of the multitude of protocols out there. Some may be optional while others are required. It’s important for industries to familiarize themselves with the regulations and/or other related statutory frameworks in place that impose certain restrictions and/or requirements on them. As the New York State Department of Financial Services put it, “Multi-Factor Authentication (“MFA”) is an essential part of cybersecurity hygiene.”
Synapse Services offers cyber insurance coverage options for an expansive number of industries. Please contact one of our producers if you are interested in receiving additional information about the availability of cyber insurance options specifically tailored to your industry.
By: Jessica Cambridge