Cybersecurity Month: 10 Recommended Activities

October is Cybersecurity Awareness Month. Launched in 2004 by the Department of Homeland Security and the National Cyber Security Alliance, the annual event is now marked in numerous countries around the world as an opportunity to inform the public about the importance of strong cybersecurity practices.

To help you make the most of Cybersecurity Awareness Month in your company, we have put together 10 recommended activities (some of which you may have already done — if so, give yourself a pat on the back for being proactive!).

1. If you are looking to implement a PAM solution, or if you are not satisfied with your current solution, then this is an ideal time to do some research to find the best-fit solution for your company and infrastructure. For guidance, read our white paper “Top 6 Features SMBs Should Look for in a Privileged Access Management Solution.”

2. Conduct a full review to determine who has access to what — and even more importantly, if they actually require that access level. Enforce the principle of least privilege: end users should only have the access they need to perform their normal day-to-day tasks — no less and (especially) no more.

3. Make sure that all software is updated. As a best practice, we recommend putting remote devices on a standard image, and activating automatic updates for all apps and programs (especially security software).

4. Identify and prioritize the most critical IT security training needs in your company. For example, your end users may be well-trained when it comes to password selection and sharing, but they could be vulnerable to phishing. To determine this, run a simulated phishing attack. You may be surprised at the results: 14% of employees at a global insurance company fell victim to a simulated phishing attack.

5. Increase your backup frequency. Due to ransomware, only backing up data once a night is no longer sufficient. All data sets should be protected multiple times per day.

6. Determine if you need to define or redefine your company’s IT security objectives. Indeed, many organizations focus entirely on end user vigilance, but neglect to confirm that objectives are fully understood — or even known in the first place.

7. Analyze your organization’s attack surface as it relates to remote workers. Are there any gaps and vulnerabilities that need to be fortified? We strongly recommend implementing a Gateway solution to provide just-in-time access to resources in segmented networks. This is much more secure than using a VPN, and far easier to manage (VPNs are notoriously difficult and time consuming to deploy, and they can significantly degrade end user experience!). For more insights and advice in this area, check out this Use Case.

8. Start creating your IT Security Roadmap for 2023. What projects and priorities do you want to address next year? Remember: the key to getting decision-makers on board with your recommendations is by clearly explaining that the cost of strong IT security is a fraction of the cost of a major data breach. Consider these chilling statistics: the average cost of a data breach has climbed to $4.24 million, which is the highest average ever recorded. And the average ransomware payment has skyrocketed to $170,704 per incident. For additional advice, check out the article “IT Pros - 5 Reasons to Help You Convince Your Boss to Invest in Strong IT Security.”

9. Enable multi-factor authentication (MFA). Yes, we know that the vast majority of you have already done this — and you wouldn’t dream of allowing end users to rely entirely on passwords. After all, more than 80% of breaches involve the use of lost or stolen credentials, or are enabled by a brute force attack. While MFA isn’t bulletproof, it’s definitely a must-have. If your company hasn’t yet implemented MFA, then make this your number one priority.

And last but not least…

10. Save some time to dive into the Devolutions State of IT Security in SMBs in 2022-23 Survey Report, which will be available this month! The Report is full of relevant and timely observations and insights, and provides targeted recommendations for strengthening IT security. We will be publishing an update soon — stay tuned!