October is National Cyber Security Awareness Month (NCSAM) — and we appreciate the opportunity it gives all of us to go back to some of the basics that can help prevent unnecessary cyber security incidents. According to the Center for Internet Security (CIS), NCSAM was brought to life through a collaboration between the U.S. Department of Homeland Security and the National Cyber Security Alliance. It was created in 2003 as a way to educate individuals on the importance of taking precautions and ensuring organizations are properly equipped and educated to protect their stakeholder’s sensitive information.
Organizations on High Cyber Security Alert
While it’s certainly important for US citizens to be aware of the potential for phishing attacks and cybercrime, organizations need to be on high alert — especially with the growing rate of cybercrime targeting enterprises and the information they hold. Cybercrime can wreak havoc on organizations and can comprise information such as personal contact information, bank account numbers, and even personally identifiable information (PII) like SSNs and driver’s license numbers. When this information is seized by an attacker, huge downstream consequences can snowball for years, crushing all involved.
Consider that in 2017, Wired Magazine reports that we’ve already seen record-breaking cyber security meltdowns from the likes of Shadow Brokers, Wannacry, Petya/NotPetya/Nyetya/Goldeneye, Wikileaks CIA Vault 7, and Cloudbleed. That doesn’t take into account the Equifax disaster, the SEC data breach or the fact that 198 million voter records were exposed. It seems we can’t go a month (or even a week or two) without hearing of yet another major cyber security issue. We hear the stories so often that it’s become nearly immune to many of us — something we tune out until it personally affects our bank accounts or our credit scores.
Cyber security has become such an important focus area for organizations of all shapes and sizes that, according to a recent Gartner study, global cyber security spending will grow to $86.4BN in 2017 alone. “Rising awareness among CEOs and boards of directors about the business impact of security incidents and an evolving regulatory landscape have led to continued spending on security products and services,” said Sid Deshpande, principal research analyst at Gartner, in a statement.
Encourage Your Employees to Stay Safe Online
NCSAM provides the perfect opportunity for organizations — especially IT and Security leaders — to step up and educate their employees about how to stay safe online, both in the work setting and in their private lives. Staysafeonline.org provides a helpful tip sheet of useful reminders. While they may seem intuitive, it just takes one error or misstep on an employee’s part to compromise the entire organization. Staysafeonline.org reminds individuals to:
- Lock down your login: Your usernames and passwords are not enough to protect key accounts like email, banking and social media. Strengthen online accounts and use strong authentication tools — like biometrics, security keys or a unique, one-time code through an app on your mobile device — whenever offered.
- Keep a clean machine: Keep all software on internet-connected devices — including personal computers, smartphones and tablets — current to reduce risk of infection from ransomware and malware.
- When in doubt, throw it out: Links in email, tweets, posts and online advertising are often how cybercriminals try to compromise your information. If it looks suspicious, even if you know the source, it’s best to delete or, if appropriate, mark it as junk.
- Back it up: Protect your valuable work, music, photos and other digital information by making an electronic copy and storing it safely. If you have a copy of your data and your device falls victim to ransomware or other cyber threats, you will be able to restore the data from a backup.
- Own your online presence: Set the privacy and security settings on websites to your comfort level for information sharing. It is OK to limit how and with whom you share information.
- Share with care: Think before posting about yourself and others online. Consider what a post reveals, who might see it and how it might affect you or others.
- Personal information is like money. Value it. Protect it. Information about you, such as purchase history or location, has value — just like money. Be thoughtful about who gets that information and how it is collected by apps, websites and all connected devices.
Protect Against Third Party Vendors and Partners
The 2016 State of Small & Medium-Sized Business (SMB) Cybersecurity report, independently conducted by Ponemon Institute, LLC and sponsored by Keeper Security, surveyed 598 individuals in companies with 1,000 or fewer employees. One of the statistics the survey revealed is that negligent employees or contractors and third parties caused most data breaches; however, almost a third of companies in this research could not determine the root cause.
Every time your organization puts data in the hands of a vendor, it raises concerns about the security of that data. According to IDC, the Software as a Solution (SaaS) market is growing at 5X the rate of on-premise software adoption, which increases the risk of an incident every single day.
Because of the severity of cyber security threats, one of the most important things that organizations can do to prepare for and minimize risk is to first have a thorough understanding of what sensitive information or applications third party vendors have access to (in fact, we cover this in more depth here). Without this understanding, your team will not know which relationships pose the greatest risk to your organization and your case for broader awareness of these risks may not carry as much weight as it should.
Interested in learning more about NCSAM or want to attend an event this October? Check out the Stay Safe Online events page for more resources to help your organization, employees, and family stay safe this October, and all year long: https://staysafeonline.org/event_category/ncsam/.
Ready to Learn More?
Check out our resources below for more third party vendor best practices and insights on how your organization can effectively approach security assessments.
Request a Live Demo with a Whistic Product Specialist