- October 1, 2022
- Posted by: Contego Inc.
- Category: Protecting Your Network
October is cybersecurity awareness month. This month, we typically take some time to update our software, change our passwords, and swap a few data breach horror stories. We all remember the wave of hospitals taken hostage by ransomware, or that time the entire Mariott hotel chain revealed a multi-year breach. We know about the WannaCry hack that targets older Microsoft operating systems and the head-scratching epidemic of overlay keypads in stores that steal payment information.
There are so many ways that a business can be hacked and such a vast network of potential malicious actors (and their automated malware infections) that businesses have accepted cybersecurity risk as par for the course. With social hacking taking center stage, it has become necessary to both build a robust technical defense and raise awareness of cybersecurity operations with your entire staff. Anyone with an email address or a workstation computer, from your CTO to your local cashiers should get in on cybersecurity awareness this October.
The safest workforce is more than trained, they are engaged, aware, and vigilant for signs of hacking, phishing, malware activity, and compromised data. Let’s dive into both how to prepare your systems and fun ways to prepare your teams for cybersecurity month.
Prepare Your Systems for Cybersecurity
First, let’s touch on the best practices for any business – no matter your sector or business model – to maintain a strong cyber-secure infrastructure.
Keep Your Systems Updated and Configured
Make sure you are working with relatively new equipment, the latest operating systems, and continually upgrade the software in your stack. Download security upgrades and check for non-automated upgrades at least once a year – October is a great time to check.
Once you have fully upgraded software, make sure your systems, programs, platforms, and firewall are fully configured with new logins and custom settings that increase your security from the default out-of-the-box performance.
Perform Routine Penetration and Vulnerability Testing
Never assume that security “just works” or has continued to work without monitoring. Penetration and vulnerability testing are two approaches to the same goal: Identifying potential gaps in your cybersecurity and closing them. Perform regular penetration and vulnerability tests, especially after making changes or updates to your stack.
Use Live and AI-Assisted Security Monitoring
Monitoring your network is the best way to detect malicious activity in action. Authorizations that don’t fit the typical pattern, activity at the wrong time or from the wrong IP address, or mysterious resource use from unnamed programs are all red flags that can be caught with human and AI network monitoring.
The Best Ways to Raise Staff-Wide Cybersecurity Awareness & Vigilance
Now, let’s get to the fun part: Cybersecurity awareness for the whole team. Companies have typically struggled to keep their staff interested, engaged, and vigilant in spite of available or mandatory cybersecurity training. Why? Because the training does not engage and relevance doesn’t extend past the classroom. The best way to celebrate October as Cybersecurity Awareness Month is to create a month of awareness activities that the whole staff can have fun with. Yes, we said fun. When cybersecurity practices become woven into rewards for vigilance, inside jokes, and routine activities, your team will defend company data effectively long after training day is over.
1) Post a Fake Phishing Email on the Dash/Bulletin Board
Give everyone a visual of what phishing looks like. Everyone knows that suspicious feeling when they get it, but not everyone has seen a few dozen examples of phishing to compare to emails that hit their inbox. Write (or find and print) one subtle but obvious-if-you-look phishing email and post it in the break room, on the bulletin board, or on your shared digital dashboard for remote and hybrid teams.
Have a good laugh, let the team talk about it. Call it the Catch of the Week and post a new Phish every Monday to check out and laugh about the scams. This will casually familiarize your team with phishing approaches that they will avoid with more savvy and group support.
2) Hold a Password Building Workshop
Most people do not know how to make and remember a good password. It’s a learned skill. Most admins probably remember when they learned and from whom, we certainly do. Become that life lesson by holding a password workshop for your teams. Teach them to make funny yet complex passwords that are as easy to remember as a one-line joke and as hard to guess as a random string of letters.
3) Create a Hacker-Report Intake System
Make sure there is an available channel for all employees to report cybersecurity matters. Whether it’s screenshots of a potential phishing email or “I think I just clicked a bad link.” Make it a safe, welcoming channel with the message that IT would rather know than not know about any possible breach, mistake, device infection, or attempt to phish employees.
4) Commission the IT Team to Perform Cybersecurity Drills
Nothing is quite as effective for staff-wide security like cybersecurity drills. Phishing avoidance, malware detection, ransomware response, and how to report it all can be taught in a way everyone will remember (for the rest of their lives) by asking the IT team to play the badguys. They typically love this role, provided other work is well-balanced.
Challenge your IT team to send fake phishing emails from new email accounts, to simulate the signs of malware on random employee devices, and to occasionally send a fake ransomware prompt. Before you release this on the staff, clearly instruct everyone on what to watch for and how to report a cybersecurity issue if the signs occur. Give cheat-sheets and post reminders. Encourage everyone to stay sharp and watch out for the spoofed hacks.
Publicly congratulate those who properly avoid and report the drills. Then throw a party for those who detect and report a real hacker. Reserve an end-of-year award for anyone whose vigilance may have saved the company.
Keep the tradition going, and your team will stay on their toes hunting for hackers, with a potential bonus of cake, trophies, and glory.
Building a strong foundation of cybersecurity starts with your infrastructure. Your hardware, software, updates, and monitoring define how safe everyone is by default. An alert, engaged, and vigilant staff forms the next layer of your defense, catching every social hacking attempt and possibly even a few instances of lurking malware. You need an IT team ready and equally dedicated to the safe operation of your business. Contact us today to learn more about how to get secure for cybersecurity awareness month.