Cybersecurity Awareness Month: Time to Recalibrate and Prioritize Security
National Cyber Security Awareness Month (NCSAM) is here — and it doesn’t seem like last year’s NCSAM was too long ago.
The past year has been rough, with highly publicized security breaches like Kaseya grabbing headlines regularly. The size and nature of your business don’t seem to matter as hackers play no favorites with organizations of all sizes feeling the pain of lax security practices.
Consider the arrival of National Cyber Security Awareness Month as a time to recalibrate security at your organization. The time is now to increase awareness and prioritize security with the goal of ensuring everyone has the resources to work safer online. This month is also an excellent time to get familiar with the globally recognized information security standard, ISO/IEC 27001, which can serve as your organization’s transformation guide.
Each week of National Cyber Security Awareness Month has a unique theme focused on increasing awareness and promoting increased network security. In this article, we’ll explore each week’s theme.
Week 1: Be Cyber Smart
Week 2: Fight the Phish
Week 3: Explore. Experience. Share
Week 4: Cybersecurity First
Be Cyber Smart
Smart security today extends past our laptops to the many connected devices rapidly populating every corner of our lives, especially our homes. Currently, there are more than 10 billion active IoT devices. This trend is only increasing, and by 2025 there will be 152,200 IoT devices connecting to the internet every minute.
What connected IoT devices offer in convenience they often sacrifice in security. Many provide open, unprotected pathways for threat actors to enter home or business networks. The ease and frequency with which hackers exploit connected devices are alarming. In the first six months of 2021, 1.5 billion IoT-related breaches occurred, most using the telnet remote access protocol.
The trend toward remote workforces, home offices, and connected devices doesn’t appear to be fading anytime soon. So how can we go about making our home networks safer?
NCSAM is the perfect time to begin implementing the home network protection tips below. Start protecting your home network by:
- Changing all your Wi-Fi passwords
- Regularly checking all devices connected to your home network, making sure all are recognized
- Ensuring your wireless router firmware, anti-virus software, browser settings, and operating systems are current
- Segmenting your work from home connected life (which is easier than you may think)
Fight the Phish
Phishing is understandably popular with today’s threat actors — it’s easy, cheap, and amazingly continues to work. Even with all the social engineering training and publicity this scamming tactic receives, phishing is still involved in over a third of all breaches. Keep in mind that 96% of these attacks come through email, making employees every company’s first line of defense.
Why do we continue to fall for phishing scams? More importantly, how can we successfully identify and prevent future attacks?
Many phishing scams appear legitimate, appearing to come from a trusted source. They can attempt to deceive with personalized information, spoofing specific organizational leaders or colleagues to gain trust. They also stress urgency, attempting to force the target into a quick decision. Fortunately, many phishing scams also leave clues. Below are some signs that should trigger a phishing scam red flag:
- The greeting, tone, style, voice, or language used isn’t appropriate for the relationship
- Text is sloppy with grammar or spelling errors
- There’s inconsistency with email addresses, links, and domain names
- Threats are made or urgency is stressed
- Unusual requests are made (CEO asking for immediate funds transfer)
Below are some recognized best practices to combat phishing attacks:
- Organize and initiate a robust, up-to-date, anti-phishing training program for all employees.
- Run phishing fire drill tests at least monthly and review results afterward as a group.
- Use multi-factor authentication (one-time password codes, security tokens, biometrics) for network access, so even if a password leaks, it becomes useless to hackers.
- Use behavioral analytics technology to baseline normal behavior and then use these standards to identify abnormalities.
Explore. Experience. Share.
If you are looking to build your future in a practically recession-proof industry, exploring a career in cybersecurity can be an exciting step. With a large and expanding skills gap in cybersecurity, this is an ideal time to explore the possibility of becoming a security professional.
The journey to becoming a cybersecurity professional starts in a number of ways, in addition to college programs. With a wealth of free online sources, many top-level cybersecurity pros build their skills from the convenience of their homes. If you combine a genuine interest in cybersecurity with some basic knowledge, it can then become a matter of finding a company willing to give you experience working at an entry-level position.
After gaining experience in the trenches, investing in continuing education through certifications focusing on a certain technology or platform can prove worthwhile. Many cybersecurity companies will allow time to gain the required job experience and provide scholarship opportunities to enter a career in security.
Learning from peers and sharing experiences to keep current is important for security professionals. By attending educational conferences and local events security teams can keep up with the latest solutions available and be aware of new techniques adversaries are using.
During the 20th century, an explosion in workplace accidents triggered what became known as the Safety First Movement. Today, we need a Cybersecurity First Movement where protecting online data receives the highest level of focus and commitment from all organizations.
Information security isn’t a “nice-to-have” anymore — it must become every organization’s priority and the responsibility of every employee. Companies must factor security into all strategic decisions and aspects of their business. Every team must make a conscious effort to embed security principles across their organization while holding everyone accountable for protecting the company network.
Whether you’re a global giant, blossoming startup, or tiny household, we can all commit to making this year’s Cybersecurity Awareness Month a critical turning point in the creation of a more aware and secure cyber community.