Cybersecurity Awareness Month: Time to Recalibrate and Prioritize Security

In the headlines, there is no shortage of highly publicized security breaches, such as LAPSUS$, affecting a wide range of organizations. The size and nature of your company don’t seem to matter, as hackers play no favorites, with organizations of all types and sizes feeling the pain and paying the price for lax security practices.

Consider the arrival of National Cybersecurity Awareness Month (NCSAM) as a time to recalibrate security at your organization. The time is now to increase awareness and prioritize security with the goal of ensuring everyone has the resources to work safer online. This month is also an excellent time to get familiar with the globally recognized information security standard, ISO/IEC 27001, which can serve as your organization’s transformation guide.

Each week of National Cybersecurity Awareness Month has a unique theme focused on increasing awareness and promoting increased network security. In this article, we’ll explore each week’s theme. 

Week 1: Be cyber smart
Week 2: Fight the phish 
Week 3: Explore. Experience. Share.
Week 4: Cybersecurity first 

Be cyber smart

Smart security today extends past our laptops to the many connected devices rapidly populating every corner of our lives, especially in our homes. In 2021, there were more than 10 billion active IoT devices. This trend is only increasing, and by 2025 there will be 152,200 IoT devices connecting to the internet every minute. 

What connected IoT devices offer in convenience they often sacrifice in security. Many provide open, unprotected pathways for threat actors to enter home or business networks. The ease and frequency with which hackers exploit connected devices are alarming. In the first six months of 2021, 1.5 billion IoT-related breaches occurred, most using the telnet remote access protocol. 

Our new normal of remote workforces, home offices, and connected devices doesn’t appear to be fading anytime soon. So, how can we go about making our home networks safer? 

NCSAM is the perfect time to begin implementing the network protection tips below. Start protecting your network by:

1. Changing all your Wi-Fi passwords (annually, at minimum!)
2. Regularly checking all devices connected to your network, making sure you recognize all of them
3. Ensuring your wireless router firmware, anti-virus software, browser settings, and operating systems are current with the latest updates and patches. You can usually find instructions for how to do this on the vendor support pages.
4. Segmenting your work from home connected life (which is easier than you may think)

Fight the phish

Phishing is understandably popular with today’s threat actors. It’s easy, cheap, and — amazingly — continues to work. Even with all the social engineering training and publicity this scamming tactic receives, phishing is still involved in more than a third of all breaches. Keep in mind that 96% of these attacks come through email, making employees every organization’s first line of defense — and for you and your family at home!

Why do we continue to fall for phishing scams? More importantly, how can we successfully identify and prevent future attacks?

Many phishing scams appear legitimate, appearing to come from a trusted source. They can attempt to deceive with personalized information, spoofing specific organizational leaders or colleagues to gain trust. They also stress urgency, attempting to force the target into a quick decision. Fortunately, many phishing scams also leave clues.

Below are five signs that should trigger a phishing scam red flag:

1. The greeting, tone, style, voice, or language used isn’t appropriate for the relationship.
2. The text is sloppy with grammar or spelling errors.
3. There are inconsistencies with email addresses, links, and domain names.
4. Threats are made or urgency is stressed.
5. Unusual requests are made (e.g., your CEO asking for immediate funds transfer).

Below are four recognized best practices to combat phishing attacks:

1. Organize and initiate a robust, up-to-date, anti-phishing training program for all employees. 
2. Run phishing fire drill tests at least monthly and review results afterward as a group.
3. Use multi-factor authentication (one-time password codes, security tokens, biometrics) for network access, so even if a password leaks, it becomes useless to hackers.
4. Use behavioral analytics technology to baseline normal behavior and then use these standards to identify abnormalities.

At home, remind your family of important things, like: 

1. Always navigate to your financial accounts via their home pages, not links in email.
2. Never read your PIN or security code (MFA, Google authenticator, etc.) to anyone on a phone call or email.
3. Clicking on links to fun quizzes or personality assessment sites can contain hidden malware dangers — don’t do it! 

Explore. Experience. Share.

If you are looking to build your future in a practically recession-proof industry, exploring a career in cybersecurity can be an exciting step. With a large and expanding skills gap in cybersecurity, this is an ideal time to explore the possibility of becoming a security professional. 

The journey to becoming a cybersecurity professional starts in a number of ways outside of traditional college programs. With a wealth of free online sources, many top-level cybersecurity pros build their skills from the convenience of their homes, or enter security through desktop support or other helpdesks; after all, troubleshooting is its own process. If you combine a genuine interest in cybersecurity with some basic knowledge, it can then become a matter of finding a company willing to give you experience working in an entry-level position.

After gaining experience in the trenches, investing in continuing education through certifications focusing on a certain technology or platform can prove worthwhile. Many cybersecurity companies will allow time to gain the required job experience and provide scholarship opportunities to enter a career in security.

Learning from peers and sharing experiences to keep current is important for security professionals. By attending educational conferences and local events, security teams can keep up with the latest solutions available and be aware of new techniques adversaries are using. 

Cybersecurity first

During the 20th century, an explosion in workplace accidents triggered what became known as the Safety First Movement. Today, we need a Cybersecurity First Movement, where protecting online data receives the highest level of focus and commitment from all organizations. Unfortunately, it has become the norm to hear of major breaches across key industries such as healthcare, financial services, and retail.

Information security isn’t a “nice-to-have” anymore; it must become every organization’s priority and the responsibility of every employee. Companies must factor security into all strategic decisions and aspects of their business, to protect their stakeholders. Every team must make a conscious effort to embed security principles across their organization while holding everyone accountable for protecting the company network.

Whether you’re a global giant, blossoming startup, or tiny household, we can all commit to making this year’s Cybersecurity Awareness Month a critical turning point in the creation of a more aware and secure cyber community.

Read our guide to mitigating phishing attacks to make sure you understand the common challenges of phishing attacks, and get five steps you can take to protect your organization.