October is National Cybersecurity Awareness Month. While cybersecurity matters every day of the year, this month, the industry collaborates to spread awareness to all stakeholders. The first Cybersecurity Awareness Month was way back in 2004, a joint venture with the National Cyber Security Alliance (NCSA) and the U.S. Department of Homeland Security (DHS). The effort has become one that many companies have joined through the years, imparting cybersecurity best practices for individuals and organizations.
The 2020 Theme: Do Your Part, Be Cyber Smart
The world has changed a bit since last October. Technology may be an even bigger part of our lives, both professionally and personally, as we strive to connect and collaborate virtually. This year, the theme is capturing that sentiment and calling on everyone to adopt and keep good cyber habits. The key message is “if you connect it, protect it,” which is very true and something to always keep top of mind.
In the spirit of this theme and our expertise in business cybersecurity risk management, we wanted to share with you some best practices to do this month and all year round.
Following the NIST Cybersecurity Framework
Best practices related to cybersecurity for your business correlate with the NIST (National Institute of Standards and Technology) Cybersecurity Framework. This includes:
- Identify assets at risk
- Protect those assets
- Detect when a security issue arises
- Respond to this attack with mitigation efforts
- Recover assets in the case of a breach
Cybersecurity Best Practices
1. Conduct Regular Penetration Testing
Your network is only secure as your defenses are. Maybe you carried out pen-testing a few years ago and think that’s sufficient. However, the cybersecurity landscape changes almost every day. Cybercriminals get smarter and more able to crack into networks, so that means you’ve got to reexamine your defenses and vulnerabilities.
With ethical hacking or pen-testing, you imitate an actual hack to see how your network will hold up. If you want to know how cybercriminals can get to you, pen-testing is a must to practice on at least an annual basis.
2. Adjust Your Remote Work and BYOD Protocols
Have you looked at your remote work and BYOD (bring your own device) protocols this year? It’s possible you did when the country went on lockdown and IT teams had to hurry to enable a remote workforce. But did you really dig deep into your rules and processes? Did you account for all the new endpoints to protect?
Securing remote from home workspaces and personal devices is very much a moving target right now for organizations. You have to remain flexible and agile as you rethink the concept of where your employees work.
For the most cyber secure outcomes, go back through your protocols, update them, and share them with all users.
3. Keep Data Protection Initiatives Up to Date
Various elements help you protect your data, applications, and networks. Ensuring these are always up to date can be daunting. Software requires constant version updates. Beyond application updates, you have firewalls, VPNs (virtual private networks), operating systems, and other components that need updating. You can use automation to help manage this so it’s not burdensome.
4. Implement Monitoring Tools
There are a variety of cybersecurity monitoring tools you can deploy to detect any virus and malware attempts. Be sure that you use tools that meet your specific needs, especially if you deal with highly sensitive data, such as PHI (protected healthcare information) or financial information.
As your network changes and grows, you may need to reevaluate the tools in place to ensure they are providing as much detection protection as possible.
5. Make Cybersecurity Education Part of Your Culture
Your employees, unfortunately, are likely your weakest link when it comes to security. Most breaches or malware infections begin because of employee errors that aren’t intentional. They click on that suspicious email, and suddenly there’s an emergency.
To prevent that click and keep employees alert for phishing scams, provide them training on the subject. The training should be in-depth and interactive so that they know what to do should they receive such an email.
Also, include in this training things around password best practices and controlling access. For those working in the office, remind them to lock their screen if they leave their desk. For those working remotely, make sure they don’t allow others in the household to use the device that has access to secure information.
6. Practice Your Incident Response
Every business needs to have an incident response plan (IRP). The plan is basically a document that goes through a lot of “what-if” scenarios. It should also outline your incident response team (IRT) and their functions.
These responses can sound great in theory, but they may not fit the reality. It’s a good idea to practice your IRP as best as possible, simulating real-world occurrences. Only by conducting a test of it will you be able to determine if there are gaps that need readjustment. This may be especially true now if you have a fully remote or distributed team model.
Be Cyber Smart During National Cybersecurity Awareness Month and Beyond
The security and protection of your data, network, and infrastructure should be top of mind every month. During Cybersecurity Awareness Month, it’s a good time to reflect on what you’re doing well and other practices that should be a priority.
Have questions about cybersecurity best practices? Contact us today to learn how we can help.