In honor of Cybersecurity Awareness Month last October, we compiled a master list of cybersecurity advice contributed to us by our customers. The master list, presented below, has been divided into four categories: Software & Systems, Practices & Policies, Training & End User Activities, and Strategy & Approach.
To mark Cybersecurity Awareness Month which takes place each October, for last month’s poll question we asked you to share your BEST cybersecurity advice.
There were many great responses, and as promised we have compiled everything into a Master List of Cybersecurity Advice created by YOU, the incredible Devolutions community!
To make the list as useful and accessible as possible, we have organized your advice into four categories:
Table of Contents
- Cybersecurity Advice About Software & Systems
- Cybersecurity Advice About Practices & Policies
- Cybersecurity Advice About Training & End User Activities
- Cybersecurity Advice About Strategy & Approach
- Use It & Share It
- And the Winners Are…
- Did We Miss Anything?
Cybersecurity Advice About Software & Systems
- A good, well-managed SIEM is essential for visibility. Without knowing what's happening in your environment in near real-time, security is little more than a high-stakes game of pin the tail on the donkey.
- Work with virtual systems — no local applications
- Use a good endpoint detection and response (EDR) solution.
- Use a good anti-virus solution.
- Use a good anti-spam solution.
- Use Remote Desktop Manager.
- Stay updated. It's not just the operating system that should be kept up to date. Antivirus software and other popular applications should also be kept up-to-date, along with router/Wi-Fi.
Cybersecurity Advice About Practices & Policies
- Use multi-factor authentication (MFA).
- Backup, backup, and backup!
- Block dark web IP addresses from LAN and WAN.
- Implement URL and content filtering.
- Have a plan that includes specific objectives and measurable, auditable outcomes.
- Always use zero trust architecture (i.e., “trust, but verify”).
- Use the principle of least privilege (POLP).
- Uninstall unnecessary/unused apps.
- Lockdown routers.
- Read privacy policies and understand how your data will be used (because it will).
Cybersecurity Advice About Training & End User Activities
- Educate users and test awareness and compliance. The greatest security threats are caused by human handling.
- Don't use the same password in multiple places; use longer secrets (e.g., 15 bits). Special characters + letters + numbers are recommended.
- Don't answer those questions on social media about your first car or your first pet... they're just mining to get the answers to your security questions to steal your identity/credit cards, etc.
- Be wary of the unexpected solicitation, especially anything pressuring you to act immediately.
- Every digital notification one receives should be mistrusted. Whether that being an email, message, or popup, every notification could be a potential threat.
- Proofread any link before clicking it
- Avoid visiting unknown websites.
- Never download software from untrusted sources.
- Never ever click blindly on any links or open attachments. "If it seems too good to be true, it probably is" should be in everyone's mind.
- When considering an action, ask yourself if you'd advise your grandmother to do it (Hahahah! We love this one, Rick Hensley!).
Cybersecurity Advice About Strategy & Approach
- It's not just up to the InfoSec team to protect your company. It's up to everyone!
- Security should enable people to work smarter, not harder!
- Listen to your "users" before preaching the ways of security. Once you understand what they do and how, you will be able to guide them to the path of security.
- Presume that a breach has happened vs. wait for it to happen.
- Vigilance is key. Always be alert and don't just rely on existing precautions that are already in place.
Use It & Share It
We encourage you to use this Master List to guide your Cybersecurity Roadmap in 2023. Perhaps your company is already checking some essential boxes (such as MFA and backups), but there are other areas where you can strengthen your profile (such as providing more/better end-user training, and implementing zero trust and POLP).
We also invite you to share this Master List with non-IT executives and decision-makers in your company, who may believe that everything is fine as far as cybersecurity goes simply because there hasn’t been a (major) breach yet. As the old saying goes, this is like “whistling past the graveyard.” It only takes a single breach to incur 5, 6, or even 7-figure costs. And to make things worse, smaller is not safer. On the contrary, hackers are regularly targeting SMBs to exploit weaker — and in some cases virtually non-existent — defenses.
And the Winners Are…
In keeping with our monthly poll custom, we have randomly selected two participants to each win a $25 Amazon gift card! Congratulations to Nicolai Pedersen and Matt Markley, our October poll winners! Please email [email protected] to claim your prize.
Did We Miss Anything?
Is there anything else that you think we should add to the Master List of Cybersecurity Advice? Please comment below, and we will update it accordingly.