October is National Cybersecurity Awareness Month (NCAM). NCAM serves as a timely reminder to continue to assess and improve organizational cybersecurity.
In honor of NCAM, here are five fundamental steps that every organization should be taking to help secure its critical infrastructure and prevent cyberattacks:
1). Understand the Cyber Risks for Your Organization
Be proactive in understanding the specific cyber risks for your industry and your organization. Recognize that threats are constantly evolving, and ensure that your policies and procedures are evolving with them. Work with your IT department to ensure that your cyber defenses are tested and evaluated routinely and that they are sufficient to protect against known risks.
Do not be afraid to implement simple and inexpensive fixes like ensuring more robust password policies for your employees. Make sure employees only have the network access they need to do their job. And most importantly, if you have an employee leave your organization, make sure you turn off any access they may have to your network by deactivating or deleting their network account so they cannot log in after they have left your business.
2). Prepare and Implement an Incident Response Plan
It’s not if, it’s when. It’s safe to say that every business will be targeted by a cyberattack – most have already been targeted. Plan how your business will respond in the event of an attack.
Make sure your Incident Response plan is current and ready to be used immediately in an emergency without the need for drastic re-writing or re-thinking or cyber defenses. Time is critical when an incident does occur. Great and practical ways to rehearse the validity of your incident response plan is through tabled top exercises and practice sessions.
3). Ensure that Your Security Safeguards Are Up to Date
Keep your hardware, software, and security safeguards up to date. Patch your systems when appropriate, and ensure that your firewalls are properly configured – do not use a default login and password.
Remember, most computer hardware items come out of the box using default logons and passwords and even have security features turned off by default. Spend the time to ensure you institute a robust password system, and that your devices have security features turned on and working before putting them on your network.
4). Develop a Business Security Policy
Put in place defined security protocols for every aspect of your business, and make sure that they are enforced.
One of the most effective business security policies you can put into place is requiring the use of Multi-Factor Authentication for you user’s email use and access to your organization’s business network. You should also consider basic types of data encryption techniques to actively protect your data. This will drastically reduce the ability of “script kiddies” hackers from accessing your network and will keep your data much safer.
5). Train Your Employees
This may be the most important step you can take to protect your business. The weakest link in every organization in protecting against cyberattacks are its people. Train your employees on basic cybersecurity protocols, and show them how to defend against likely attacks. Create and enforce a strong password policy.
Remember, a network is only as strong as its weakest user, so take the time to train your employees in basic but important computer security social awareness issues and prepare them to fight the cybersecurity wars as a partner in the war against cybercriminals.
Have a safe and happy National Cybersecurity Awareness Month!
The material contained in this communication is informational, general in nature and does not constitute legal advice. The material contained in this communication should not be relied upon or used without consulting a lawyer to consider your specific circumstances. This communication was published on the date specified and may not include any changes in the topics, laws, rules or regulations covered. Receipt of this communication does not establish an attorney-client relationship. In some jurisdictions, this communication may be considered attorney advertising.
