October is National Cybersecurity Awareness Month!

NCSAM is a great reminder to refocus on cybersecurity awareness, but education needs to take place throughout the year to be fully effective. We want to make it easy for you to educate your customers, board, and community to stay cyber-safe all year long. We encourage you to review the Nexcore Secure Security Awareness Toolkit to easily share cyber tips, social media posts, events, and more, reinforcing the strong cybersecurity culture of your organization.

Download your toolkit! 

As our online lives expand, we’ve gone from having just a few passwords to today, where we might manage upwards of 100. That’s 100 unique passwords to remember if you’re using strong password habits. Password managers can save users a lot of headaches and make accounts safer by recommending strong passwords. This October, we’re dispelling the misconceptions about password managers and showing others how these tools will keep them safe online.

Did you know?

• 53% of people rely on their memory to manage passwords. (Ponemon Institute)
• Only 45% of adults would change a password after a breach. (Google)
• 75% of people said they don’t know how to create secure passwords in the first place. (Ponemon Institute)
• 81% of the total number of breaches leveraged stolen or weak passwords. (LastPass)
• 61% of employees use the same passwords for multiple platforms. (LastPass)
• 28% of adults in the US use the same password for all of their online accounts. (Business Insider)

Quick Tips to Share:

• Running out of password ideas? Let password managers do the work for you.
• Lock up your password list. Replace your written list of passwords with a password management tool.

SBS Resources:Click on the image to download your security awareness poster.📷

• {Download} Password Tips: It’s important to create strong, complex passwords for your systems. That’s why we’ve put together these best methods for stronger passwords to help you train your employees. Keep in mind, though, that based on the risk of each system, these standards may fluctuate.
• ​{Solution} Password Audit: Use brute-force and dictionary attack methods to test the strength and complexity of your passwords.

Multi-factor authentication, or MFA, is a security measure that requires anyone logging into an account to navigate a two-step process to prove their identity. MFA adds another layer of protection making it twice as hard for criminals to access an online account. When it’s available, always turn it on because it’s easy to do and greatly increases your security.

According to guidance by the Cybersecurity and Infrastructure Agency (CISA) and backed up by research from Microsoft, enabling MFA can prevent 99% of automated hacking attacks in a Zero Trust environment. It is the single greatest risk-decreasing control you can implement in your enterprise.

The math makes sense. If you require both a password and another factor like FaceID to increase your protection, the account's security basically doubles! 

It's important to remember that these statistics refer to automated attacks. You still need to be on the lookout for social engineering hacks, like phishing, where cybercriminals try to trick you into giving them your password or MFA code. 

Did you know?

• Only 26% of companies use multi-factor authentication. (LastPass)
• Two-factor authentication has become more popular over the last two years, with 79% of US/UK respondents saying they used it in 2021, compared to 53% who used it in 2019.  (Duo Labs)
• SMS text messages are the most common second factor US/UK users choose when logging into two-factor authentication accounts, at 85%. (Duo Labs)

Quick Tips to Share:

• 99.9% of account hacks could have been blocked by MFA. Enable MFA on every application that allows it.
• Do the two-factor two-step. Always use multi-factor authentication!
• Go beyond the username and password. For an added layer of security, enable multi-factor authentication when available.
• Give a hacker a hard time! When you use MFA on your accounts, it means cybercriminals can't access your account with just your password alone.

SBS Resources:

• {Blog} Behind the Hack: How Employee Handling of Phishing Emails Can Allow a Hacker Inside Your Network: During a recent social engineering assessment, an SBS CyberSecurity network security engineer was able to gain internal network access from a phishing email. Here’s a brief overview of how the issue was identified and controls that could have helped secure the network.  
• {Blog} Six Controls to Dramatically Reduce Cyber Risk of Incidents: Get the answer to one of our most asked questions: "What is your single biggest suggestion for everyone to better prepare for a cybersecurity issue/incident?"

One of the easiest ways to keep information secure is to keep software and apps updated. Updates fix general software problems and provide new security patches where criminals might get in. This Cybersecurity Awareness Month, we’re telling others to step away from the “remind me later” button to stay one step ahead of cybercriminals.

Did you know?

• Nearly a third (31%) of US/UK respondents say they either “sometimes,” “rarely,” or “never” install software updates. (NCA)
• 68% of the participants reported installing the latest updates and software as soon as these are available. (NCA)
• Just 20% of Android devices use the latest and safest OS version. (Symantec)

Quick Tips to Share:

• Turn on automatic updates on all your devices. Set it and forget it!
• Stop clicking "Remind me later." Don't hesitate to update!
• Keep it clean. Keep a clean machine with current security updates, web browser, and operating system.
• Delete when done. Uninstall any apps you no longer use.

SBS Resources:

• {Blog} Security Patch Overload: The endless cycle of patching may leave many asking themselves, Why? Is there a better way? How can we improve this process? This blog covers the topics that a modern patch management program should address.

Phishing attacks have become an increasingly common problem for organizations of all sizes and can be very difficult to spot. 30% of small businesses consider phishing attacks to be their top cybersecurity concern. It’s important for every individual to stop and think before clicking on a link or attachment in a message and know how to spot the red flags.  Cybersecurity Awareness Month 2025 will give individuals the tools they need to recognize a phish and report it to their organization or email provider.

Did you know?

• Nearly 3 out of 4 companies experienced a phishing attack in 2020 (Symantec).
• 42% of the participants said they used the reporting capability on a platform (e.g. Gmail) “very often” or “always”. (NCA)

Quick Tips to Share:

• Follow the Golden Rule of Email! Treat every email like a phishing email.
• Call to verify. Always call the sender or send a chat (not an email) to verify a suspicious email. 
• Think and rethink before you click. Don't click on any link or download unless you have verified the sources and are certain of where it will send you.

Nexcore Secure Resources: (Click on the image to download your security awareness poster. 

• {Tip Sheet} Investigating Phishing Emails: If your organization is notified that emails are being sent that appear to come from you or an employee of your organization, the process outlined in this download can be useful in determining if the email is spoofed or if you have a compromised email account.  
• {Blog} The Golden Rule of Email: Because of the mass amounts of phishing emails targeting victims every day, it is more important now than ever to remember The Golden Rule of Email, the modern version of the well-known principle.  
• {Product} uSecure: Your employees are frequently exposed to sophisticated phishing and ransomware attacks in today’s world. This is why Nexcore Secure has partnered with uSecure to offer an effective Human Risk Management (HRM). Learn about uSecure's ease of use and ease of admin for the world’s most popular integrated platform for awareness training combined with simulated phishing attacks.