If you’ve been too busy warding off phishing and malware attacks to keep up with the latest cybersecurity news, this month presents an ideal opportunity to catch up. Every October, Canada participates in Cybersecurity Awareness Month, an internationally recognized campaign to promote cybersecurity safety and awareness.
For the past several years, the project has been a collaborative effort between government and industry to ensure every Canadian has the resources they need to stay safer and more secure online. This year, the event coincides with the opening of the Canadian Centre for Cybersecurity, an important part of Canada’s National Cybersecurity Strategy.
While you don’t need to wait for Cybersecurity Awareness Month each year to take another look at your security practices, it presents a good reminder to brush up on your fundamentals. Here are four tips you can check in on or deploy for the first time to protect the privacy of the information and data that circulates to, from, and within your organization today.
1. Remind your employees about security basics
As an IT manager, security falls under your job description, but you can’t do it alone. Every employee plays a part in protecting the company, and your job is to create a plan for employee education, training, and awareness. But more often than not, these sessions can feel boring to host and—even worse—to attend. Why not focus instead on creating cybersecurity awareness initiatives that will inspire and motivate everyone involved?
Effective programs are tailored by department. For example, a sales rep who spends a lot of time in the field, working remotely from mobile devices, will need a solid lesson pertaining to mobile security that covers the dangers of unsecured Wi-Fi and how to avoid them. In contrast, a payroll employee who handles sensitive financial information may prove more vulnerable to phishing attacks. Your users will pick up lessons faster when the material is customized for them—so dust off those presentation skills and sell it!
2. Strengthen all logins and encourage 2FA
Whether for business or pleasure, employees surf the web during work hours. Doing so safely means practicing good security habits, such as strengthening logins and passwords. To instill this mindset in your employees, you may want to encourage them to replace passwords with passphrases. A passphrase is a sentence made up of words, numbers, and punctuation marks to create complex, unique, and memorable passwords. For example, “I love to eat pudding in my pajamas” (don’t judge) can turn into the passphrase “I<3puddingPJ$.”
You should also encourage employees to turn on two-factor authentication (2FA) for any account that supports it. Two-factor authentication, also known as two-step verification, will send a one-time-use code via text message, call, or email. In addition to your regular password protection, 2FA should be enabled on all your most valuable accounts, including email, social media, and financial.
3. Shut every door to hackers
Cutting-edge technology makes life easier, but it can also make it easier for hackers to get into your organization, putting you at risk. In fact, one study found that at least 70 percent of successful data breaches originate from unsecured endpoints, such as routers or printers. Every business is at risk for a data breach, and taking the necessary steps to secure all devices is vital to protecting customer and company information.
To secure your endpoints, you can turn to devices with built-in malware protection and encrypted hard drives and use unique administrative passwords for each device. Start by covering the basics and work your way toward adding layers of maximum security, helping your company stay up to date with new government regulations.
4. Be as transparent as possible
Cybersecurity breaches make the news almost daily, and the publicity can hurt any organization. Instead of waiting for a fall, many organizations are being proactive by implementing targeted strategies, including the adoption of unified rating systems for evaluating security.
According to BDO Canada, an international network of public accounting, tax consulting, and business advisory firms, underwriters are now using cybersecurity ratings to determine a company’s liability and offer cyber insurance. Using such a rating system in your business could provide your company with an increased awareness of any weaknesses it may have, as well as the ability to better evaluate risks of working with partners and vendors. Being proactive can save you from headaches later on and help you avoid a hit to your company’s reputation.
Training on safety procedures shouldn’t be a one-and-done event. Beyond an annual meeting to brush up on your security fundamentals in honour of Cybersecurity Awareness Month, you should hold smaller monthly tech jams that cover a single topic. And if you’re looking for the latest news, insights, and tips to keep your company secure, subscribe to Tektonika by clicking the “subscribe” button on the top right of the page.