Protect Your Business this Cybersecurity Month
Need help upgrading your company’s cybersecurity game? Here’s how you can get your business to #BeCyberSmart during this October’s National Cybersecurity Awareness Month.
Over the past few decades, the way that we do business has evolved rapidly. Internet-connected devices have made communication faster and easier than ever before, and any bit of data that we could ever want can be stored digitally, ready for retrieval at the click of the mouse. Unfortunately, as revolutionary as these technologies are, they open some disturbing windows for nefarious intent. Threats to businesses and governments abound in cyberspace, as anyone paying attention to the news in the past few years knows.
Every year there seems to be another high-profile cyber attack that brings cyber security to the forefront of attention. In April of 2021, there was a major hack that shut down the Colonial oil pipeline in the American Southeast in April 2021, which cost the company $4.4 million in a ransom payment just to keep sensitive information from leaking to the public. Undoubtedly more was spent or lost due to downtime and recovery costs.
In 2020, Texas-based IT software provider SolarWinds was attacked by Russian hackers who inserted malware into one of the company’s regular software updates which was unwittingly sent out to the company’s clients, including the Department of Homeland Security, the Pentagon, the Department of Energy, the National Nuclear Security Administration, and the Department of the Treasury. Businesses like Cisco and Microsoft were also affected. Even the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the government agency tasked with cybersecurity, was compromised by this damaging hack. Attacks like this have prompted senators to introduce new rules strengthening federal cybersecurity.
The true costs of this attack may never be known. With so many agencies and companies affected and with such a massive amount of data exposed, it’s hard to say with any certainty what sensitive information was truly at risk. Some experts estimate damages in the range of $100 billion from this single breach.
Attacks like these show just how much is at stake for larger companies and government agencies. But smaller businesses and individuals should be just as aware and prepared for a cyber attack. That’s why CISA named October National Cybersecurity Awareness Month (NCSAM). In this article, we’ve broken down a few ways you can build up your own cybersecurity in your business this month.
What is Cybersecurity Awareness Month?
The U.S. Government has long recognized the importance of cyber threat awareness. In 2001 the nonprofitNational Cybersecurity Alliance (NCSA) was founded, and in 2004, the U.S. Department of Homeland Security (DHS) designated October as Cybersecurity Awareness Month. Back then, hacking attacks from Chinese government hackers were the greatest source of concern, but since then attacks from Russian and private groups have increased dramatically.
Regardless of the cyberthreat du jour, the purpose of Cybersecurity Awareness Month is to encourage a collaborative effort between the public and private sector to increase information security by providing everyone with the tools necessary to protect their digital lives and livelihoods.
Today, Cybersecurity Awareness Month is stewarded by CISA, an agency founded in 2019 as part of the DHS specifically to bolster America’s ability to resist and withstand cyberattacks. The overarching theme for Cybersecurity Awareness Month 2021 is “Do your part. #BeCyberSmart.” and there are four weekly topics that can help structure your efforts:
Make sure that you and your organization are following best practices when it comes to passwords, multi-factor authentication, and safe traveling habits.
More than 90% of successful hacking attempts begin with a phishing message. Train your people on how to identify and report suspicious messages.
Critically evaluate your current cybersecurity policies and include all stakeholders to identify and fix weaknesses.
Create a culture of cybersecurity awareness among your organization so that digital safety becomes a perennial priority.
Get Prepared This October
Why focus on Cybersecurity?
As we’ve seen, there is a dizzying array of cybercrimes waiting to catch unaware users. But if you’re charged with ensuring an entire company’s cybersecurity, those hazards are compounded many times over. As businesses become more and more reliant on an increasing number of online tools, particularly with the rise of remote work, the digital minefields laid by cybercriminals grow denser by the day. It’s crucial that you and your organization prioritize cybersafety in all parts of your business. It doesn’t have to be overwhelming to #BeCyberSmart this October.
Know what to prepare for
As you plan to improve your cybersecurity defenses, you first need to know what to look out for. Luckily, this is an opportunity to ask for some support from the rest of your team. Gather everyone at your company who has authority or insight into the various electronic/digital critical infrastructure that your company relies on: your IT team, HR, and any software engineering managers are great starting points. With everyone’s help, perform a cybersecurity threat assessment to identify the likelihood of various risks, as well as the potential fallout of each. A threat assessment matrix can help organize and visualize this information.
Creating a cybersecurity response plan
Foreseeing potential cyber threats is a huge part of the battle. If you are able to anticipate the weaknesses in your systems and processes, you’re far more likely to catch any attempts to abuse those chinks in your digital armor, as well as to fix those gaps in the first place. Remember, the time to formulate your cyber threat response plan isn’t during a crisis, but rather before when you have time to think and plan.
Include the same people in this step as you did in the threat assessment part: these are your internal stakeholders that own the various digital processes that are vulnerable to cyberattack. Encourage them to visualize each crisis: Who should be responsible for responding to an event? How can they ameliorate the issue? Once you’re able to answer all of these questions and document them in one central document, you’ll be far more prepared to resist cyber threats when and if they come knocking on your digital door. Additionally, look to outside sources to help inform your planning, such as CISA or the FCC, or even open sources of information. Document your response plan and ensure everyone has a copy of it. It’s a good idea to revisit your plans periodically to ensure they’re still up to snuff.
Practice makes perfect
Now that you’ve done the hard work of identifying possible cyber threats and devising responses to them, you have to make sure that your plans work. Practice running drills to go over your response in a low-stakes practice environment. Go slow and allow team members to ask questions and offer suggestions, as well as to ask any questions. A tabletop exercise is a great way to familiarize yourself with your plan while also maintaining a critical eye to notice any potential issues. After Action Reports can help you debrief and identify any gaps or areas for improvement in your plan.
Integrating Cybersecurity into Everyday Safety Culture
Cyber threats are often hard to notice, but they can be found anywhere. Whether it’s opening an email or logging into a service, there lurks an ever-present risk that you’re being tricked into giving up your valuable information to bad actors. As exhausting as it might sound, you and your people have to be constantly vigilant for the subtle signs that indicate that someone may be trying to compromise your online safety.
A big part of this is training your people on what to look for. By providing your employees with guidance on how to spot phishing emails, for example, you help prevent attackers from gaining a foothold in your systems. Require everyone to use unique passwords for their logins and use two-factor authentication when possible.
It’s great that we have a dedicated month to come together and reflect on our online safety practices, but cyber threats don’t stop once November begins. Methods of attack are becoming more sophisticated all the time, and the demands of day-to-day work can make cyber security feel like a low priority. But by continually revisiting your plans and training your people you’ll innoculate your business against hacks that can cause serious damage.