In a year of many problems and issues the Department of Homeland Security decided to make October the National Cyber Security Awareness Month (NCSAM) since 2003.
The Theme is Own IT. Secure IT. Protect IT.
Own IT is reminding you to travel with cybersecurity in mind (at least some of the time), Social media usage and online privacy should be connected and though about how to use social media. the Internet of things devices should be sought out and updated or reviewed to make sure they are secure.
Secure IT is typical, a focus on Strong Passwords, but we could talk about just changing default passwords would be good too. The famous xkcd image is interesting:
passwords leads to MFA or Multi-Factor-Authentication.
MFA is required or suggested for in NIST 800-171.
Phishing we discussed in a recent blogpost: https://oversitesentry.com/top-cybersecurity-problem-for-small-business/
Securing your ecommerce may be simple or common sense… But has to be guided by OWASP as I discussed in https://oversitesentry.com/owasp-has-new-testing-guidelines-document/
The Secure IT portion is a combination of things:
- Patch your software
- Be aware of how you share personal information of employees or customers PII (Personally Identifiable Information)
Keep in mind a simple strategy to protect yourself and your company ZeroTrust
ZeroTrust means do not implicitly trust. First verify trustworthiness before doing business and granting access.
Zero Trust is used in many manufacturer network architectures, such as Cisco:
or Palo Alto:
“In Zero Trust, you identify a “protect surface.” The protect surface is made up of the network’s most critical and valuable data, assets, applications and services – DAAS, for short. Protect surfaces are unique to each organization. Because it contains only what’s most critical to an organization’s operations, the protect surface is orders of magnitude smaller than the attack surface, and it is always knowable.”
This is a good strategy for 2019 Cybersecurity awareness… Do not assume a social media connection until verified. Email link, email attachment, phone call and many other possible attacks to your business. Unfortunately this means sometimes mistaking or requiring a possible customer to prove who they are, but with some thought this can be done tactfully so that a potential customer can see why this is being done.
Contact Us to go into detail for some more awareness for you and your business.