Awareness Introspection Month
By Andrew Roberts, Chief Cybersecurity Strategist, cStor
Welcome to October – a month of change and more. In Arizona, October marks the end of summer’s heat and we welcome cooler weather. In the north, October brings bright fall foliage and a crisp bite in the air. Many children look forward to Halloween at the end of the month. Another change that comes with October is found in stores where the holiday season is now in full swing, though not everyone is happy about that.
October is also Cybersecurity Awareness Month. It has been since 2004 when the President and Congress first declared it so and have been doing every year since.
When I was asked to write something for Cybersecurity Awareness Month, I briefly considered a quick version of the usual October advice. Things like how to make a strong password or passphrase, and how they should never be reused for multiple applications. I could also talk about not clicking on that link or opening that attachment even if your distant relative is a Nigerian Prince. I could even reassure everyone that the email they got from their CEO asking them to buy some gift cards didn’t actually come from their CEO. But I only briefly considered these.
Those that know me also know that I tend to approach things from a slightly different angle than most – and this task is no different.
Let’s take a different look at Cybersecurity Awareness Month for the cybersecurity professionals in our midst. After you’ve sent your witty and insightful October messages to your company employees and maybe even your customers, how many of you go the extra mile and take an introspective look at your own cybersecurity awareness? I don’t mean whether you know good password practices and that other stuff, but how aware are you of the state of cybersecurity inside your own organization? Do you know where all your sensitive and important information is? Do you know if access to that data is appropriate and follows a solid least-privilege model? Is it all encrypted where it should be? What could you be doing to better protect that data?
How good is your multifactor authentication (MFA) deployment? Does it cover every employee in every situation where it should? We know that a proper MFA implementation can greatly reduce the risk to our systems, is your MFA properly and fully implemented?
Look at your email, the number one vector for so many attacks; how well are you protected?
As you look inward, don’t forget your extended family. Do you know which of your family members are most vulnerable and how you may be able to help them be safer?
As we head towards the end of the month, consider making November your own Cybersecurity Introspection Month. Cybersecurity isn’t just for October.