Happy National Cybersecurity Awareness Month! Since 2003, each October has been dedicated to raising awareness about the importance of cybersecurity. It’s an effort that was started by the U.S. Department of Homeland Security and the National Cyber Security Alliance—and just last week, President Biden has proclaimed October 2021 as Cybersecurity Awareness Month.
If there’s anything we’ve learned this year, it’s that anyone can be a hacker’s next target. We’ve seen attacks against hospitals, fuel pipelines, food suppliers, supply chain vendors—the list goes on and on.
While cybersecurity holds a certain significance during the month of October, we believe it’s a year-round initiative that should always be evolving and maturing. So in the spirit of Cybersecurity Awareness Month, we’re sharing these critical tips to help you take your security hygiene and cyber knowledge up a notch this month and beyond.
1. Cybersecurity Shouldn’t Stop at Prevention
The most fatal mistake we see is when businesses focus only on preventive security measures. These technologies (firewalls, antivirus, etc.) are designed to defend the perimeter and block attackers from gaining access. And while they’re important, prevention shouldn’t be the only line of defense.
What happens when a hacker does slip past these outer layers? How long will they dwell in your environment, and at what point will they deploy ransomware or fully encrypt your systems?
Detection and response are crucial to keeping businesses and their data safe from attackers. In today’s world, security no longer lives within the office walls. Security lives at every endpoint—which means the ability to detect threats is just as important as putting those protective barriers in place.
The sooner we can detect and appropriately identify malicious behavior, the sooner we can move into response and roll out a recovery plan to return to normal. This also means having an incident response and backup plan. Every business should be preparing for the worst, not just trying to prevent it.
2. Don’t Trust Candy (Or Links) From Strangers
This is a real-world lesson that can also keep you safe online. Phishing is a hacker favorite because it’s all too easy for them to disguise malicious links, hide behind fake email addresses, or trick users into giving up personal or confidential information.
The best defense here is knowing what to look out for and being wary of anything out of the ordinary. Users should always verify that an email is legitimate before opening an attachment or responding with their information. You can also get in the habit of taking an extra moment to think and hover over a link before you click on it. And, if you do see some glaring red flags or anything suspicious, you should always take action and report it.
Recommended Reading: Here are more tips from CISA on how to avoid social engineering attacks.
3. Become a Master of the Basics
There’s a reason the foundation is poured before the house gets built. A stable foundation influences everything that’s built on top or around it—and the same is true in cybersecurity. In order to master the more advanced, you have to first master the basics. As boring as the basics may seem, when done wrong, that’s typically a hacker’s free ticket in.
Here are some of the security fundamentals that you should always be thinking about and mastering.
Patch, Patch, Patch
Keeping your software up-to-date is a primary security principle, but not many businesses realize the importance of patching (and patching right away). Patches are released in order to correct vulnerabilities or errors in the software you use. The longer those vulnerabilities go unaddressed, the more susceptible and exposed you are to a potential cyberattack. With a quick test and a simple install, patching helps ensure that software and applications continue to run smoothly and be as secure as possible.
Use Strong Passwords
Your passwords are the first barrier between you and your personal information. Attackers have a few tricks up their sleeves to help guess or “crack” passwords—so strong and unique passwords are a must. Try out different combinations of words, numbers, symbols, etc.—and use different passwords for different programs (if you need to, get a password management tool to help you keep track of all your passwords in a safe and secure location).
We simply can’t live without passwords today, but the truth is that using passwords alone isn’t that secure… which brings us to our next cybersecurity basic.
Enable Multi-Factor Authentication
Multi-factor authentication (MFA) is a security system that requires two or more methods of authentication to verify a user’s identity. Not only is MFA a simple and effective security measure, it makes stealing your information harder for the average criminal. MFA is worth the extra few seconds because it can prevent most threat actors from easily gaining initial access to your environment, even if your credentials have been compromised.
In short, MFA should be like Frank’s RedHot sauce—put that sh*t on everything.
4. Learn To Think Like a Hacker
There are two key components to learning to think like a hacker. The first is getting familiar with their various tactics, techniques and procedures. Read up on new research, stay up-to-date on the latest tradecraft, follow a few security researchers on Twitter. Doing small activities like this can help you better understand how attackers operate—and in return, you’ll know exactly how they use their skills against you and what to look out for.
The second component is looking at your own systems through the eyes of an attacker. Hacking is all about exploiting vulnerabilities. A large number of vulnerabilities and issues are not as complex as you might think—oftentimes they’re a result of misconfigurations or rushed jobs. So, look at everything you have in place and ask yourself, “how could I break this or bypass this?” If you can find those weaknesses before a real hacker does, you can patch it up and save yourself a really bad day.
One of the best ways to embrace the attacker mindset is to participate in hacking competitions, capture the flag games or security-specific training events. Here at Huntress, we actually host our own training event called hack_it! You can catch the on-demand version of our most recent event here.
• • •
As I mentioned before, cybersecurity isn’t just for the month of October; it should be at the forefront of your every decision. With these quick tips, you can help raise cybersecurity awareness and better prepare for and respond to today’s cyber threats—no matter the time of year.