Cybersecurity Awareness Month 2022—Take Action for Your Business
Need help upgrading your company’s cybersecurity? Here’s how you and your people can “See Yourself in Cyber” during this October’s National Cybersecurity Awareness Month.
Over the past few decades, the way we do business has evolved rapidly. Internet-connected devices have made communication faster and easier than ever before. Data can be stored digitally, ready for retrieval at the click of the mouse. Unfortunately, as revolutionary as these technologies are, they open some disturbing windows for nefarious intent. Threats to businesses, governments, and individuals abound in cyberspace.
Every year there seems to be another high-profile cyberattack that brings cybersecurity to our attention. In April 2021, there was a major ransomware attack that shut down the Colonial oil pipeline in the American Southeast. It cost the company $4.4 million in a ransom payment just to keep sensitive information from leaking to the public. Undoubtedly, more was spent or lost due to downtime and recovery costs.
In 2020, Texas-based IT software provider SolarWinds was attacked by Russian hackers who inserted malware into one of the company’s regular software updates. It was unwittingly sent out to the company’s clients, including the Department of Homeland Security, the Pentagon, the Department of Energy, the National Nuclear Security Administration, and the Department of the Treasury. Some experts estimate damages in the range of $100 billion from this single breach.
An individual’s role in cybersecurity
Attacks like these often take advantage of small gaps in security protocol. Many cyberattacks also hinge on individuals’ lack of understanding of cybersecurity and their own role in it. Some organizations focus on shoring up their technical defenses while ignoring the human component of cybersecurity. After all, you can have the most advanced IT security apparatus in the world, but if your employee uses “password123” as their login, attackers will be able to waltz right into your systems.
That’s why the Cybersecurity and Infrastructure Security Agency (CISA) has made the theme for this year’s National Cybersecurity Awareness Month “See Yourself in Cyber.” We all face a critical opportunity to develop good cybersecurity awareness and to understand how our own actions can impact individual and organizational cybersecurity outcomes. In this article, we’ve broken down a few ways you can enhance cybersecurity so your business can #BeCyberSmart.
What Is Cybersecurity Awareness Month?
The U.S. Government has long recognized the importance of cyber threat awareness. In 2001, the nonprofit National Cybersecurity Alliance (NCSA) was founded, and in 2004, the U.S. Department of Homeland Security (DHS) designated the month of October as Cybersecurity Awareness Month. Back then, cyberattacks from Chinese government hackers were the greatest source of concern, but since then attacks from Russian and private groups have increased dramatically.
Regardless of the cyberthreat du jour, the purpose of Cybersecurity Awareness Month is to encourage a collaborative effort between the public and private sectors to increase information security by providing everyone with the tools necessary to protect their digital lives and livelihoods.
Today, Cybersecurity Awareness Month is co-stewarded by the National Cybersecurity Alliance at staysafeonline.org as well as CISA, a DHS agency founded in 2019 to bolster America’s ability to resist and withstand cyberattacks. The overarching theme for Cybersecurity Awareness Month 2022 is “See Yourself in Cyber,” and there are four recommended precautions that can help structure your efforts:
Use tools that require individuals to sign in through a secondary device, such as a personal cell phone, to add another layer of protection to everyone’s digital activities.
Strong, difficult-to-guess passwords can thwart many cyberattacks, but people often use the same password for all of their accounts. Tools like password managers can help people easily use different, strong passwords for each account.
More than 90% of successful hacking attempts begin with a phishing message. Train your people on how to identify and report suspicious messages.
It’s frustrating when our computers nag us to update our software when we’re in the middle of important work, but it’s also necessary. Software companies work tirelessly to ensure the safety of their users, but they can help only if you allow them to keep your software up to date.
Get Prepared This October
Why focus on Cybersecurity?
As we’ve seen, there is a dizzying array of cybercrimes waiting to catch unaware users. But if you’re charged with ensuring an entire company’s cybersecurity, those hazards are compounded many times over. As businesses become more and more reliant on an increasing number of online tools, particularly with the rise of remote work, the digital minefields laid by cybercriminals grow denser by the day. It’s crucial that you and your organization prioritize cybersafety in all parts of your business. It doesn’t have to be overwhelming to “See Yourself in Cyber.”
Know what to prepare for
As you plan to improve your cybersecurity defenses, you first need to know what to look out for. Luckily, this is an opportunity to ask for some support from the rest of your team. Gather everyone at your company who has authority or insight into the various electronic/digital critical infrastructure that your company relies on—your IT team, HR, and any software engineering managers are great starting points. This is also a great opportunity to involve physical security leaders as many cyberattacks exploit vulnerabilities in facility security. This cooperation paves the way for a converged security approach before, during, and after any potential threats surface.
With everyone’s help, perform a cybersecurity threat assessment to identify the likelihood of various risks, as well as the potential fallout of each. A threat assessment matrix can help organize and visualize this information.
Create a cybersecurity response plan
Foreseeing potential cyberthreats is a huge part of the battle. If you are able to anticipate the weaknesses in your systems and processes, you’re far more likely to catch any attempts to abuse those chinks in your digital armor. Staying safe means fixing those cybersecurity gaps early. Remember, the time to formulate your cyberthreat response plan isn’t during a crisis but before when you have time to plan carefully and train your team.
To develop a response plan, include the same people as you did in the threat assessment step. These are your internal stakeholders who own the various digital processes that may be vulnerable to cyberattacks. Encourage them to visualize each crisis: Who should be responsible for responding to an event? How can those individuals address an active incident to mitigate harm?
Once you’re able to answer all of these questions and incorporate them into one central document, you’ll be far more prepared to resist cyberthreats when and if they come knocking on your digital door. Additionally, look to outside sources to help inform your planning, such as CISA, the FCC, or even open sources of information. Document your response plan, and ensure everyone has a copy of it. It’s a good idea to revisit your plans periodically to ensure they’re still up to snuff as threats and business processes evolve.
Practice makes perfect
Now that you’ve done the hard work of identifying possible cyber threats and devising responses to them, you have to make sure your plans work. Practice running drills to go over your response in a low-stakes practice environment. Go slow and allow team members to ask questions and offer suggestions. A tabletop exercise is a great way to familiarize your team with the plan, as well as to notice any potential issues that can be improved upon in the planned response. After-action reports can help you debrief and identify any gaps or areas for improvement in your plan.
Integrating Cybersecurity Into Everyday Safety Culture
Cyberthreats are often hard to notice, but they can be found anywhere. Whether you’re opening an email or logging into a service, there lurks an ever-present risk that you’re being tricked into giving up your valuable information to bad actors. As exhausting as it might sound, you and your people have to be constantly vigilant for the subtle signs that indicate someone may be trying to compromise your online safety.
A big part of your cybersecurity is training your people to identify and be wary of suspicious signs and to maintain smart passwords. By providing your employees with guidance on how to spot phishing emails, for example, you can prevent attackers from gaining a foothold in your systems. Require everyone to use unique passwords for their logins, and use two-factor authentication when possible.
It’s great that we have a dedicated month to come together and reflect on our online safety practices, but cyberthreats don’t stop once November begins. Methods of attack are becoming more sophisticated all the time, and the demands of day-to-day work can make cybersecurity feel like a low priority. But by continually revisiting your plans and creating a culture of safety at your company, you’ll innoculate your business against hacks that can cause serious damage.