Skip to content

Discerning Data

  • About Us
  • Additional Resources
  • Contact Us

DISCERNING DATA

A Faegre Drinker Blog Covering the Latest in Privacy, Cybersecurity and Data Strategy

  • Privacy
  • Cybersecurity
  • Data Strategy
  • Disruptionware

October is National Cybersecurity Awareness Month

Share

October is National Cybersecurity Awareness Month (NCAM). NCAM serves as a timely reminder to continue to assess and improve organizational cybersecurity.

In honor of NCAM, here are five fundamental steps that every organization should be taking to help secure its critical infrastructure and prevent cyberattacks:

1). Understand the Cyber Risks for Your Organization

Be proactive in understanding the specific cyber risks for your industry and your organization. Recognize that threats are constantly evolving, and ensure that your policies and procedures are evolving with them. Work with your IT department to ensure that your cyber defenses are tested and evaluated routinely and that they are sufficient to protect against known risks.

Do not be afraid to implement simple and inexpensive fixes like ensuring more robust password policies for your employees. Make sure employees only have the network access they need to do their job. And most importantly, if you have an employee leave your organization, make sure you turn off any access they may have to your network by deactivating or deleting their network account so they cannot log in after they have left your business.

2). Prepare and Implement an Incident Response Plan

It’s not if, it’s when. It’s safe to say that every business will be targeted by a cyberattack – most have already been targeted. Plan how your business will respond in the event of an attack.

Make sure your Incident Response plan is current and ready to be used immediately in an emergency without the need for drastic re-writing or re-thinking or cyber defenses. Time is critical when an incident does occur. Great and practical ways to rehearse the validity of your incident response plan is through tabled top exercises and practice sessions.

3). Ensure that Your Security Safeguards Are Up to Date

Keep your hardware, software, and security safeguards up to date. Patch your systems when appropriate, and ensure that your firewalls are properly configured – do not use a default login and password.

Remember, most computer hardware items come out of the box using default logons and passwords and even have security features turned off by default. Spend the time to ensure you institute a robust password system, and that your devices have security features turned on and working before putting them on your network.

4). Develop a Business Security Policy

Put in place defined security protocols for every aspect of your business, and make sure that they are enforced.

One of the most effective business security policies you can put into place is requiring the use of Multi-Factor Authentication for you user’s email use and access to your organization’s business network. You should also consider basic types of data encryption techniques to actively protect your data. This will drastically reduce the ability of “script kiddies” hackers from accessing your network and will keep your data much safer.

5). Train Your Employees

This may be the most important step you can take to protect your business. The weakest link in every organization in protecting against cyberattacks are its people. Train your employees on basic cybersecurity protocols, and show them how to defend against likely attacks. Create and enforce a strong password policy.

Remember, a network is only as strong as its weakest user, so take the time to train your employees in basic but important computer security social awareness issues and prepare them to fight the cybersecurity wars as a partner in the war against cybercriminals.

Have a safe and happy National Cybersecurity Awareness Month!

The material contained in this communication is informational, general in nature and does not constitute legal advice. The material contained in this communication should not be relied upon or used without consulting a lawyer to consider your specific circumstances. This communication was published on the date specified and may not include any changes in the topics, laws, rules or regulations covered. Receipt of this communication does not establish an attorney-client relationship. In some jurisdictions, this communication may be considered attorney advertising.

About the Author: Jason G. Weiss

Jason G. Weiss leverages a past career as a cybersecurity and computer forensics Supervisory Special Agent with more than 22 years of decorated service at the FBI to guide clients through the complex and high-stakes issues associated with cybersecurity incident preparedness and response and compliance. View Jason's full bio on the Faegre Drinker website.

Receive Email Alerts to New Articles

SUBSCRIBE

October 25, 2019
Written by: Jason G. Weiss
Category: Cybersecurity
Tags: cybersecurity, incident response plan

Post navigation

Previous Previous post: Dental Practice Impermissibly Discloses PHI on Yelp
Next Next post: $2.15 Million Civil Money Penalty for HIPAA Violations

Search the Blog

Sign Up for Email Alerts

PODCASTS

Faegre Drinker on Law and Technology

©2023 Faegre Drinker Biddle & Reath LLP. All Rights Reserved. Lawyer Advertising.

  • About Us
  • Additional Resources
  • Contact Us
We use cookies to improve your experience with our website. By browsing our site, you are agreeing to the use of cookies. For more information about how we use cookies, please review our privacy policy and cookie policy. OK
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT