Cybersecurity Awareness Month 2023

20 Years of Cybersecurity Awareness Month

October 2023 marks 20 years of Cybersecurity Awareness Month, a month dedicated to raising awareness about digital security, and empowering everyone to protect their personal data from digital forms of crime.

This year, government leaders and industry execs are looking at how far we’ve come in the last 20 years, and where we need to go to secure our digital future.

Read our blog: Key Factors for a Successful 20-Year Partnership: Exclusive Networks and Fortinet Share Their Secret

As a global cybersecurity specialist for digital infrastructure, Exclusive Networks is committed to accelerating the transition to a totally trusted digital world.​ We continue to work together with our vendors and partners to secure technology, protect critical infrastructure and bridge the cybersecurity careers gap through cutting-edge solutions, services and training to equip our world with the critically needed cyber guards of tomorrow. This includes our Exclusive Academy initiative, a specialised training programme to bring in young talents and give practical field experience as well as theoretical training from Exclusive Networks’ experts.

We are pleased to be officially championing Cybersecurity Awareness Month 2023.

This year’s Cybersecurity Awareness Month promotes the following four key cybersecurity behaviours, created to be simple and actionable for both individuals and businesses:

  1. Create strong passwords and use a password manager
  2. Enable multi-factor authentication
  3. Update your software
  4. Recognise and report phishing attempts

While we help partners and their customers to keep their data protected in many ways, following these few simple steps can make a big difference to helping everyone stay safe and secure online.


Create strong passwords and use a password manager

Weak or stolen passwords are responsible for 81% of data breaches. Would you believe that the most common passwords used in 2023 are still ‘123456789’ and ‘password’? Cybercriminals can crack a weak password, or one that can be easily guessed, within hours. More complex, ‘strong’ passwords on the other hand, can take more than a lifetime to decipher.

Microsoft defines a strong password as:

  • At least 12 characters long, but 14 or more is better
  • A combination of uppercase letters, lowercase letters, numbers, and symbols
  • Not a word that can be found in a dictionary or the name of a person, character, product, or organisation
  • Significantly different from your previous passwords – stolen passwords are often shared online for other cybercriminals to use
  • Easy for you to remember but difficult for others to guess, e.g., a memorable phrase like “6MonkeysRLooking^”.

To keep accounts and devices safe and secure, never share usernames or passwords with anyone and avoid writing them down. Considering that the average user has 27 different work applications that need verification, a password manager can be a great help if you have many accounts and struggle to memorise multiple passwords. Many password managers automatically update stored passwords, keep them encrypted, and require multi-factor authentication for access.

Due to the risks posed by poor password hygiene, many businesses are now turning to passwordless authentication.

Read more about Thales FIDO2 Passwordless Devices

Read more


Enable multi-factor authentication

Multi-factor authentication (MFA) provides an extra layer of security in addition to passwords, to prevent unauthorised users from accessing accounts and devices, even when a password has been guessed or stolen. It requires more than one kind of credential to sign in. MFA comes in multiple forms, all of which ensure that you’re the only person that can access your account.

MFA methods include:

  • Something you know: Passwords, PINs, and security questions
  • Something you have: Hardware or software tokens, certificates, email, SMS, and phone calls
  • Something you are: Fingerprints, facial recognition, iris scans and handprint scans
  • Your location: Source IP ranges and geolocation

An increased use of cloud, mobile devices, and extended supply chains are driving organisations to seek strong MFA solutions. The above methods are based on a variety of technologies, most prominently One-Time Passwords (OTPs) and Public Key Infrastructure (PKI). Here’s how these technologies work, according to Thales.

OTPs are a form of ‘symmetric’ authentication, where a one-time password is simultaneously generated in two places – on the authentication server and on the hardware token or software token you have in your possession. If the OTP generated by your token matches the OTP generated by the authentication server, then authentication is successful, and you’re granted access.

