October is National Cybersecurity Awareness Month. A month dedicated to not only raising awareness around the importance of cybersecurity but also to help individuals and businesses implement safer and more secure practices online. Cybersecurity Awareness month also acts as a natural, annual signal that it’s time to review your cybersecurity procedures, policies, and pretty much everything in between. And, while we have a few weeks before October, we wanted to kick things off a bit early and dig into a few essential cybersecurity considerations.
An important starting point is ensuring that you have the basics covered in terms of cybersecurity, including:
· Patches And Updates: Ensure these are installed across all devices and software. If you’ve been putting these off, now is the time to go back and install all of them.
· Passwords/Passphrases: If you use the same password for multiple accounts, make each one unique ASAP. If any of your passwords are ridiculously easy to figure out (like your kid’s name or your dog’s name), change them. Having a strong password can keep your, or your businesses, access to important documents, files and information, secure.
· Anti-Virus/Malware Software: Take a moment to ensure that your anti-virus or malware protection is up-to-date and functioning properly. If you accidentally let the renewal lapse, renew it now. This applies to all devices, including tablets and phones. Ensure all devices are protected.
· Back-Up Data: If you haven’t backed up your data in a while, now is the time. If you’ve never backed up your data, get to it. Backing up your data can be handled with an off-line hard drive, or with a secure cloud environment.
· Learn About Phishing: Phishing is a popular approach with cybercriminals. It’s a form of social engineering used to send a fake message to get people to reveal sensitive information, like passwords, or get people to click on a bad link. Once clicked, the bad link deploys malicious software on your device. The best way to stop phishing attacks is to understand it, and help others, like employees, understand it as well.
This is definitively not an exhaustive list of good cyber hygiene tactics, far from it. But, it does reflect the basics, and it reflects an easy, manageable list that can be handled prior to Cybersecurity Awareness kicking off.
Cybersecurity And Disaster Recovery Plans
Things happen. Wildfires, planned service outages, severe rainstorms, and national shutdowns happen. And cyberattacks happen as well. But, we know they happen because in some cases, they’ve happened before. So, get ahead of the disaster by putting together a contingency and recovery plan. Here’s how to start:
· Identify The Risks: Make a list of the natural disasters or potential threats that could shut your business down. This could be a wildfire, planned shut-down, successful cyber-attack or a key member of your team leaving.
· Create A Plan: Work with a trusted team to put together a plan outlining how your business will handle a disaster and how the business will continue to function. Include information on when to use the plan, who is in charge of making sure the plan is executed, what actions need to be taken and who needs to take them, and a communication plan for your internal team, clients, vendors, and stakeholders.
· Back Up The Plan: This disaster recovery plan should be in multiple places — hard copies and online copies. All members that play a role in executing the plan should have a copy.
· Brief Employees On The Plan: Employees should know that a plan exists in the event of a disaster, and they should know who will communicate with them if something were to happen.
· Review/Adjust Plans Annually: Schedule time to review and modify the plan as needed, on an annual basis, for example, during National Cybersecurity Awareness Month. Personnel may have changed over the last year, which means actions may need to be re-assigned. Or, new potential disasters may have surfaced, and additional tactics may need to be added. Please do not take this step lightly. An outdated disaster recovery plan is of little use if a situation occurs.
Businesses hold insurance because extenuating circumstances happen. For example, a cyberattack. And if a cyberattack happens, it helps to be holding insurance that mitigates the monetary losses from interruption of services, downtime or network damage. But not all cybersecurity insurance is the same, and some organizations require a certain set of cybersecurity measures to be in place, or the claim may be rejected by the insurance carrier.
Use the next few weeks to look into available cybersecurity insurance providers. What does their coverage entail, what cybersecurity measures need to be put in place to ensure coverage, and what levels of reimbursement are there in the event of an incident?
If you’re a webinar person, we encourage you to check out a replay of a Cyber Insurance webinar that we hosted earlier this year — it has great insights!
Cybersecurity Awareness Month
There’s more to come! We are already working on great content, informative tips, and a few other things to help promote Cybersecurity Awareness Month. We encourage you to visit our blog, or check us out on Facebook, Twitter, LinkedIn or Instagram, throughout the month of October for lots of tips, articles, and stats. See you there!