Ensuring safety and privacy in today’s online environment is an enormous task. It’s way too much for a single person or a single company to manage on their own. As a security professional, I am personally encouraged by continual reminders that I’m not fighting this battle alone.
Every October is National Cybersecurity Awareness Month (NCSAM), and I’m proud to announce that Sisense has taken the initiative to sign up as a Champion for the cause. NCSAM is a great reminder that ensuring secure environments for online activity is a collaborative effort. It takes all of us — businesses, government agencies, colleges and universities, associations, nonprofit organizations, and individuals — working together to achieve the ultimate security goal.
This year’s NCSAM theme is “Own It. Secure IT. Protect IT.” The goal is to encourage every consumer to understand their everyday technology and prevent cybercrimes by securing their digital profiles. The NCSAM website has lots of information about dealing with more sophisticated cybercriminals and a list of standard tips to secure yourself online. Those best practices are a simple way for any individual or group to be cyber smart.
This is an exciting year for me to be a part of the NCSAM activities. Last year, I led the NCSAM efforts at Periscope Data, which were very successful. But this year, I get to oversee efforts to ingrain the security mindset in the DNA of a newly merged organization. As a Champion of the NCSAM efforts, it’s a huge opportunity for Sisense to step up and lead the charge at a much larger scale.
Now in its 16th year, NCSAM continues to build momentum and impact with the ultimate goal of providing all Americans with the information they need to stay safer and more secure online. Sisense is proud to support this far-reaching online safety awareness and education initiative which is co-led by the National Cyber Security Alliance (NCSA) and the Cybersecurity and Infrastructure Agency (CISA) of the U.S. Department of Homeland Security.
Keeping businesses secure
To be totally secure, individual employees need to do more than just rely on their company’s IT and security team to protect their devices and environment. I encourage any security professional to point their teams to the personal security tips on the NCSAM website.
As far as business cybersecurity is concerned, there are also tips for identifying devices, protecting data, responding to threats, and recovering breached information if an incident occurs. Here’s a quick overview of some of those pointers:
Have a recovery plan, even if you don’t need it
It’s easy to get enthusiastic about your security efforts and think that no attack could ever happen to your company’s data. But every company is always vulnerable, you need to prepare for the worst. That means familiarizing yourself with the breach notification laws in your state, preparing for an emergency workflow without certain technologies (even switching some operations to paper if necessary), and preparing spares/backups of certain data assets.
Stay up-to-date on the technology in your company
A good place to start this task is with an inventory of data and physical devices that the company owns. This list must be updated extremely frequently with information about where that technology is kept and who has access to it. A strong authentication process for employee accounts also helps manage access. Enforcing strong passwords can seem like a hassle, but it’s necessary in today’s challenging security environment. Cybersecurity professionals need to put forth strong messaging and help build a culture of security to drive home how vital it is that teams ensure that passwords aren’t an opportunity for a breach.
Know how your data is connected
Whether it’s individual devices or cloud pipelines, security professionals need to the people and devices that are connected to their data. Mapping out the flow of information is essential to every step of the security process. Regularly auditing your information connectors (and making sure that those connectors meet certain security standards) is a great way to keep business data safe.
When in doubt, throw it out
It’s a security professional’s job to train the rest of their organization about the threats that can be found in suspicious emails, posts, ads, messages and attachment. They should be taught a healthy suspicion of unfamiliar or unexpected activity. More than just being on the lookout for those potential attacks, teams need to know to report suspicious activities, emails, and messages so the security team can guard against future attacks. It’s an ongoing effort to stay on top of the most common threats and protect against them.
A deeper discussion of security
Earlier this month, I had a chance to discuss personal experiences from my career in security on Business Security Weekly. That conversation is full of individual tips to improve your own security and comments about the larger security industry as a whole. You can watch the entire episode of Business Security Weekly below.
For more information about NCSAM 2019 and a wide variety of personal and business security activities, visit staysafeonline.org/ncsam.