October is Cybersecurity Awareness Month
October is Cybersecurity Awareness Month, which was established 18 years ago by the Cybersecurity & Infrastructure Security Agency (CISA). But, with the brutal consequences of poor cybersecurity hygiene and the impact it can have on your business and personal life, every month should be Cybersecurity Awareness Month!
Each week, CISA rolls out a new theme, and the focus for this week is “Do Your Part. #BeCyberSmart.” What exactly does this theme mean? According to the organization, in collaboration with the Cybersecurity & Infrastructure Security Agency (NCSA) “this evergreen theme encourages individuals and organizations to own their role in protecting their part of cyberspace, stressing personal accountability and the importance of taking proactive steps to enhance cybersecurity.”
Of course, this can mean different things to different people and organizations. While we are all in this journey together, we are all at different stages of the trip. But, if there is one constant and consistent message, it is this: we can all do better, every day. We can start by asking ourselves, some important questions:
- What have I done, daily, to increase my cybersecurity awareness?
- What have I done to increase the ability to prevent incidents?
- How can I sharpen my early detection awareness?
- If something happens, how do I shorten response time?
Important Cybersecurity Policies & Controls
The same questions can be asked of organizations, of course. Additionally, the overall cyber-health grows when cybersecurity policies, protocols, and procedures are put in place to enhance that awareness. For businesses, some of those may include:
- Hiring security staff that are knowledgeable about threats and vulnerabilities and providing them with support, resources, and training to keep the organization secure.
- Implementing an official security awareness program that includes simulated threats like phishing employees.
- Use of multifactor factor authentication.
- Investing in hardware and software to detect and prevent issues inside your network.
- Encryption for all data in transit.
- Establishing and enforcing enhanced security policies and procedures for remote users.
- Conducting ongoing risk assessments for current and emerging threats.
- Review and revision of backup and disaster recovery plans.
- Creation and monitoring of a security framework
- System and Organizational Controls (SOC) for Cybersecurity
- System and Organizational Controls 2 (SOC Type II)
Unfortunately for business owners, organizations are only as strong as their weakest link, which is often the uneducated technology user. It is imperative to identify an organization’s weak links and to allocate time and money to educate employees.
It is important to recognize the implications for individuals, as well. Certainly, ongoing reports of cyber hacks and information breaches have brought that need home. As our awareness increases, so does our to-do list, which may include:
- Locking down our credit at the three major credit agencies.
- Demanding multifactor authentication at vendors we use, including banks.
- Reviewing our credit and credit card charges monthly for nefarious charges.
- Changing our passwords to a unique complex password for each application or website.
- Using a password manager to store your passwords.
- Changing default passwords on all internet aware devices.
- Securing our in-home Wi-Fi
- Using a VPN in public spaces for all internet activity
These lists could go on for multiple pages for businesses and individuals, and, while we noted that everyone is on their own journey, the implications are clear. Driving around in the dark, bumping into trees and other perils, then reacting to heal bumps and bruises while hoping for the best is no longer viable (if it ever was); hope is not a strategy. It is critical to create and update our cyber roadmap, to provide a guide for ourselves and our organizations, and that journey begins (and continues) with awareness.
If you want to talk about best practices, effective allocation of resources, or creating a roadmap for your organization, contact Dave Hammarberg, leader of the firm’s SOC, Cybersecurity, Forensic Examination, and Information Technology practices at dhammarberg@macpas.com.
About the Author
David is a Partner with McKonly & Asbury. He has been an integral part of our firm for over 20 years, serving our clients in a variety of information technology and accounting capacities. David’s expertise and service focus areas inclu… Read more