Column: WooHoo: Cyber Security Month
By Brian Desrosier
October means the month of Oktoberfest for everyone who loves a beer. But for those of us in technology, October is really a time to party because it is National Cyber Security Awareness Month! WooHoo!
Okay, maybe it doesn’t sound so fun, but for those of us in the business, maybe we can think of this as a time to avoid deep and lasting pain. Sounds fun?
To make this even more fun, answer this question: How do you know when you are getting old? Answer: When you take cyber security seriously. This actually gives us a leg up on Millennials with regard to something technical. They all pretty much ignore it.
They key to understanding cyber security is to simply be interested. You can understand and manage this from a high level. Make sure your company follows the 10 basics, below, and you will have earned the title, “Top 1% Cyber Executive.”
1. Use Two Factor Authentication for Business and Personal email. You log in to your account, for the 1st time with each new device, and receive a PIN to your phone that must be entered in to register that device. No one else can use their device to access your email. This must be a corporate policy for all employees, for both personal and business accounts. How can you prescribe such an invasion of personal privacy? Because, sooner or later, everyone does something for their work on their personal device.
2. Enable HTTPs on Your Company Website(s). HTTPs websites have a certificate that encrypts all data transmitted from your website. This helps visitors know that your site is actually run by your company and not an imposter (i.e. phishing site).
3. Use Strong Passwords, Don’t Re-Use Them, and change at least every 90 days. Most experts would say change every 30 days. A password with upper and lower case plus a number plus a symbol is a strong password. The one you are using now is a terrible password! Sorry to criticize you but toughen up, you cyber sissy.
4. Run All Software Updates. Hacked companies, usually get hacked because known vulnerabilities have been left unattended for YEARS! All your IT people have to do is update the software. This is the simple truth where most vulnerabilities lie: True for servers, true for personal computers and phones, and true for security appliances (Firewalls). Run the operating and security software updates and you most probably are safe.
5. Make sure your security software and devices are turned on! For one reason or another, IT turn these things off, or open an unsecure port in a security device to solve some problem or allow temporary access for a particular purpose. Then they leave them open. Periodically ask your people, “Are there any unsecure ports in our firewall. Are we running all of our updates? All of them?? All??? Are you sure?” That’s how you do it.
6. Make Sure Employees Look for the S in HTTPs When Searching the Web.
7. Encourage Senior Leadership to your Spearhead Cybersecurity Culture.
8. Generate Phishing Simulation Tests to Keep Staff Alert. Hire a 3rd party to test and train your people. This can be a mostly automated service, so it does not have to cost much.
9. Conduct a 3rd Party Cyber Security Audit. Depending upon your company size, this doesn’t have to be expensive, but it may be if you have more than fifty employees. What you don’t know definitely will hurt you. Take the results seriously and do every single thing recommended.
10. Make Sure Your Company Is Cyber-Insured. Standard insurance policies don’t normally cover the loss of data; or cyber crime. This is where cyber-insurance comes into play. Know your industry exposure, from a punitive perspective. Think about business interruption. Next week will be dedicated to Cyber Insurance.
Now that you are one of the top 1%, get back to that beer and enjoy Oktober secure in the knowledge that you!
Brian Desrosier has been serving the Greenwich community for over thirty years as the owner of local technology powerhouse, Lighthouse Technology Partners.