Cyber Security Awareness Month
For the past 16 years every October has been National Cybersecurity Awareness month. This partnership between private parties and governmental organizations provides members of the community with useful information on how to remain safe and secure online. This year’s topic is “OWN IT, SECURE IT, PROTECT IT”
Every day more people, software, and devices join the cyberspace whether for work, entertainment, or essential everyday activities. As those users grow, so does the number of threats. It’s not atypical to hear news about data breaches, online scams, social media scams, industrial cyber-espionage, or online financial fraud affecting consumers and businesses of all sizes.
Large organizations, in both private and public sectors, often employ specialized teams with identifying, preventing and reacting to cybersecurity threats. Unfortunately, for consumers, small and medium businesses this level of vigor isn’t always necessary or affordable. StaySafeOnline, an initiative from the National Cyber Security Alliance, and Stop. Think. Connect. offer free resources to help users learn about threats, how to stay protected, and how to respond to an incident should one arise.
Every successful cybersecurity strategy should have three major components: prevent, respond and evaluate. The core of your strategy for protecting your IT assets and digital information shouldn’t be much different than your emergency response plan or procedures for natural disasters, medical emergencies, or any other situation with the potential to disrupt business or affect your brand.
PREVENT
Prevention should be the foundation of your cybersecurity strategy. The best way to stay secure is by knowing your systems, potential threats your organization may face, how to prevent them from happening, and how to identify an incident. A few key points on this stage are:
Maintain up-to-date system inventories and systems information (hardware, software, network diagrams, sites)
Maintain current employee and staff user lists
Update software and hardware regularly
Develop IT policies including best practices and operating protocol for approved hardware, software, hardware moves, and file storage
Most importantly, share these strategies with everyone in your organization. Creating best practices is the first step, but this is only effective is everyone in the organization knows and implements these practices. A common misconception is to think that cybersecurity is only the responsibility of IT.
RESPOND
This part of your plan should cover the steps for what to do during a cyber security breach or incident. This should include:
Who should be Notified? IT, legal, board of directors, law enforcement, insurance, and any other party of interest
Who is Responding?
If you don’t have an IT team or professional in-house, having a contractor on retainer or at least their contact information is key. The faster you start identifying compromised systems, the sooner you can implement repair and recovery steps.Communication Guidelines If a customer information was compromised you’ll need a plan to communicate this lapse to all of those affected and other stakeholders within the company
Estimated Downtime
How long will it take to secure all systems and return them to a functional state? How long will it take to replace any damaged hardware?
Remember to maintain an updated version of your response plan. As your systems grow or change so do threats, and thus, how a breach is handled. People might change positions or responsibilities, a set revision time frame will help ensure this procedure is always current.
EVALUATE
In the event that your organization is exposed to an attack or event, is important to review what happened, how it was handled, and the effectiveness of the disaster plan. Adjust and improve your strategy as needed.
The National Cybersecurity Awareness Month Toolkit is a great resource to kickoff your efforts to increase awareness in your organization. Remember you don’t need to be an IT professional to start implementing security strategies or to learn more about this topic.
For more information, and a fun way to get your team interested in their cyber security, download 2019 Cybersecurity Month Trivia Game and instructions. This is a great idea to raise awareness.