Creating a Culture of Cybersecurity in Your Organization

Criterion | Thought Leadership

Creating a Culture of Cybersecurity in Your Organization

By Bob Heckman, CISO

It’s the second week of October, and that means the second themed week of National Cybersecurity Awareness Month (NCSAM) is in full swing. Sorry for the baseball reference, I’m still mourning the Nats loss to the Cubs.

This week’s theme is more work-focused, and is officially entitled “Cybersecurity in the workplace Is everyone’s business”.  And as our corporate CISO, I couldn’t agree more!

Computer security at work used to be corporate IT’s problem. They managed the corporate firewalls, IDSs, web content filters and ensured every employee’s endpoint antivirus signatures were up-to-date. Flashforward to present day, and the sophistication of cybersecurity products designed to protect, detect, and respond to the continuously evolving threat is mindboggling. From next-gen this to next-gen that, AI and machine learning behavioral anomaly detection, the list goes on and on.  Even with these advances in modern-day cybersecurity technology, the end user is still the most successful attack vector for our adversaries and the weakest link in our corporate cybersecurity strategy. Creating a culture of cybersecurity is critical for all organizations, and must be a shared responsibility among all employees. Here are some simple tips for your personal life and at work to help protect against the most common cyber threats.

  1. It’s up to YOU to protect yourself, your information, and your company’s information – Get out of the mindset that an attack can’t happen to you.
  2. Audit your passwords (including your personal accounts) – make sure they contain an assortment of characters and change them regularly (every 90 days).
  3. Don’t “see attached” in emails – Don’t open email attachments you weren’t expecting to receive.
  4. Don’t click links from suspicious sources – Avoid clicking links from unknown or questionable sources.
  5. Regularly update your computers and devices, including browsers – Make sure you’re using the latest versions of your Internet browsers and any related plugins and any software you use on your personal computer is updated regularly, including the operating system.
  6. Lock up your devices – Lock your phone, computer, and other devices with a secure passcode.
  7. Set up Two-Factor Authentication – Make sure to link your accounts to your cell phone and/or email address to verify your identify when you sign in.
  8. Stay off the wi-fi – Don’t use unsecured or public wi-fi networks to conduct personal business like online banking.
  9. Don’t give away Admin rights – When new software or app is asking for system admin rights, check the access it’s asking for, look in documentation for reasons why, and contact tech support if possible.
  10. Trust NO ONE on social media – Take a closer look at your social media connections and don’t accept invites from people you don’t know.
  11. Stay aware of scams – Pause before you share your information with anyone offering you something or threatening you, for example the slew of IRS phone scams.
  12. Don’t stay connected – Disconnect your phone and computer from the Internet when you’re not using them.

 

Sources

Google Support: https://support.google.com/accounts/answer/32040

SANS: https://securingthehuman.sans.org/

National Cyber Security Alliance: https://staysafeonline.org/

Norton: https://us.norton.com/internetsecurity-mobile-8-cyber-security-tips-for-business-travelers.html

Mozilla: https://www.mozilla.org/en-US/teach/smarton/security/