Every October is National Cybersecurity Awareness month which is a joint effort between government and industry to raise awareness about the importance of cybersecurity. This year’s overarching message is Own IT. Secure IT. Protect IT. and focuses on key areas including citizen privacy, consumer devices, and e-commerce security.
By going to the link above, you and your organization can access useful tools to promote Cybersecurity Awareness. Remember October is designated as National Cybersecurity Awareness month, but to be secure we need to be promoting cybersecurity awareness all year long.
Providing Security Awareness training to your employees assists them at work and in their personal lives. Employees can prevent a cybersecurity incident if they are aware of the risk and act appropriately.
As an organization you need to understand your Cybersecurity risks in order to mitigate them. All organizations are facing these issues. Some areas are critical, and at a minimum organizations should require:
- Dual factor authentication for remote access to the organization and all external sites
- Corporate email Phishing for employees to gauge risk and additional training
- Strong unique passwords – never use a password twice
- Too many passwords? Use a password manager like LastPass
- Full disk encryption
- USB Encryption
- Encryption in transit
- Is all confidential data protected in transit?
- Do employees understand what encryption in transit means?
- Annually updated security policies
- Incident response plan
- Cybersecurity policy – Signed as read by employees annually
- Disaster Recovery Plan
- Business Continuity Plan
- Annual security awareness for all employees with communication throughout the year for new cybersecurity risks
- Patch management for all workstations and laptops
- Backups that are tested at least quarterly
One poorly thought out action by an employee could cause your organization to close for days or permanently. Whether it is a breach of confidential data or a malware attack like ransomware, it is easier to be proactive than reactive. The cost of cybersecurity awareness for employees is far less than recovering from an incident.
If your organization would like to discuss any cybersecurity topics and tools further, please email me, David Hammarberg, Principal and Cybersecurity Services Practice Leader with McKonly & Asbury at email@example.com.
About the Author
David is a Partner with McKonly & Asbury. He has been an integral part of our firm for over 20 years, serving our clients in a variety of information technology and accounting capacities. David’s expertise and service focus areas inclu… Read more