Cybersecurity Awareness Month is a great time to refocus on your cybersecurity efforts, assess your current initiatives, and plan for the year ahead. But "cybersecurity" is a broad topic that means different things to different people. So, to kick off our favorite month we're starting with the basics—10 simple actions you can take this month to substantially improve your cybersecurity.
- Change. Your. Password. And no, 'Admin1' is not a good password update. This may be obvious to some, but our team constantly runs into default or generic passwords that put our customers at risk. Set up clear requirements for employee passwords to ensure everyone is following this golden rule.
- Delete and unsubscribe to any unused applications, software, and subscriptions. If you don’t use it, you don’t need it, and it’s just another entry point for attackers to hack into your systems.
- Become more aware. This month is a great opportunity to learn from industry experts and #BeCyberSmart. Train, educate, and challenge your teams. Don’t wait for a hacker to teach your teams what not to do.
- Inventory your networks' connected assets. Most people are surprised by what they find when they perform a full network scan. Old PCs, end-of-life servers tucked away in a back room—you name it—all could be potential points of entry.
- Scan for and address your vulnerabilities. This is the many-to-one rule: You have many assets to lock down, the hacker only has to find one vulnerability. Even devices you know are on the network carry vulnerabilities, so imagine the risks hiding in the ones you don't know about.
- Implement multi-factor-authentication (MFA) whenever possible and enforce MFA policies. This is one of the simplest ways for employees to actively participate in a company's cybersecurity efforts. And no, sharing your password with a coworker is not the same as MFA.
- Update your Incident Response Plan… and TEST it! If your primary contact doesn’t work for the company any longer, your plan is no good. If no one knows what qualifies as an “incident”, your plan is no good. If your plan is a 'don’t ask, don’t tell' plan or 'hope for the best' plan, your plan is no good. And if you have a no good plan, you better have a very good amount of money set aside to address issues when it all hits the fan.
- Revisit and update any policies related to work-from-home (WFH). We know the world has changed and it's likely that everyone is now set up to work from home. Now, make sure your cybersecurity programs address the potential of "little Timmy" grabbing daddy’s work computer to record a TikTok video.
- Commit to a cybersecurity framework. It’s 2020, just choose already! From NIST to CIS 20 Critical Security Controls—they all have their merits and can greatly improve an organization's cybersecurity posture. Trust me, picking one and following it is actually easier than trying to figure out what restaurant to order from.
- Make cybersecurity part of your corporate operational culture. Revisit 1-9, rinse, and repeat. Cybersecurity is not taboo. And it's not going to take care of itself. Talk about it with leaders, employees, and vendors. Encourage participation. And as an added bonus, good cybersecurity practices can and will win you more business.
Follow along as we share our knowledge of cybersecurity as a #CybersecurityAwarenessMonth champion.