8 Tips for Better Cybersecurity during National Cybersecurity Awareness Month
It’s October—time for sweaters, apple cider, and falling leaves for those in the Northern hemisphere. It’s also time for National Cybersecurity Awareness Month (NCSAM), originally created 17 years ago as a joint effort between the United States Department of Homeland Security (DHS) and the National Cybersecurity Alliance (NCSA). And while it originated in the States, it’s observed worldwide as a time to promote proper security measures for organizations.
This year’s theme is “Do Your Part. #BeCyberSmart.” This statement couldn’t be more appropriate for the moment. As people moved to remote work over the past year, organizations and IT providers lost some of the control they had over their customers’ security postures—particularly as workers began bringing company laptops onto home networks with varying levels of security. We’re all responsible now for our company’s security—which means we all need to do our part.
Today, we’ll talk about some steps you and your customers can take to be cybersmart this year.
Eight steps toward better cybersecurity
While a lot has changed over the past few years—particularly over the past year—the fundamental rules still apply. People still fall victim to phishing attempts (especially during times of confusion like during the pandemic), and unpatched vulnerabilities still are common culprits in a multitude of data breaches. So often, the older rules still apply. To that end, below are some tips to keep in mind, plus links to previous articles we’ve written if you want a deeper dive:
1. Assess current security protocols
As MSPs become targets for cybercrime, it’s important to frequently test your cyber-resilience. Try seeing how you stack up against some of the popular security frameworks out there like NIST. Read more about assessing your security protocols.
2. Get up to speed on social engineering
Phishing schemes have often been the first step in larger data breaches—whether it’s an attempt to install malware on a machine or steal someone’s credentials. Earlier this year, we saw a major increase in email scams where criminals used pandemic-related information as a thematic lure. That makes educating your team and your customer base on social engineering perhaps even more important than ever before. Get tips on social engineering.
3. Safeguard client data
Data is the lifeblood of most organizations. And with an increasing number of laws regulating data protection protocols and reporting requirements, it’s important to make sure you’re taking the proper precautions to focus on data security, not just security for devices. Learn how to better protect client data.
4. Establish encryption requirements
Another protection against data breaches involves encrypting your data. Encryption helps reduce the likelihood someone can use data even if there’s a breach. But while many devices automatically encrypt data, there are still some “gotchas” to be careful about, like preventing users from turning off encryption, and making sure your cloud vendors use strong encryption protocols. Learn how to determine and enforce encryption requirements.
5. Maintain timely updates
Patching and updating software should be security 101. Yet, despite this, many breaches occur due to unpatched vulnerabilities. So it’s absolutely critical to set a schedule for patching your customers’ operating systems and third-party software as well. Learn why patching is important and how to stay up-to-date.
6. Be proactive with threat protection
These days, it’s not enough to simply put in place preventive and detective security technologies—you want to take an active role in rooting out threats and staying up-to-date with an evolving threat landscape. Try including active, continuous threat monitoring into the mix to help your customers. Find out more about proactive threat monitoring.
7. Use role-based permissions and track logins
Another important step in improving your security posture is practicing solid identity and access management principles. You want to restrict access to a “need-to-use” basis to both help prevent insider attacks and reduce the amount of data a hacker can access if they compromise an account. Plus, it’s important to track login attempts to prevent active attacks. Discover the importance of identity and access management for MSPs.
8. Observe password best practices
Finally, it’s important to make sure that all your technicians use strong, unique passwords for every service they use. Account takeovers can be devastating, but it’s even more devastating for MSPs. With access to so many customer systems, they have the “keys to the kingdom” for multiple business and access to critical data, making them a prime target for cybercriminals. So make sure to enforce best practices among your technicians. Find out how to enforce password best practices.
The importance of passwords
This last tip deserves some additional focus. One of the central elements of being cybersmart involves following strong password practices. Not only is this one of the easier steps to take—it doesn’t take technical knowledge to set a strong password—but it’s also one of the most effective, particularly as people increasingly rely on cloud services while working remotely. For example, this year’s Verizon Data Breach Investigation Report found that more than 80% of hacking-related breaches used either brute-force attacks or stolen credentials.
One of the best ways to improve password security is to make setting strong passwords so easy you don’t have to think about it. SolarWinds® Passportal™ not only makes it easy to enforce password best practices, but it also lets you easily grant and revoke access as needed so you can give technicians access on a need-to-use basis. Learn more today by scheduling a free demo.