PKI authentication is a form of ‘asymmetric’ authentication as it relies on a pair of dissimilar encryption keys – namely, a private encryption key and a public encryption key. Hardware PKI certificate-based tokens, such as smart cards and USB tokens, are designed to store your secret private encryption key securely. When you authenticate to your organisation’s network server for example, the server issues a numeric ‘challenge.’ That challenge is signed using your private encryption key. If there’s a mathematical correlation, or ‘match,’ between the signed challenge and your public encryption key (known to your network server), then authentication is successful, and you’re granted access to the network.

Watch The Science of Secrecy with Simon Singh to learn more about public key cryptography

Watch here


Update your software

Many users assume that software updates are released to introduce new product features, but they also include important patches to fix IT security vulnerabilities and bugs. The same goes for device operating systems (OS), too. Having up-to-date software is an essential way to stay one step ahead of those threat actors who thrive on software vulnerabilities.

Most IT teams will push out automatic software updates for your organisation’s enterprise applications and device OS. This is what typically prompts your device to restart. When you’re updating software yourself, always be sure to check that you’re downloading it from an official source as unofficial software often contains malware. Many devices and applications have an auto-update option, which means you don’t need to worry about outdated versions or missing important security patches.

Scan for vulnerabilities across your organisation with Tenable Nessus

find out more


Recognise and report phishing attempts

Phishing is a scam designed to steal sensitive information or passwords, compromise devices, or send money to cybercriminals. It usually comes in email form but can also take the form of deceptive text messages (known as smishing, a combination of SMS and phishing), social posts, web pop-ups, phone calls (known as vishing – or voice phishing), and even collaboration tools like Microsoft Teams – a new breed of risk.

Read more about Block viruses, malware, and phishing with Mimecast Protection for Microsoft Teams

read more

In phishing, cybercriminals use social engineering to trick you into sharing private and confidential data, such as bank account numbers or login information. They may ask for your name, account information, date of birth, passwords, and other sensitive or secretive information. They will often lure you into opening a link or a file in a legitimate-looking message. Always be sure to hover over a link first to check it looks legitimate, and if you have any doubt, don’t click on it, report it. Look out for:

In phishing, cybercriminals use social engineering to trick you into sharing private and confidential data, such as bank account numbers or login information. They may ask for your name, account information, date of birth, passwords, and other sensitive or secretive information. They will often lure you into opening a link or a file in a legitimate-looking message. Always be sure to hover over a link first to check it looks legitimate, and if you have any doubt, don’t click on it, report it. Look out for:

  • An unspecific sender, someone you don’t know, or that doesn’t match the “from” address
  • Unfamiliar, unusual, or generic greetings
  • Spelling and grammar errors
  • A suspicious link that doesn’t match the URL of the webpage in the email
  • A link to pictures or videos from people you don’t know
  • A link or attachment to view something unexpected, e.g., to track an unknown package
  • Attachments with incorrect or suspicious filenames or suspicious file extensions (.bin, .com, .exe, .html, .pif, .vbs, .zip, .zzx)
  • Low-resolution images

To track and encrypt business emails you send containing sensitive data, consider RPost

FIND out more

Generic, everyday phishing usually isn’t targeted and is easier to spot. Other types of phishing include:

  • Spear phishing: targets a specific individual and studies them to be able to write a more convincing, legitimate-looking message to trick them into letting down their guard and sharing sensitive information.
  • Whaling: specifically targets CEOs and senior leadership team members.
  • Shared document phishing: mimics an email from file-sharing sites like Dropbox, Google Drive, or OneDrive to say a document has been shared with you, but the link is for a fake login page that steals your account credentials.

To combat phishing, many organisations are investing significantly in formal cybersecurity awareness education for their employees and are turning them into their most valuable line of defence against cyberattacks.

Read more about Proofpoint’s Security Awareness Training and Phish Simulation Platform

read more

Cybersecurity doesn’t have to be complicated or overwhelming. Even just practising these 4 basic steps helps to develop secure habits that can be easily incorporated into daily life. When each person and each organisation play their part, we collectively reduce cyber risks and keep our digital way of life protected and trusted.


Find out more

Learn more about ways organisations can support the cybersecurity skills uptake: