Ah, Fall is finally here… pumpkin lattes, fire pits, and a crispness in the air are some of the things I enjoy about this season. But Fall is also a time to reflect on your organization’s Cybersecurity Posture since October is Cyber Security Awareness Month. This October marks the 18th anniversary of the annual campaign which was started in 2004 by the National Cyber Security Alliance (NCSA), in collaboration with the Department of Homeland Security (DHS). This year’s theme is: “Do Your Part. #BeCyberSmart” and is predicated on the fact that we all have a role to play in cybersecurity and it’s important that we remain vigilant. Here are eight helpful tips on what should consider reviewing.
Cybersecurity Awareness Tips
- Account Auditing is one of the simplest ways to secure your organization. Periodically auditing Active Directory and SaaS/IaaS accounts can help secure your organization by removing access to accounts no longer in use. Confirm that all accounts associated with past employees or contractors are disabled, deleted, or removed.
- Confirm Multifactor Authentication (MFA/2FA) is enabled on all accounts controlled by your organization. MFA adds an additional layer of security and can minimize the chances for account takeover or compromise. For increased security, review and adjust the frequency of prompting for MFA. If your organization is using a remote access VPN, this should also be secured with MFA.
- Review your organizations patch management policy and confirm that all critical patches are installed in the timeframe set forth in your policy. With responsible disclosure and bug bounties programs continuing to evolve, new vulnerabilities are reported more frequently than ever before, and patching is crucial to securing your organization. If your organization is behind on patching, develop a plan to catch up.
- Check for legacy hardware on all critical infrastructure – We all seen it….a switch that was end of life three years ago, or firewall with the last firmware released more than a year ago. While IT Budgets are tight, assess the risk of deferring end-of-life hardware replacements by asking yourself a few simple questions: Is the device critical to run your business? Has the manufacturer discontinued providing firmware and software updates? Are parts available for the device anymore? If the answer is yes to any of these questions (or all of them), it’s time to replace that legacy hardware.
- Are you providing monthly or annual Cyber Security awareness training for your employees and contractors? With proper training, your staff can act as a “human firewall” and defend against cyber threats, at minimal cost to your organization.
- Check those backups! Backing up data is crucial but it’s equally important to test your backups periodically to ensure you are ready when disaster strikes. Check the integrity of your backups and run a simulation before it’s too late.
- Review your disaster recovery plan and familiarize yourself with it. Creating a solid disaster recovery plan and keeping it up to date is critical to your organizations ability to recover from a cyber incident. If you don’t have a plan, create one now.
- Lastly, when was the last time you updated your Rolodex? All kidding aside, when disaster strikes, you may not have access to your computer or the Internet. Your organization should have an up-to-date paper copy of all critical contacts for use in case of emergency.
For more information on Cybersecurity Awareness Month and additional resources on securing your organization, please visit:
National Cybersecurity Alliance – staysafeonline.org
Cybersecurity and Infrastructure Security Agency – cisa.gov