October is Cybersecurity Awareness Month, a global initiative to raise awareness and promote best practices for online safety and security. Cybersecurity is not only a concern for large corporations or government agencies, but also for any organization that relies on digital technologies to operate, communicate, and deliver its services. While rapidly evolving technology and the advance of artificial intelligence are taking us into an exciting new future, this journey may be wrought with nightmare scenarios for any organization that encounters cybersecurity issues along the way.
While cybersecurity may seem like a complex subject, it ultimately boils down to two sides of one holistic approach to organizational cyber safety – personal and organizational behavior. What you can do now to promote cybersecurity proficiency:
Become a cybersecurity champion by following basic cyber hygiene practices with these four key behaviors:
- Think Before You Click: Recognize and report phishing – if a link looks a little off, think before you click. It could be an attempt to get sensitive information or install malware.
- Update Your Software: Don’t delay – if you see a software update notification, act promptly. Better yet, turn on automatic updates.
- Use Strong Passwords: Use passwords that are long, unique, and randomly generated. Use password managers to generate and remember different, complex passwords for each of your accounts. A passwords manager will encrypt passwords securing them for you.
- Enable Multi-Factor Authentication (MFA): You need more than a password to protect your online accounts, and enabling MFA makes you significantly less likely to get hacked.
Adopt an overall cybersecurity framework that works for you as an organization. You may consider NIST Cybersecurity Framework, ISO/IEC 27001, HHS 405(d) or others. The organizational approach should generally cover the following aspects:
- Conduct a Risk Assessment: Identify and prioritize the potential cyber risks and vulnerabilities that the organization faces, based on all assets, operations, and environment.
- Develop Relevant Policies: Establish and enforce clear and consistent policies and procedures for cybersecurity governance, compliance, and incident response.
- Implement Appropriate Technology: Deploy and maintain appropriate technologies and tools for cybersecurity prevention, detection, and mitigation, such as firewalls, antivirus software, encryption, backup systems, etc.
- Conduct Staff Education and Training: Educate and train all staff on cybersecurity awareness and best practices, such as using strong passwords, avoiding suspicious links or attachments, reporting incidents promptly, etc.
- Monitor, Test and Improve: Cybersecurity plans and protocols will only be useful if they actually work. To make sure they do, monitor and test the organization’s cybersecurity posture and performance regularly, using metrics, audits, simulations, etc.
It is everybody’s responsibility to use the technology safely and understand all risks involved. Cybersecurity is not a one-time project, but an ongoing process that requires constant vigilance, awareness, and action. To remain “in the know” and for additional resources, visit the National Cybersecurity Alliance program and the Cybersecurity and Infrastructure Security Agency (CISA) website.
To register for FTLF’s trainings on cybersecurity and other relevant topics, please visit learning.ftlf.com.