With cooler weather heralding the start of another fall season, it’s also time to usher in another Cybersecurity Awareness Month. And just in time for this annual cybersecurity focus, we’ve seen two major security breaches in the past two weeks: Uber and Take-Two Interactive. Since 2004, the President of the United States and Congress have declared October Cybersecurity Awareness Month. During this month, the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA) led a government-industry collaboration to raise national and global cybersecurity awareness.
Cybersecurity Awareness Month is a much-needed reminder to many that highlights the ongoing risks and importance of cybersecurity in general. The recent 800% increase in cyber threats indicates that awareness needs to happen year-round. That’s why we draw your attention to these five useful and proven tips for your organization:
#1: Improve Identity and Authentication
Identity and authentication are commonly seen as gateways to a major data compromise, and there are a handful of best practices that serve as the front line of protecting sensitive data:
- Zero Trust
It all starts with strong passwords and password policies. Apply them wherever you can and from a personal behavior standpoint, don’t reuse passwords across multiple sites. Fortunately, passwords aren’t the only thing standing between your accounts and the critical or personal information they contain. Additionally, Multi-Factor Authentication (MFA) is an absolute must in the wild world we live in. While MFA alone is not foolproof, it is a critical step in ensuring the right guardians are in place for a comprehensive security posture.
This brings us to Zero Trust, which is a principle that organizations should be moving toward at full speed. Zero Trust treats every system and every use with the utmost care, using encryption, biometrics, MFA and any means necessary to validate everything, anywhere, anytime. The breaches by Uber and Take-Two Interactive in September are sparking renewed interest in this important security approach.
#2: Adopt end-to-end encryption
Not too long ago, data protection meant something that was fortified with a strong perimeter to defend it. As we have moved to a more agile, cloud-based, and distributed foundation and workforce for everything we do, locked data can no longer ensure security as it flows from endpoints, through networks , to mega data systems.
The only way to make security possible is with complete encryption and this is a principle you should implement everywhere for data in transit and at rest. Most cloud systems have understood this, but when you secure your endpoints, mobile phones, apps, email and apply these security aspects throughout the data lifecycle, your security risks will see reductions. significant.
#3: Update software and systems
Take a moment to look at your software updates and device patch regimen. This basic exercise ensures that you implement the best possible versions of the firmware and software you use every day. It’s also beneficial to take an inventory of software that you don’t use regularly and that can add risk in the background. The same goes for devices such as firewalls, routers, and networks, as vendors work to fix discovered vulnerabilities through patches and platform updates designed to improve security. Many of the reported technical exploits can be attributed to system vulnerabilities that were discovered during scanning by malicious third parties.
Severe vulnerabilities usually result in rapid updates, so there can sometimes be a balance between managing security updates and stability requirements. However, in most cases, things like automatic and routine updates can only serve to improve your overall security.
#4: Educate on cybersecurity
There are many threats to the front line, from social engineering to technical means, and these threats are often the first domino to fall in a sequence of events. One of the most common tactics is the use of phishing, which has been around for decades but continues to evolve. Not so long ago, fake emails were easily spotted due to poor spelling and grammar, but that’s no longer the case. Criminals impersonate trustworthy institutions and brands with same-name domains, hacked logos, and entire pages that look like the real thing.
To mitigate these deceptive tactics, cybersecurity training is one of the best investments an organization can make to build a culture of cybersecurity awareness. When users know what to look for and become familiar with the tactics malicious actors use to gain access to accounts and sensitive information, they can report suspicious activity such as phishing emails to IT.
#5: Review your breach preparedness plan
Few think about it – it’s an uncomfortable notion in its very nature, but you have to be prepared for the unthinkable and have your planned response ready should a cyber event occur. And this must be done at regular intervals. Hopefully a breach is something you rarely if ever encounter, but when you have an up-to-date preparedness plan in place, it makes all the difference in the world when the need arises.
A breach preparedness plan ensures that everyone understands their roles and responsibilities not only in preventing, but also in responding to an incident, no matter how minor or serious.
Let’s continue like this
If we all commit to reviewing these tips throughout the year on a weekly, monthly, or even bi-monthly basis, we are fostering a culture of cybersecurity awareness within us. We each need to assess where our respective organization is in terms of cybersecurity maturity and move it forward with these principles in mind. Maintaining a proactive, not reactive approach to cybersecurity is the end goal of awareness, and your security base will thank you for it.