10-30-19 | Blog Post
This year’s theme of National Cybersecurity Awareness Month (NCSAM) is Own IT. Secure IT. Protect IT. It may be a fun play on words, but the message is serious: When it comes to your IT environment, you need to take ownership of it, secure it, and then continue to maintain that security. Through the thousands of security breaches that have been reported over the years, organizations are learning the hard way that they can’t take the “set it and forget it” approach to security.
What can you do to get involved in NCSAM and promote lasting, positive cybersecurity habits? Below are some pointers from NICCS (National Initiative for Cybersecurity Careers and Studies) that illustrate this year’s theme.
That’s straight from the NCSAM horse’s mouth. Network security may be a given for large enterprise organizations, but given that nearly half of cyberattacks target small businesses, they would do well to remember that the network is the internet version of your front door, and it must be secured. Invest in firewalls, application security monitoring and the latest security software. If your devices buzz you with a security update, do so as soon as possible. Unpatched servers and network endpoints are some of the most common vulnerabilities that bad actors take advantage of to gain unauthorized access to an environment.
Set strong passwords that are unique to each account you have. Use pass phrases with characters instead of letters to help randomize your password and make it harder to crack. Are you like most people and have trouble remembering all the different passwords for your various banking, social media, email and shopping accounts? Use a program like LastPass to generate strong passwords and store them for you.
If you or your organization uses Internet of Things or edge computing devices, be sure to change the default factory-generated password. They’re honestly pretty terrible (“admin” or “password” are popular default choices). Device manufacturers are very slowly starting to adopt better security practices, but in the world of consumer technology, convenience is still prized above security. Changing default passwords and turning off edge devices when not in use can help prevent unauthorized access.
Above almost everything else, hackers rely on human error to allow them access to critical systems and data. This could come in the form of phishing, spam or straight up social engineering to trick employees into handing over access credentials or even just straight up money. Regularly train employees (at least once a year) on what suspicious emails may look like and encourage them to Check before they Click–think twice before clicking on any links in an unknown email, or even when they think they know the sender. A popular phishing scam involves hackers impersonating a key executive at a company and asking employees to send them personal data via email.
Remember, security is a marathon, not a sprint. Regularly keeping pace with security updates and practicing good security habits every day can help protect you and your organization in the long run, rather than leaving it to the last minute or worse–waiting to address security until after you’ve been breached. Unfortunately, many organizations delay implementing a strong security strategy until after they’ve been compromised, leading to potential compliance penalties, lost data and broken consumer trust. Owning it, protecting it and securing it will help you keep your business and personal data secured now and in the future. For more information, visit the NICCS website.
Looking for in-depth security tools to help protect your environment? Otava can help. We employ a defense-in-depth approach that encompasses three different layers of security–physical, technical and administrative. Choose from technical tools such as Web Application Firewalls (WAF), DDOS protection, File Integrity Monitoring (FIM) and daily log review to ensure your environment is being accessed by the right people at the right time. Our 12 global locations have multiple levels of physical security, including video surveillance and MFA floor access, and our staff is fully trained in the latest security policies and procedures so you can rest assured your data is in safe hands. Learn more about our defense-in-depth approach or contact us at 877-740-5028 and chat with a live human, not a robot.