October was first named Cyber Security Awareness Month in 2004 by CISA (the Cybersecurity & Infrastructure Security Agency). For the last 20 years, CISA has used this month to encourage organizations to reduce their risk based on timely themes.
This year’s themes have been:
- Use Strong Passwords
- Turn on MFA (Multi-Factor Authentication)
- Recognize & Report Phishing
- Update Software
Here’s a brief overview for each, and practical advice on how you can use Tanium to either bring them to life or to take them to the next level.
1: Use strong passwords
CISA reminds organizations that weak passwords — such as simple letter or number strings, or easily guessed words like pet names and birthdays — are not safe. They can be easily cracked, exposing the account’s sensitive information and permissions.
To prevent this, CISA recommends organizations use strong passwords. These include passwords that are at least 16 characters long, that are unique to each account, and that use random strings of numbers, symbols, and upper and lowercase letters. CISA recommends using a password manager to create, store, and use these passwords.
Tanium can also help bring this advice to life. With the Microsoft Entra ID integration, you can use Tanium to set advanced configuration policies such as requiring passwords that are acceptably strong. From there, Tanium can scan every asset in your estate for passwords that do not meet these criteria, deny them access rights, and rapidly remediate their password gaps at any scale in seconds.
Here are a few more resources about Tanium and password management:
- Tanium Experts Bust Common Password Myths
- Why We Still Need World Password Day
- How Weak is Your Password?
2: Turn on Multi-Factor Authentication (MFA)
CISA reminds organizations that strong passwords are not enough. Even the strongest password can still be compromised, and when that happens the malicious actor who stole it will be able to access the connected account without further effort.
To prevent this, CISA recommends organizations use multi-factor authentication (MFA). This forces a user to confirm their identity when logging into an account through some other action (such as entering a code sent to them through another channel). This second step prevents account access from a stolen password alone.
Tanium’s Microsoft Entra ID integration can also help bring this advice to life. With this integration, you can establish MFA policies on any asset — or all assets — in your estate with just a few clicks. It will prevent access to assets that have not yet established MFA.
With this integration, you will also be able to easily establish complex, fine-grained MFA policies such as setting the window of time for inputting an authentication, limiting login attempts, increasing the number of required authentications, and more.
To learn more about how Tanium manages MFA, read on:
- What is Multifactor Authentication (MFA)?
- The Future is Passwordless
- Is Multifactor Authentication Living Up to Its Hype?
3: Recognize & report phishing
CISA reminds organizations that phishing is still a big threat. Malicious actors are still sending harmful links and attachments — via emails, texts, direct messages, or phone calls — to infect user devices or to convince them to share sensitive information.
To prevent this CISA recommends a three-step process. First, recognize the common signs of a phishing message. Second, resist the urge to click on a suspicious link or attachment. Third, immediately delete the message. CISA recommends training users to follow these steps, and to report any suspected phishing messages they receive.
With Tanium, you can take this a step further. You can recognize that training users to recognize and report phishing is necessary, but not sufficient. Even the most diligent user may not recognize a phishing attack until it’s too late. When this happens, there’s only one way to prevent harm — through established Zero Trust policies that limit the harm from a compromised account and rapidly detect and respond to incidents.
Here are a few resources about how Tanium can implement zero trust to limit harm:
- What is Zero Trust?
- Achieve Zero Trust at Scale with Tanium and Microsoft Entra ID
- Tanium for Zero Trust
4: Update software
Finally, CISA reminds organizations to keep their software up to date. When a user ignores or delays updating their asset, they leave known vulnerabilities open on their asset and create unnecessary security risk for themselves and their organization.
To prevent this, CISA recommends a few steps. Organizations can turn on automatic updates on all of their devices wherever possible. For all other devices, users and IT must watch for notifications and install updates as soon as they become available. These simple actions are one of the easiest way to maintain effective cybersecurity.
Keeping assets updated is one of Tanium’s core functions. With Tanium, you can rapidly scan every asset in your estate to determine where patches and updates have already been applied and where they are missing. From there, Tanium can apply patches and updates in near-real time — at any scale, no matter where devices are located, with minimal resource consumption.
To learn more about how Tanium maintains cyber hygiene, read on:
- What Is Cyber Hygiene and Why Does It Matter?
- What is Patch Management?
- What is Software Management?
Bring these themes to life at your organization
Cyber Awareness Month will soon end, but the themes highlighted this year are timeless. Now is the time to move from gentle reminders and increased awareness of these themes to direct, concrete, and timely action. To do so:
- Take a few minutes to reread this post and review this year’s themes
- Ask yourself — which do we have on lock, and where do we have gaps?
- Reach out today and learn how to close those gaps with Tanium
Protecting your organization from cyber threats begins with understanding your current risks. Get started by requesting your comprehensive Tanium Risk Assessment today.