Tips on resources and best practices for Cybersecurity Awareness Month

Here are some insights for businesses during Cybersecurity Awareness Month from cloud talent creation firm Revolent.

October 2022 rings in the 18^th annual Cybersecurity Awareness Month. Information technology and especially the internet have changed a great deal since then. Unfortunately, the threats and mechanics of cyberattacks have also evolved. According to Forbes, just 41% of executives believe their security initiatives have kept pace with digital transformation processes.

This Cybersecurity Awareness Month, Anthony Cummings, IT Services Director at Revolent, shares his insights on cybersecurity including practical tips and preventative measures for businesses to implement to keep their organization and its assets safe in 2022 and beyond.

Why does cybersecurity matter?

The point of cybersecurity is ultimately to “protect the crown jewels of the business”, says Cummings. This will vary from business to business, of course. For some the central asset will be data, while for others it might intellectual property. Strong cybersecurity is a means of ensuring a business continues to function as intended, and of keeping a keen competitive edge.

What to look out for

When it comes to the most common threats like ransomware and financial or operational threats, “the greatest risk is generally individuals”, according to Cummings. Phishing attacks will seek to gain access to information or resources and then lock your files, for example. Key targets here are things like end user accounts and compromised devices. Once they’ve gained access, attacks will tend to then move laterally in your network – which can result in a real PR disaster when clients or partners discover an attack originated in your business.

Best practices to keep your business safe

The first port of call here is to review all current security controls. Gauge your system against a reliable cybersecurity framework like that offered by the National Institute of Standards and Technology (NIST). It’s also worth pursuing a security certification like Cyber Essentials Plus which will help you identify the threat landscape within your business. Antivirus software is important of course, and for smaller businesses, it can be worth considering outsourcing cybersecurity to an established security operations center.

More broadly, some quick wins when it comes to cybersecurity focus around the idea of “hardening the end points” as Cummings describes it. This includes measures like implementing multi-factor authentication for everyone in your organization, staying on top of patch management to make sure devices are patched on a regular basis, and restricting access to key IT services to corporate devices and profiles.

Identify, protect, detect, respond!