October is a month known for many things: pumpkin spice, Halloween, fall leaves, and, of course, cybersecurity awareness month. For the past 20 years, the Cybersecurity and Infrastructure Security Agency (CISA) has devoted the month of October to cybersecurity awareness. While security should always be a high priority, they use this as an opportunity to remind individuals and organizations alike how to be cyber-smart.
With the theme of “Secure Your World,” this year focuses on four ways to stay secure:
- Recognize and report phishing
- Use strong passwords
- Turn on multifactor authentication
- Update software
Let’s explore how these recommendations help organizations keep their employees and customers stay safe.
(1) Recognize and report phishing
Most organizations today offer cyber awareness training, usually with a heavy focus on recognizing phishing emails. They teach employees how to recognize a phishing email and what to do if they receive one (hint: don’t click that link!). While this is a great start, it still leaves significant room for human error.
With firewall management software, you go a step further in preventing phishing attacks. Determine what network traffic is allowed and what is not, then configure firewall rules and policies to act as a first line of defense. For example, you can:
- Block or filter malicious traffic from or leading to known phishing sites
- Monitor outgoing requests to verify their authenticity and block anything that tries to go to known malicious websites, IP addresses, or domains.
- Examine the signature, file type, or behavior of a file downloaded from these sites and block the installation
(2) Use strong passwords
Whether you’re creating an account for personal or business use, it’s always a good idea to set a strong password. This commonly includes a longer length and a mix of upper- and lower-case letters, numbers, and symbols. Organizations should require their users (both employees and customers) to follow a list of requirements for password creation and change passwords regularly so that all passwords that link back to their systems are more secure.
(3) Turn on multifactor authentication
Multifactor authentication (MFA) adds an extra layer of security. Using MFA requires employees or customers to take the step to authenticate their attempted login – by entering a code sent directly to their device or by using a preinstalled two-factor authenticator (2FA) application. Enforcing the use of MFA adds additional protection to an organization and its critical data.
(4) Update software
While this may seem straightforward, most organizations have tens of thousands of devices to manage — with potentially millions of vulnerabilities. This is where a vulnerability remediation program becomes very valuable, which prioritizes vulnerabilities based on a comprehensive look at the risk to the organization. By considering both external factors, like a vulnerability’s exploitability, and internal (business-specific) factors, such as asset importance and accessability, you focus on the vulnerabilities that pose the most risk to your organization and ensure those devices get the critical updates first.
Happy cybersecurity awareness month!
Security is everyone’s responsibility, but there are steps that an organization must take to reduce their risk and put less burden on their employees. Whether you’re looking to implement better firewall rules or gain confidence in your vulnerability management, Skybox’s Continuous Exposure Management platform helps you better protect your organization.
