October is Cyber Security Awareness Month and what better way to participate than by sharpening your cyber security controls? Let's take a look at 5 simple things you can do that will help you stay be more secure this October, and well into the future.
1.Start with the basics: Rethink your CSAT
To have good cyber security in the workplace, you need staff on your side. They’re your best defence – but only if they’re properly informed and motivated. Your employees are frequently exposed to sophisticated social engineering attacks, making Cybersecurity Awareness Training an important step to take in securing your business against Hacking, Malware, Phishing & other online threats.
What you need to do:
Have a regular training schedule in place for your employees (and other relevant stakeholders) that consists of both online security awareness training and deep-dive awareness sessions customised for your organisation.
2. Watch your password habits!
Use strong, complex passwords and have a password manager in place. It may seem like you hear this one a lot, but weak passwords are still quite common. According to a recent survey by NCSC, the most used password in 2019 is still 123456.
If you want to learn more about the ways hackers are stealing your password, read our blog here. So, how can you ensure your passwords are secure? The rule of thumb is that if you remember your password, it's too weak. Luckily, we don't have to remember all of our passwords this day and age. That's why recommend secure password managers, like Keeper Security, to generate and securely store your strong passwords.
3. Turn MFA on - everywhere!
Secure passwords are great, but a single authentication point is not secure enough. With MFA, it’s no longer about granting access based on traditional usernames and passwords; it’s about granting access based on multiple weighted factors, reducing the risks of compromised passwords. It adds another layer of protection from the kinds of damaging attacks that cost organisations millions.
4. Avoid connecting to public Wi-Fi
At FutureSec on September 24th our white-hat hackers, Christopher Galicki and Edi Skraba performed a live hacking simulation on stage whereby they showed the audience how easily hackers can crack a WiFi password and get access to your user information (it took them 5 minutes to crack a secure, complex password!).
There may come a time when your only option is an unsecured, free, public WiFi hotspot, and your work simply cannot wait. If you find yourself in a situation where you absolutely must connect to WiFi (first ask if you REALLY need to connect) try to use a VPN or use your mobile data as a hotspot.
5. Get a regular independent view of your security controls
Regular, independent reviews are necessary when trying to determine whether your organisation’s cybersecurity posture is up to scratch or whether you're meeting the requirements of a security standard. We're all busy and sometimes, having a review might get overlooked, without a proper yearly schedule. Depending on the size and type of organisation, the best way to assess your information security position is against a recognised standard that is both auditable and certifiable. A leading standard that is both auditable as well as certifiable is ISO27001.
A last thought
Cybersecurity is no longer the sole job of IT security professionals, it's a shared responsibility, which requires efforts at all levels of organisations and, more generally, of society. The smallest actions can have the greatest positive impact. Cybersecurity Awareness Month is a great opportunity to get more involved in the different initiatives all around the world that seek to generate greater awareness of cybersecurity.
Find out more