Cyber Security Awareness Month – 2020

In the spirit of Cyber Security Awareness Month, today we take a look back at useful tricks and tips to help improve your organization’s cyber security awareness. This year, with the pandemic and many employees working from home, cyber security awareness is paramount in keeping your company secure. Remember, you are only as secure as your weakest link, which tends to be the people working in your organization.

Work From Home Security Tips

  1. Leverage a VPN – Hopefully your employer has provided a VPN solution for you to connect to your organization’s network. You should always try and connect to your VPN when you are at home, in a coffee shop, or anywhere outside of your office, as this provides an encrypted “tunnel” between your device and the internal, corporate network.
  2. Set up Multi-Factor Authentication (MFA) – MFA is using a combination of different methods to prove you are who you say you are, when authenticating to an application or system. This helps protect your accounts from being hacked by ensuring that, not only is a password needed to login to your account, but also something additional such as a code texted to your phone. This recommendation applies to the applications you are logging into for work and your personal accounts, such as banking, retirement accounts, email, etc.
  3. Lock your workstation – This may seem silly to do while working from home, but getting in the habit of locking your workstation anytime you walk away helps build muscle memory. And if you don’t lock your workstation when you get back into the office or you go to a coffee shop to work, you may leave your device susceptible to compromise, as bad things can happen to unattended workstations very quickly. Additionally, locking your workstation at home can prevent silly accidents, like bumping into your keyboard or a rogue child that gets into your office, from causing any havoc to your working environment.
  4. Set up a Password Manager – Password managers store all of your passwords securely and allow you to focus on only remembering 1 password for your vault, as opposed to memorizing hundreds of different passwords for all your accounts. Here is how it works: you set 1 really strong password to get into your ‘vault’ which then stores the rest of your passwords to other sites. Something such as LastPass can be setup for free, helping improve your security and reduce your stress levels associated with trying to remember all of your different passwords. Again, something we recommend for both work and personal use.

Password Management Tips

  1. As you might expect, weak passwords are often the easiest way for attackers to gain access to an organization. Teach your employees how to choose strong passwords as opposed to falling into the trap of “Fall2020” or “COVID2020” (which are real passwords that we’ve come across in tests recently).
  2. Avoid weak passwords shared within the IT group for shared accounts, service accounts, etc.
  3. Modern password cracking machines can brute force a 6 character password in minutes, 7 characters in under an hour, and 8 characters in under 2 days. So a longer password becomes exponentially more secure.

Employee Awareness

  1. Any security awareness training is better than nothing. There are certain things that should ALWAYS be included in an awareness training, such as how to spot certain types of attacks, how your users should be reporting suspicious activity, how to choose strong passwords, etc.
  2. Consider having a penetration tester conduct your awareness training! This will help improve employee engagement and provide a unique perspective from someone who actually conducts social engineering campaigns on a regular basis.
  3. Educate, educate, educate! Phone-based vishing attempts are becoming more and more prevalent, and employees are more likely to fall for them as people don’t commonly suspect social engineering to be this sophisticated. Most of the time, people want to inherently trust others. Educate your employees on how to spot an attack and how to shut it down.

While October is Cyber Security Awareness Month, information security should be taken seriously year round! Security is constantly evolving and, unfortunately, the bad guys are getting more and more sophisticated. Educate your employees, maintain good security hygiene on an ongoing basis (through functions like patch management), and explore having penetration testing conducted regularly to ensure the security controls you have deployed are effective in reducing your risk. Contact us today if you are interested in learning more!