As Memorial Day approaches, our thoughts turn to backyard barbeques, boating, and beer. Sunscreen on our noses, picnics in the park, and bright beach umbrellas. It is, after all, the official beginning of summer.
And, of course, we remember our veterans, those long departed and more recently gone, who died while serving our country in the U.S. Armed Forces. We honor them this Monday, May 30th. For many of us, their memories are always near. They are our grandfathers and grandmothers, mothers and fathers, sisters and brothers, sons and daughters. The United States military has a long history of service and sacrifice, of keeping us safe and secure.
As a cybersecurity firm, we wanted to take this opportunity to remember a few concepts and practices that are central to our present-day security and well-being. Our team assembled this brief list to help you in remembering what’s important. We’re sure you can add to it!
Teamwork: There Is No “I” in Team – But There is Me
Many of us work in teams. They may be permanent teams dedicated to specific responsibilities, such as IT teams or security teams. Or they may be ad hoc teams created for a special project or interim purpose, such as inventorying the organization’s digital assets or implementing a network upgrade.
Regardless of why the team exists, the effectiveness of the team begins with Me. Each team member needs to bring that mindset to the team, along with a commitment to contributing what is required of Me to help the team achieve its objectives. Remember that you are not an anonymous appendage, but an integral member of the team. Make the team proud of you, and make yourself proud too, by making your Me count!
Cybersecurity Awareness Training
Much like the Me in team, a single individual can have an impact on an organization in a very positive way. But one employee can also hurt an organization, either intentionally or accidentally.
Social engineering schemes rely on tricking a single individual into revealing information innocently, but with serious consequences. Ransomware, in particular, uses phone and email phishing techniques to fool employees into taking actions that, ultimately, deliver negative results. Results such as letting hackers into the network, enabling malware to be installed, and countless other cybercrimes that hurt organizations and their stakeholders.
Employers need to develop cybersecurity awareness training for their employees, including management, and remember to conduct that training regularly throughout the year. Because regular training has proven effective in thwarting cybercrime by helping employees remember what to be on the lookout for and what to do if it happens.
Security Risk Assessments
Whether you’re responsible for an entire business, or for managing its cybersecurity program, it’s easy to get busy with a thousand other priorities and forget about the basics.
Remember to conduct a security risk assessment every year, or every other year at a minimum. It is one of the critical steps in identifying risk to the organization from inside and outside, discovering the gaps in security, and enabling a sound risk management strategy to be developed.
A security risk assessment is not only part of the NIST Cybersecurity Framework, but is also a requirement of many federal regulations, including HIPAA, GLBA, and the PCI Data Security Standard, to name a few.
Software Patches
Cybersecurity headlines never fail to mention at least one cyberattack or hacking event caused by a company’s failure to update software as soon as new patches are released.
In some cases, the updates are automatically pushed by vendors and no action is needed in the organization. However, in many cases, the patches must be installed by IT staff, whether permanent inhouse personnel or third-party IT professionals. Microsoft Patch Tuesday has become a tradition, for better or for worse. However, it is effective in raising awareness of new software updates. Apart from this, it’s up to IT personnel to be alert for updates and to install new software patches promptly. The security of your organization depends on it.
As a corollary to this reminder, if your organization is still using a sunset system, a piece of hardware no longer supported, or a software program no longer maintained by the vendor, you won’t be receiving patches or updates. And over time, your system, hardware, or software will begin to look like Swiss cheese (full of holes). It will be increasingly vulnerable to hacks and other exploits. Remember to upgrade or replace these assets sooner rather than later!
Summary
Memorial Day is a time to remember the departed military personnel who have served our country to keep our freedom secure. As a cybersecurity firm, we wanted to use this opportunity to remember a few ideas and practices that are important to our present-day security and well-being. Like robust teamwork and leadership, regular cybersecurity awareness training, annual security risk assessments, timely software patches, and system upgrades. They all contribute to securing our federal agencies, public corporations, and private businesses.
Information technology managers and IT professionals in all industries owe it to their organizations to actively maintain these security best practices. And to seek out additional security guidance to ensure comprehensive security programs that protect their organizations and assets.
As you’re remembering what’s important, make sure that cybersecurity and compliance are on the list!
