Cybersecurity should be a year-round concern, however we take special notice during Cybersecurity Awareness Month to emphasize its importance. Cyber threats are continuously evolving, becoming more sophisticated and prevalent, making it imperative for both individuals and organizations to prioritize cybersecurity. We will discuss the dos and don’ts that can be implemented by everyone to secure their digital assets.
What Individual Users Should Keep in Mind
The Don'ts
- Don’t Reuse Passwords: Have you ever used the same passwords for different accounts because you couldn’t remember multiple passwords? It’s a mistake that many people make, however it has the potential to lead to more than one of your accounts being compromised. Don’t make it easier for hackers by giving them access to all your accounts. Either write down your passwords physically or use a secure password management tool to keep track of them.
- Don’t Share Personal Information: Legitimate organizations never ask for sensitive information like your social security number, bank account details, credit card information, or passwords, through email or text. Since Personally Identifiable Information (PII) can be misused by cyber criminals for identity theft, be wary of sharing sensitive information through unencrypted channels like social media, sms messaging, email, and text.
- Don’t Use Public Wi-Fi: “Free Public Wi-Fi Available!” – Sure it’s free, but using the public Wi-Fi to access your online banking or shopping puts you at risk of being tracked by cybercriminals who consider public wi-fi an easy and irresistible target. Instead use a virtual private network (VPN) on your phone or tablet to add a level of security that is essential when using a public wi-fi.
- Don’t Ignore Security Warnings: Tired of seeing an antivirus software warning, your browser deeming a website unsafe, or your operating system informing you of a pending security update? Don’t ignore them, they’re there for a reason! Investigate what is causing the warning and promptly take appropriate action to address the security concern to maintain good cyber hygiene.
- Don’t Download Suspicious Software: Looking for a cracked version of a popular software? Think twice. Downloading software or apps from untrusted sources can put your device at risk of being exposed to hackers. Stick to official app stores or reputable websites when downloading applications or software.
The Dos
- Create Strong Passwords: A strong and unique password for each of your online accounts is required for online security. A strong password typically includes a mix of upper and lowercase letters, numbers, special characters, and usually has to be between 8-16 characters long. Or use a passphrase, a lengthy sequence of words, that is memorable, but resistant to hacking attempts. With these complex passwords consider using a trusted password manager to help you generate and store your passwords securely.
- Use Multi-Factor Authentication (MFA): Enabling MFA whenever possible for your online accounts is always the best idea. This adds an extra layer of security, requiring both a password and a secondary verification method, like a text message or a pin, to access your account. So even if a hacker gets your password they can’t get into your account without the secondary authentication.
- Ensure Regular Software Updates: Don’t put off security updates. Keep your devices, operating systems, and software up-to-date as these updates often contain security patches that protect your devices from known vulnerabilities.
- Beware of Phishing: Be cautious when opening emails or messages from unknown senders. Cybercriminals often use phishing emails to trick you into revealing sensitive information or downloading malicious software. Verify the sender’s identity before clicking on links or downloading attachments. They used to be easy to spot with spelling and grammar errors, however with the rise of AI large language models, like ChatGPT, hackers have stepped up their game and phishing emails are harder to spot from grammatical mistakes.
- Perform Regular Backups: You should regularly back up your important data and files to an external device or cloud storage. In case of a cyberattack or data loss, having recent backups can save you from significant trouble.
What Organizations Must Keep in Mind
The Don'ts
- Don’t View Cybersecurity as a Hindrance: Cybersecurity does take extra steps to make sure things are secure and that can seem like red tape hindering everyday tasks. However, it is not a hindrance but an essential enabler of everyday tasks, ensuring the protection of sensitive data and maintaining trust with customers. By integrating security seamlessly into their operations, your organization can create a resilient and efficient environment that fosters innovation and growth.
- Don’t Rely Solely on Technology: Thanks to the advent of Artificial Intelligence (AI) and Machine Learning (ML)-based tools, automation has made daily tasks easier. However, automated cybersecurity is not perfect and requires human intelligence and oversight. To ensure robust cybersecurity management, it’s essential to have a dependable cybersecurity team that works in tandem with AI and ML tools to continuously monitor company assets and respond effectively to evolving threats.
- Don’t Take a Reactive Approach: In an era where cyber incidents happen in a matter of minutes, it is reckless to wait for a cybersecurity incident to happen before taking action. CISOs should adopt a proactive approach when dealing with their organization’s security – conducting regular vulnerability assessments, security audits, and signing up with a reliable attack surface management platform. A quick, proactive incident response from an organization’s security team may not only prevent a major attack, but also ensure lower financial losses.
- Don’t Overlook Third-Party Risks: Third-party attacks are a point of concern as 55% of security professionals reported that their organization experienced a cybersecurity incident involving a third-party vendor in 2023. With a marked increase of 430% in supply chain attacks, with major examples being the Apache Log4J, GoAnywhereMFT and MOVEit hacks, the possibility of PII being leaked due to third-party breaches is tantamount. It is crucial for organizations to consider the security posture of their third-party vendors and partners as they can pose risks to organizations if not adequately secured.
- Don’t Use Siloed Security: Cybersecurity should be integral to all aspects of your business so that the security team is able to handle breaches with dexterity. Isolating security functions within your organization is an unwise approach. To create an impenetrable network, it’s essential to fully integrate cybersecurity measures across all assets, departments, partners, and operational development. Organizations should use risk-based proactive security approaches such as attack surface management that can help identify and address weaknesses by continuously monitoring vulnerabilities, evaluate security controls in controlled environments, strengthen defenses and reduce the risk of successful cyberattacks across the asset network.
The Dos
- Conduct Regular Risk Assessments: Conduct regular organizational risk assessments to identify vulnerabilities and prioritize security measures. This helps in understanding potential threats, identifying unpatched endpoints, and mitigating them effectively.
- Provide Employee Training: Most security breaches come from social engineering attacks such as phishing attacks. Chief Information Security Officers (CISOs) must ensure the employees are cyber aware and knowledgeable about cybersecurity best practices. Regular company-wide training is crucial to reinforce security best practices and keep employees aware of the risks of a social engineering attack. Educated and cyberaware employees are your first line of defense against social engineering attacks, phishing emails and other cyber threats.
- Have an Incident Response Plan: Develop a well-defined incident response plan that outlines steps to take in case of a cybersecurity incident. Then review and update it regularly to ensure complete readiness of your organization’s security team.
- Implement Regular Software Patching: Your organization should implement a robust patch management process to ensure that all software and systems across the network are up-to-date with the latest security patches.
- Perform Continuous Security Monitoring: To effectively address the escalating frequency of cyber incidents, it’s crucial to establish or adopt a continuous security monitoring mechanism that can detect and respond to threats in real-time. Some service organizations opt for implementing tools such as intrusion detection systems, security information and event management (SIEM) systems, and user behavior analytics. These proactive measures have become more necessary than ever, given the year-on-year increase in cyber incidents.
Cybersecurity Awareness Month serves as a timely reminder of the importance of cybersecurity for both individuals and organizations. By following the dos and avoiding the don’ts outlined here, people can better protect their digital presence or strengthen their organization’s security posture.
In our increasingly digital world, cybersecurity awareness is not just a one-time effort; it’s an ongoing commitment to safeguarding our digital lives and the integrity of our organizations.