Organisations across the board live in threat of cyberattacks, but a string of high-profile attacks against some of the world’s most secure organisations, have led many entities to scrutinise their security efforts more closely. However, for every breach that makes the headlines, thousands of others go unpublicised, although their impacts can have as great an impact on the organisation in question, its customers, staff, and third-party partners.
Moreover, when it comes to cybersecurity, most organisations don’t need to make drastic changes, or rip out their old solutions and replace them with the latest and greatest new tools at enormous expense. Quite the opposite. You see, cybersecurity should be an ongoing priority, and proper training to ensure that good cyber hygiene and best practices are observed, can go a long way towards ensuring most threats are stopped in their tracks, or at least interrupted before they do any major harm.
So where to begin? As always, with the basics. There is a slew of steps that can be taken even by those businesses with few skills and expertise, and small budgets. Simple measures such as multi-factor authentication are available for a nominal cost and are easy to implement. Ensuring that access requires something that needs to be remembered, such as a password; something you carry with you, like a biometric; and something that is sent to you, like a one-time-pin or token, can be a highly effective way of increasing the security of remote user access.
Another critical part of good cyber hygiene is cyber awareness training for the business. There are many reputable organisations that run regular courses, as well as free training that is available online. An effective awareness training program addresses all the common cybersecurity mistakes that staff members may make while using email, surfing the web, or even in the physical world such as leaving flash drives lying around, or improper document disposal. Phishing simulations and gamification can help drive security awareness and make your employees far more cyber-savvy.
Another element of cyber hygiene that is critical for any business, is keeping software updated and patching all known vulnerabilities. Bad actors are notorious for targeting known network and IT product vulnerabilities, as well as zero-day exploits which haven’t been patched yet.. Fixes or patches for these vulnerabilities are usually created by the product vendor, so patch management, which entails finding and applying these fixes, should be a top priority for any business, and part of its first line of defence.
Similarly, the old adage of “you can’t protect what you don’t know about” is spot on. A business that has no up-to-date inventory of IT and information assets, as well as who is tasked with maintaining them, is asking for trouble. When employees leave the company, it is critical to deactivate their user accounts and remove their privileges, and also to make sure that IT or security solutions they maintained are transferred to another employee.
The bottom line? Cybersecurity requires ongoing effort, and basic steps that all companies and their staff should follow. At the same time, we all need to adopt a more mindful approach to this hyper-connected world we live in, and nowhere is this more true, than for cybersecurity professionals who live in a time of under unprecedented pressure, between distributed workforces and increasingly complex cyber threats.
Luckily, itrainsec’s new course will give them an opportunity to reset, refuel, and rediscover how it feels to function at peak performance, returning to work armed with tools, techniques and micro-practices designed to sustain healthier ways of working in the long-term.
Demand for the cyber security expert’s skill set is higher than ever, meanwhile, digital fatigue is pushing us closer to burnout. Ditching the tech is not an option – instead, join itrainsec two-day virtual retreat for the opportunity to reset, refuel, and rediscover how it feels to function at peak performance. Log off ready to return to your role armed with tools, techniques and micro-practices designed to sustain healthier ways of working in the long-term.
Hannah Tufts is an independent strategic communications consultant specialising in cyber security awareness, as well as marketing and brand strategy for cyber security vendors, consultancies and in-house functions across Europe. Hannah possesses a coveted mix of technical cyber security knowledge, expertise in behaviour change, as well as 10 years+ experience in strategic marketing and communications for organisations in cyber security, finance and tech.