A Few Simple Things for CyberSecurity Awareness Month

Okay, so October is upon us, and CyberSecurity Awareness Month is here again. What can one really do? What should people do??

CyberSecurity Awareness Month always comes with formal and informal programs with lots of content, including education and training. As your friendly neighborhood IT Security person, I certainly encourage you to explore and take advantage of as much of the content as your schedule permits. While you are consuming all these various messages, articles, and courses/webinars, keep in mind that even focusing on just a?few simple things,?goes a long way when it comes to CyberSecurity. These activities can drive improvements and reduce risks to your systems and environments, along with those of your organization and even your family and friends.?

Learn Something new related to CyberSecurity

For each week during the awareness month, attempt to learn something new related to CyberSecurity. This could involve how to avoid falling victim to various forms of social networking, either in person or via digital methods (i.e., Phishing, Smishing, Vishing). Or, it could be learning more about a system or service with increased understanding leading to more secure configurations or better protection of sensitive data. Perhaps it will be about discovering better approaches to automatically validating security and compliance on the systems you are responsible for.?

Make something more secure and compliant

There will always be a constant battle between the security of the cyber world and various things that inadvertently or purposefully breach the environment. For the sake of simplicity, for now let’s just call this “hackers vs. cybersecurity”. This battle is never static as new vulnerabilities are discovered and new techniques and solutions, are created and utilized by both sides. Naturally, the security and compliance of your IT systems should not be static either. Try to find an improvement you can make each week that will strengthen the security of your systems. In some cases, this could be merely closing a gap in compliance that lowers the inherent risk.?

Report a significant security gap you come across in your organization

We would like to make it clear up front that we are not suggesting that people do any unauthorized penetration testing. What we are referring to here is identifying and reporting a problem that anyone might come across through normal interaction, experience, or observation. For example, an application that intends to limit access to data/services but where someone could readily access data or services that should be restricted to authorized individuals. An even simpler example of such an exposure is when someone uses a collaborative tool (i.e., Box, Github) to post sensitive data (i.e., Confidential) or credentials, without properly restricting access. Reporting such exposures to your IT Security Team and the owner of the resource can facilitate necessary remediation. In addition, identification and reporting of such situations increases cybersecurity awareness for all involved, including the persons reporting the exposure.

In Summary

“Let me ‘splain. No, there is too much. Let me sum up.” – I?igo Montoya (The Princess Bride, MGM 1987)

Review and utilize the various content provided to you throughout CyberSecurity Awareness Month. Each week during the month, try to carve out a bit of time to do a few simple things. Learn something new, improve security and compliance for something you are responsible for, and if you discover an exposure, please report it. If you can do this all year long, even better.?

There is another nice aspect of these few “simple things” in that they are intertwined. Learning something new could lead you to making something more secure/compliant and, or discovering and reporting an exposure in someone else’s environment. The act of making something more secure/compliant often results in learning new things, and as you close gaps in your own systems it can make it easier to identify such gaps in others’ environments. Discovering an exposure in something that you access or use, can circle right back to you learning something new and applying that to your own environment to make it more secure/compliant. And around and around it goes, for the greater good.?

Each new “thing” that is?learned,?improved, or?reported, has the potential to provide a?compounding effect on the security of your IT systems and for IT environments throughout your organization. If everyone were to do this just once a week during CyberSecurity Awareness Month, just think about how much better off we would all be.

Reference material

·??????https://www.cisa.gov/cybersecurity-awareness-month?

·???????https://staysafeonline.org/cybersecurity-awareness-month/?

·???????https://www.enisa.europa.eu/topics/cybersecurity-education/european-cyber-security-month?

·???????https://www.nist.gov/itl/applied-cybersecurity/nice/events/cybersecurity-career-awareness-week?

[1] Time to Learn image above attributed to: Photo?44548745???Kianlin?|?Dreamstime.com

[2] Block image on security areas attributed to: Photo?225804847???Najmi Arif Norkaman?|?Dreamstime.com

[3] Say something image attributed to: Photo?31390948???Wellesenterprises?|?Dreamstime.com