It’s October! Time for pumpkins, candy corn and National Cybersecurity Awareness Month (NCSAM). This year’s theme: “Do Your Part. #BeCyberSmart.”
It’s a good message, even for longtime security practitioners, because “doing your part” means helping ensure the security of everyone else: by being a reliable steward of data and protecting the corner of cyberspace you’ve been entrusted with. And it’s fundamental. There will always be new, sophisticated, “cutting edge” attacks; however, the majority of security breakdowns are with the basics.
In this spirit, we share three practical things that both individuals and organizations can do to be “cyber smart”.
Organizations large and small can raise cybersecurity awareness by deploying programs and solutions that benefit their entire user population.
Passwordless – Though I’ve always felt that passwords are a bit maligned, there’s no denying that users don’t like the experience of creating them, remembering them or interrupting their workflow to enter them. Fortunately, advances in technology have finally enabled viable alternatives to the traditional username/password pair for many organizations. If you’ve been holding off on passwordless, now’s a good time to take a look at options. Whether your company moves toward a password reduction program by using Fast Identity Online (FIDO) to access native biometric support on a smart device or conditional access to evaluate user state before granting connection to a sensitive data store—one thing’s for sure: users can stop using sticky notes without sacrificing security.
3-2-1 Backups – Most enterprises are onboard with backups, but some still haven’t adopted the “3-2-1” approach: 3 total backups, 2 accessible locally in different formats and 1 offsite. The formats can include detachable drives, attached SAN or NAS, and cloud. If three copies feels like overkill, don’t panic, it’s not as complicated as it sounds. If the entire organization is collaborating in the cloud, chances are you’ve got local and cloud backups already. Add in an offsite for extra resilience and you’re in the 3-2-1 zone!
Dedicated Devices – Distributed compute and the cloud mean that the days of an administrator being physically close to the systems they’re managing are gone. However, with all of the benefits of distributed systems there are some challenges to address, especially in the domain of remote administration (RA). With a bit of planning, organizations can greatly reduce the exposure of RA by designating dedicated RA servers that are hardened and run a small, trusted set of applications. These RA servers, sometimes called Privileged Access Workstations (PAWs), are the only systems approved for remote administrative access to critical servers, raising the security bar significantly on attackers seeking access to high-value systems.
Just like organizations can take these three simple steps, so too can users to address the same challenges.
Password Wallets – While passwordless is catching up with widespread availability in the consumer market, most of us still have quite a lot of passwords to juggle in our personal lives. But that doesn’t mean we should give up on strong password hygiene! Password wallets provide the perfect interim solution, allowing users to store unique, pseudo-random passwords for every account, eliminating the risk of password re-use. Advanced wallets can overlay websites to autofill login information and offer support for multi-factor authentication and one-time codes. And most wallets can be synced and installed across multiple devices so your passwords are always there.
At Least One Backup – The organizational “3-2-1” approach may be more than home users need, but that doesn’t mean you shouldn’t utilize at least one backup, even for your home devices. Again, cloud can be a big help here, with many OS vendors offering integrated options and a wide variety of third parties with storage tiers for small backups starting at low or no cost. USB drives are another great option for home users, especially with integrated backup solutions like Time Machine (MacOS) and File History (Windows).
Work vs. School Devices – The pandemic sent many students into homeschool environments, pressing some BYOD machines into double duty as workplace systems and remote schoolrooms. While purchasing a dedicated purpose machine for every member of your family may not be financially feasible, there are ways to improve separation between work and school. Having shared school or home vs. work machines is a start. If that’s not possible, consider setting up different accounts for each user. And as more companies are saving money by giving up office space, it’s worth asking your employer if they’ll purchase a laptop that you can dedicate exclusively to your job.
Cybersecurity starts with all of us, whether you’re securing your workplace or your home devices. Hopefully these tips inspired you to take a closer look at a few ways you can improve and secure your cyber-life.