With cyber threats on the rise, businesses need more information on how to protect themselves. Read the following 5 tips to raise awareness and improve your organization's cybersecurity defense.
With cooler weather ushering in the start of another fall season, it is also time to usher in another Cybersecurity Awareness Month. And just in time for this annual focus on cybersecurity, we’ve seen two major security breaches in just the last two weeks: Uber and Take-Two Interactive. Since 2004, the president of the United States and Congress have declared October to be Cybersecurity Awareness Month. During that month, the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA) lead a collaboration between government and industry to raise cybersecurity awareness domestically and globally.
Cybersecurity Awareness Month serves as a needed reminder for many that highlights the continued risks and significance of cybersecurity in general. The recent 800% rise in cyber threat points to the fact that awareness needs to be year round. That is why we call attention to these five useful and proven tips for your organization:
#1: Improve on Identity and Authentication.
Identity and authentication are generally regarded as gateways to a major data compromise, and there are a handful of best practices that serve as the front line for protecting sensitive data:
- Zero Trust
It all starts with strong passwords and password policies. Enforce these wherever you can and from the perspective of personal behavior, don’t reuse passwords on multiple sites. Hopefully, passwords are not the only thing standing between your accounts and the critical or personal information they contain. Additionally, multi-factor authentication (MFA) is an absolute must-have in the wild world we live in. Although MFA alone is not fool proof, it is a critical step in ensuring the proper gatekeepers are in place for a comprehensive security posture.
That leads us to Zero Trust, which is a principle that organizations should be driving toward at full speed. Zero Trust treats every system and every use with the utmost caution, using encryption, biometrics, MFA, and every means necessary to validate everything, everywhere, at any time. Both the Uber and Take-Two Interactive breaches this September are driving renewed focus on this important security approach.
#2: Embrace End-to-End Encryption.
Not so long ago, data protection meant something that was fortified with a strong perimeter to defend it. As we have moved to a nimbler, cloud-based and distributed foundation and workforce for all we do, locked-away data can no longer guarantee security as it flows from endpoints, through networks, to mega data systems.
The only way to make security possible is with full encryption, and it is a principle you should implement everywhere for data in transit and at rest. Most cloud systems have this figured out, but when you secure your endpoints, your mobile phones, your applications, your email, and enforce those aspects of security throughout the data lifecycle, your security risks will see significant reductions.
#3: Update Software and Systems.
Take a moment to look at your software updates and device-patching regimen. This basic exercise assures that you are implementing the best possible versions of the firmware and software you use every day. It also pays to take an inventory of the software you don’t regularly use and that may be adding risk to the background. The same applies to devices such as firewalls, routers, and networks, as vendors work to address discovered vulnerabilities through patches and platform updates designed to improve security. Many of the technical exploits that are reported can be traced to system vulnerabilities that were discovered through scanning by malicious third parties.
Severe vulnerabilities typically drive rapid updates, so at times there may be a balance between managing security updates against the requirements of stability. However, in most cases, things like automatic and routine updates can only serve to improve your overall security.
#4: Educate on Cybersecurity.
Many threats are levied against the front line—from social engineering to technical means—and these threats are often the first domino to fall in a sequence of events. One of the most common tactics is the use of phishing, which has been around for decades, but continues to evolve. Not so long ago, fake emails were easily spotted because of bad spelling and grammar, but that is no longer the case. Criminals spoof trustworthy institutions and brands with similarly named domains, pirated logos, and entire pages that look like the real thing.
To blunt these deceptive tactics, cybersecurity training is one of the best investments an organization can make to bolster a culture of cyber awareness. When users know what to look for and become familiar with the tactics that bad actors use to gain access to sensitive accounts and information, they can report suspicious activity such as phishing emails to IT.
#5: Revisit Your Breach Readiness Plan.
Few people think about it—it’s an uncomfortable notion in its very nature—but you must be ready for the unthinkable and prepare your planned response in the case of a cyber event. And this must be done in regular intervals. Hopefully, a breach is something you rarely—if ever—encounter, but when you have an updated readiness plan in place, it makes all the difference in the world when the need arises.
A breach readiness plan ensures that everyone understands their roles and responsibilities in not only preventing, but responding to an incident, no matter how minor or severe it might appear to be.
Let’s Keep It Going
If we all commit to revisiting these tips throughout the year on a weekly, monthly, or maybe even bimonthly basis, we promote a culture of cybersecurity awareness within. We need to each assess where our respective organization is in terms of cybersecurity maturity, and move it forward with these principles in mind. Maintaining a proactive and not a reactive approach to cybersecurity is the end goal of awareness, and your security baseline will thank you for it.
This article is licensed content that was created by a third party not affiliated with Santander Bank, N.A. (“Santander”). This article is for promotional purposes only. Santander does not provide investment, business, financial, accounting, tax, or legal advice, and the content of this article does not constitute investment, business, financial, accounting, tax, or legal advice. Santander does not make any claims, promises, or guarantees about the accuracy, completeness, currency, or adequacy of any content. Santander expressly disclaims all express and implied warranties of accuracy, completeness, currency, or adequacy of the information and content in this article. Readers should consult their own attorneys or tax or other advisors regarding the applicability of any referenced information, or financial or other strategies to their own unique circumstances. This article does not necessarily reflect the views or endorsement of Santander. Please note that third-party websites may have privacy and security policies different from Santander; please review the privacy and security policies of such websites.
Santander Bank, N.A. is a Member FDIC and a wholly owned subsidiary of Banco Santander, S.A. ©2022 Santander Bank, N.A. All rights reserved. Santander, Santander Bank and the Flame Logo are trademarks of Banco Santander, S.A. or its subsidiaries in the United States or other countries. All other trademarks are the property of their respective owners.