by Sean Curiel, on Oct 30, 2020 7:27:00 AM
October was National Cybersecurity Awareness Month (NCSAM). The U.S. Department of Homeland Security and the National Cyber Security Alliance have come together to create an effort we now observe annually. Its purpose is to raise awareness about security threats, and help educate the world on how to keep people safe online. This year’s theme is 'Do Your Part. #BeCyberSmart'. Because of this event, we’ve recently seen a flood of useful tips for protecting devices and also speculation as to how future technologies will affect our online experience.
As “awareness” is such an important concept when it comes to information security, that’s what we’ll be focusing on today. Employee awareness of potential security threats.
Sure, as a system administrator it’s your job to be aware of modern threats. You’ve patched your operating systems, updated firmware and software, and monitor your network traffic closely. Yet data security is bigger than you, and requires everyone in the organization to “do their part” in preventing a data breach or ransomware infection.
Organizational Awareness
All employees regardless of role must understand that they too are responsible for your organization’s data security. It doesn’t mean they need to be a data security expert, but by following a set of clear guidelines, they will help ensure uninterrupted business. Through regular training on the following subjects, you will help keep it fresh in their minds.
Awareness Training Topics
- Phishing
Emails may arrive to employees disguised as government agencies, existing contacts or even their own boss. Being able to understand how phishing attacks work and how to identify them is a necessity. You may even want to consider an internal Phishing simulation to help reinforce what they have learned. - Passwords
We all should know by now that strong passwords are a necessity. But where are employees storing their passwords? If it's a sticky-note on their monitor, you might be in trouble. Are passwords being reused in part or in whole between business services, or worse yet between private and business accounts? - Removable Media
USB Drives, SD Cards and SSD drives brought in by employees can create enormous risk to a company. The simple act of plugging in an infected media to a work system could cause a companywide disaster. Establish an Acceptable Use Policy (AUP) which might be as simple as requiring approval from the IT security team prior to use. - BYOD (Bring Your Own Device)
In addition to storage media, employees may be using their own devices (smart phones, tablets, laptops) for work purposes. If sensitive business information is stored on these devices, their exposure presents risk. Malware has also gone mobile, and unsecured WiFi networks (your local coffee shop) is ripe for data to be intercepted via a man-in-the middle attack. - Ransomware
Once a system has been infected with malicious software, employees will find themselves unable to access data. Do employees understand what the symptoms of Ransomware look like? Do they know the immediate actions they must take should they discover an infection?
(Download our Ransomware Prevention Checklist today.) - Social Media
Brand impersonation, fake promotions, malicious links - often it's hard to know what's real in the social media world. Employees are also vulnerable when offering too much personal information on private social media accounts which presents an opportunity for identity thieves to attack both personal and business related accounts. - Backup
As a SysAdmin you may have a finely tuned network backup. But these days employees who are on the move or work remotely, store critical data on their private laptop. Furthermore local backup or cloud backup alone is not enough. Flexible backup solutions like NovaBACKUP allow you to backup locally, online and even offsite to a separate location for emergency scenarios.
National Cybersecurity Awareness Month is a helpful reminder that threats are evolving and ever present. Take advantage of this event to schedule awareness training for the employees in your organization tailored to their departmental roles and access rights. With a clear set of security policies employees will better navigate dangers and appropriate actions in the event of a breach thus helping to mitigate the vulnerability and unpredictability of human error in your security strategy.
Speak with a data protection expert about security and backup policies today.
