Brandon Shopp expands on his two tips for National Cybersecurity Awareness Month to help you provide the best security support you can to your users.
On October 31, we’ll celebrate Halloween. Originally, Halloween stemmed from a Celtic tradition called Samhain
, where celebrants wore costumes and lit fires to ward off evil spirits.
In the same way, each October IT and security professionals celebrate cybersecurity awareness month by learning the best ways to help ward off evil cybercriminals from networks and machines. It’s a time to take the month to reflect on how you provide security for your organization and pick up some tips on improving along the way.
This past week, on our social media feeds I presented two tips meant to clue you in on practicing better security and compliance. Specifically, I focused on the fundamentals you need
to adopt if you want to help defend your organization from cyberthieves.
Today, I want to expand on those cyberclues to give you a little more actionable detail.
Cyberclue One: When the auditor knocks, have strong documentation and proper processes in place.
Historically, most regulations covered specific industries like healthcare, finance, or government. However, the advent of regionally based data privacy laws like the General Data Protection Regulation (GDPR) and its predecessor the Data Protection Directive (DPD) in Europe, or the California Consumer Privacy Act (CCPA) in California, prove that more businesses will fall under some
form of regulatory oversight. Odds are good that you either fall under at least one or two compliance laws now, or you will at some point in your career.
While we can’t give specific advice on compliance laws, there are some fundamentals you should know:
Cyberclue Two: Patch. AV. Backup. Proactive, daily cyberhygiene is your first defense against foul cyberdeeds.
- Process: One of the benefits of compliance is that many (although not all) laws or regulations provide specific guidelines around processes. Make sure you know the ground rules for any regulations you fall under. This may require taking online or in-person trainings, or it may require speaking with legal counsel. Follow any processes mandated by the law, and make sure your team is up to speed on these requirements. Finally, don’t forget to refresh your team’s and your own knowledge periodically in case any requirements change.
- Documentation: Beyond following processes, you need to be able to show your work if an auditor does come to make sure your organization is up to scratch. Choose technology tools that can help you document and demonstrate your commitment to these regulations. For example, when looking at security information and event management (SIEM) tools, make sure to choose those with comprehensive reporting that can help you demonstrate due diligence.
Protecting your organization isn’t just about having the latest and greatest security tools—you also have to practice the fundamentals regularly, whether it’s a daily practice like checking for patches or a periodic practice like refreshing passwords. Here’s what to do:
- Patch: First off, stay current with updates both on the operating system and on third-party software. Surprisingly, many businesses and individuals don’t follow this advice, which is basically security 101. Even several years later, an estimated 1.7 million endpoints remain vulnerable to WannaCry. Get a good patch management solution to help you automate the process of updating your users’ systems.
- Antivirus: Antivirus programs require the latest signature updates to be effective. If your AV signatures are out of date, you could leave yourself open to new threats or variations on existing malware families. With over 350,000 new malware programs discovered each day according to AV-TEST, it’s important to keep your AV signatures as current as possible.
- Backup: Backups aren’t just for power outages or natural disasters—the prevalence of ransomware shows the importance of having good backups in place for your users. Choose a Backup solution that can automatically back up data to the cloud on a set schedule and that gives you clear visibility into their statuses. Also, don’t forget to periodically test your backups—the last thing you want is to have to recover a client quickly only to find that one of your backups was corrupted.
Beyond these three, there are plenty of other tips on practicing the fundamentals coming up—from access rights to email security
. But I’ll leave that to my colleagues with articles coming out soon.
Stay Tuned for More Tips
October is spooky enough already without having to worry about cybercriminals haunting your organization. Stay tuned throughout Cybersecurity Awareness Month for more articles and tips to help you ward away cybercriminals.
(Also, if you don’t already, please follow us on Facebook
, and Twitter
for more great tips this month.)
Earlier in the post, we mentioned the importance of keeping up with patches and updates. SolarWinds®
Patch Manager lets you automate patching to help keep your employees secure. Plus, it can assist in your compliance efforts via patch status reports. Learn more about SolarWinds Patch Manager