Cybersecurity Awareness Month isn't just another catchy campaign (like “International Coffee Day” or “World Star Wars Day”), it's rather a movement to promote both individuals' and organizations' roles within a secured digital environment. And Managed Security Awareness could be a viable option to support your efforts.

Creating (and maintaining) sustainable cybersecurity policies and awareness is a shared responsibility for every single employee within an organization (not just the IT department). 

We can't stress this enough: digital security is everyone's responsibility. Or "Do Your Part #BeCyberSmart!”

Due to COVID-19, individuals’ and organizations’ data is far more likely to be susceptible to phishing attacks from actors, posing as the Center for Disease Control and Prevention (CDC) or World Health Organization (WHO) representatives. Thus targeting and tricking users with emails that include malicious links leading to, for example, a supposed “updated list of new cases around your city”.

What is worse, over recent years cyber attacks and breaches are on the rise. Only this year can we recall the Kaseya ransomware attack, compromising the data of over 1500 companies with a ransom note for $70 million. Or how about the Saudi Aramco $50 million data breach? Taking the matter even one step closer to home, the Department of Homeland Security has reported that 47% of American adults have had their personal information exposed by cybercriminals.

As we all become more and more digitally connected, hackers' methods are becoming more and more sophisticated. Put it simply, the Internet isn't a safe place, especially for companies, as we are all still adapting to hybrid workspaces, where employees could happen to have access to confidential data from virtually everywhere.

And organizations do face the tough challenge to secure their online data while promoting digital safety. Their role is to ensure that the company-wide security culture is strong and sustainable and that their employees are aware of the security procedures or protocols and aren’t putting their data at risk.

We have hence created a list of 3 best practices that could improve your organizations’ cyber security right now. By taking these necessary precautions and securing your data, you and your organization will be far less likely to become the next victims of a cyber attack.

1. Be Cyber Smart About your Company Devices

This might sound like an obvious one, but in order to safeguard your organization against cyber security threats, you first need to understand what needs to be protected.  

Or in other words what data and systems are critical for your company? This should include the likes of customer databases, intellectual property, and company devices. 

Once you have created an inventory of your most valuable assets, you need to spread awareness about the importance of cyber security. Your team needs to be fully equipped to handle confidential information. That does include reminders about not leaving company property unattended.

And to take your cyber security one notch further, we would suggest the following precautions:

  • Implementing full disk encryption and using Trusted Platform Modules (TPM);
  • Setting up strong passwords for each stage of the authentication process;
  • Implementing an auto locking-out mechanism and encouraging such routines. 

2. ​​ Explore. Experience. Share. And remember to use a VPN.

Virtual private networks (VPNs) are an ideal solution for the new hybrid office, as they allow employees to access important files remotely. VPNs establish a secure connection via the company's private networks or other encrypted connection mechanisms. This on its own reduces the risks of data leakage.

If you have currently implemented company-wide VPNs, we would suggest you also look into the following extra measures:

  • Configuring the VPNs with multi-factor authentication (MFA) as an added security level. Establishing this extra factor of authentication (e.g. a code, received via mobile; a token; biometric verification; etc.) would prevent unauthorized actors from connecting to your company networks, even if an employees' VPN credentials are compromised.
  • Properly configuring and monitoring firewalls is another definite must. This would allow you to identify any attempted or successful connections from unauthorized or suspicious Internet Protocol (IP) addresses.

3. Cybersecurity First: Learning to Deal with Cyber Incidents

The cyber security of any organization is a constant process that requires a couple of main factors. Commitment on the end of the employer to constantly monitor and improve their organizations' systems and protect them against cyber security threats. Awareness and proactivity are on the side of the employee. If they identify a possible data security breach while out of the office, your employees should understand the procedures they would need to follow. 

The first step would most evidently be to inform the organization’s designated recipients of such notifications. 

To keep everyone in the loop, don’t forget to remind your data breach response team members that due to the possibility of increased risk during this period of time, their attention and resources may be called upon. 

Having clear-set incident response requirements would be an effective way to minimize any possible damages. Remember that in most cases, those few moments that are needed to react could be key to protecting your organization

At Amatas, we offer a 5-element Managed Security Awareness service created specifically to deliver an adaptive multichannel, business-specific, and employee-centric security awareness program. Thus, protecting the modern-day business against cyber security threats. 

Within our service, we have incorporated:

  • Social Engineering Susceptibility Assessment to identify your employee’s psychological vulnerabilities;
  • Market-Leading Security Awareness Training Platform that combines the world's largest library of security awareness training content with expertly crafted simulated phishing attacks;
  • Security Awareness Program Management - a fully outsourced security education, training, and awareness program tailored to the business context and the culture of your organization;
  • Cybersecurity Coaching to provide your employees with the insights and knowledge they need to secure their digital lives and workspaces;
  • Phishing Incident Response, a near real-time monitoring, expert analysis, and rapid response to the email-based threats that reach your end-users inboxes;

If you are interested to find out more about how Amatas can secure your organization's data, make sure you contact us.

Ralitsa Kosturska in AMATAS