What Should You Be Doing For Cyber Security Awareness Month (and, well, all the time)?
by Dave Westbrook,
We recently wrote about Cyber Security Fundamentals and, since October is Cyber Security Awareness Month, it's worth stressing again the importance of preventing cyber intrusions and to raise awareness about best practices in cyber security.
Cyber security is more important than ever before. A 2007 University of Maryland study estimated that a cyber attack occurs every 39 seconds. Most worrying is that 90% of data breaches are caused by end-users. These alarming stats demonstrate the ongoing threat that businesses face, and the requirement to ensure awareness of cyber security at all levels.
"Cyber security awareness is a shared responsibility... We're all responsible for securing cyberspace—from the home user to the corporation to the government—and Cyber Security Awareness Month is focused on instilling cyber security best practices."
Cyber Security Awareness Month founder Dave Jevans
While Cyber Security Awareness Month may only happen once a year, it's important you make a commitment to your organisation's cyber security throughout the year. Cyber criminals don't take a break. Here are some ideas on how to get started:
Make sure that everyone understands what Cyber Security Awareness means in practice and ask employees how they think you can improve as an organisation. Consider running training sessions throughout the year, which typically include courses, workshops, and spot-checks.
Get the basics right
Cyber security starts with your network—if it's not secure, then everything else is moot.
Thank you Joey Tribbiani
Make sure that all devices on the network are equipped with antivirus software, firewalls and other forms of malware protection. Backups are also crucial to protect against ransomware attacks. It should be possible to restore data quickly after an attack if you have good infrastructure for backups.
Avoid the insider threat
Cyber criminals are increasingly targeting current and former employees. Cyber security awareness training typically includes advice on how to prevent this threat. For example, ensure that all passwords have a mix of special characters, numbers and letters. Avoid the use of common passwords across accounts and ensure your people lock their devices when not in use.
Monitor what's going on
Cyber security isn't just something that happens in the background—you need to take proactive measures in order to ensure it works effectively. Monitor and log device usage and consider deploying a SIEM (Security Incident and Event Management) across your IT estate. If someone is browsing questionable websites or using services such as Tor, apply web content filters or firewalls to block them. In addition, SIEM looks for unusual activity and can detect when systems are compromised.
Don't be complacent
Cyber criminals and attackers look for the weakest link and many people in organisations will fall victim to social engineering attempts, such as phishing emails and other scams. Cyber security awareness training should emphasise how important it is not to click on links or download attachments from suspicious emails. You should also inspect your financial records regularly in order to spot fraudulent activity such as unauthorised payments.
Be careful what you say
Cyber espionage continues to be a big threat, with an estimated 51% of attacks coming from within the network according to Cyber Security Awareness Month statistics. To reduce this risk, encourage employees not to discuss sensitive information via email or their voice networks and make sure they understand the importance of protecting the privacy of client data. Cyber security awareness training can help enshrine this mentality among employees.
Organisations need to address cyber security at all levels—from ensuring basic hygiene such as keeping apps and operating systems is up-to-date, through to using a SIEM system that monitors your network for unusual activity. Cyber Security Awareness Month may only come around once a year but it's essential you make cyber security an ongoing priority for your business.