Digital security
Your preparation to deal with cyberattacks is essential to reducing the impact of a successful incident, even in home and small business environments.
October 9, 2023
•
,
3 minutes. read
Cybersecurity Awareness Month (CSAM) is upon us again. A bit like European Cybersecurity Month (ECSM), this important initiative aims to raise awareness of the risks associated with the digital world we live in and, hopefully, initiate behavioral changes.
The CSAM theme for 2023 is very close to the message of last year’s edition of the campaign – strong and unique passwordsallowing two-factor authentication (2FA) and the need to be on the lookout for phishing attacks. The fourth pillar for 2023 is to update software on devices to ensure the latest security patches prevent cybercriminals from exploiting known vulnerabilities.
These four pillars remain a constant message that cybersecurity leaders continually convey throughout the year, not just during CSAM. Assuming that by reading this you probably already know and appreciate the messages mentioned above and in the 2023 campaign. Additionally, I suggest taking another pillar and giving it a very specific focus.
By not preparing, you are preparing to fail
We often hear cybersecurity professionals say, “it’s not if you get hacked, it’s when.” This fait accompli is an acceptance that you must prepare for the worst, because an incident will occur at some point and your preparation has the potential to minimize the impact of the incident.
Whether you are a small business, individual or family, there are some basic preparatory steps you can take:
- Back up data regularly: insist on importance of regular data backups to prevent data loss in the event of attacks or hardware failures. If possible, use local and cloud-based backups for redundancy and test these backups regularly.
- Educate your colleagues and family members: let them know about the latest threats, even if it’s as simple as mentioning a well-crafted phishing email you spotted this week. And make sure they know how to respond in the event of an incident.
- Define an incident response plan: The plan should outline how to respond to a cybersecurity incident, who to contact, and the steps needed to mitigate and recover from an attack. Even if it’s as simple as “call a parent or the family reference technician.”
- Stay informed: Check the cybersecurity news category in news apps at least once a week. If there’s one thing to remember, it’s knowing when devices need patches. The cybersecurity industry frequently releases content when there is an urgent need to update software.
- Discuss suspicious activities: Encourage everyone to discuss suspicious activities or security incidents. The UK has a sign on the London Underground that says “See, Tell, Sort” – adopting this within the family unit or small business prevents an incident from being hidden until it becomes a minor problem.
- Don’t leave any device behind: Large companies typically catalog their assets and manage them on an ongoing basis. Understanding where all devices are in your home or business will help you keep them up to date.
- Monitor accounts and access regularly. Any connection from a device using a service you subscribe to should also be investigated. This could mean your password and personal information have been breached.
- Have the (physical) contact details of all financial accounts, phone carriers, internet service provider, etc. handy. If an incident occursyou may need to contact some of these companies to have cards blocked, SIM cards deactivated, or other mitigation activities to stop further abuse.
Large companies have well-defined cyber resilience plans and incident policies to minimize disruption and loss of business and reputation. This is just as important at home as it is in small businesses; if you can minimize the impact, stress levels will be kept under control.