Cybersecurity has become increasingly important in today’s fast-paced, dynamic working life. Criminals are becoming more resilient, threats are more sophisticated, and environments are certainly more complex. As a result, clients are turning to MSPs, and non-tech savvy employees are turning to IT departments to keep them informed and protected from the latest risks. This cybersecurity month – here’s what you need to know.
How did National Cybersecurity Month originate?
National Cybersecurity Awareness Month was launched in 2004 by the National Cybersecurity Alliance and the Department of Homeland Security in the United States. Now in its 18th year, the goal of the program is to ensure that people remain aware of cybercrime in all its changing forms, and that they have access to the resources they need to remain protected.
The overarching theme of the month is “Do your part: #BeCyberSmart” and it emphasizes that we all have a role to play in ensuring cybersecurity is baked into the work that we do. Whether you’re a tech employee yourself, if you’re newly digital thanks to working from home, and all the way through to staff who rarely use technology and simply log on to check emails – we all have some responsibility to take.
If you’re working to raise cybersecurity awareness in your company or with your MSP clients – don’t forget to use the hashtag and share on social! You never know who might see it and make a change.
The four themes of this year’s National Cybersecurity Month
Each year, the month is delineated into segments, with each given a sub-theme that can be focused on in your outreach and efforts. Let’s look at them one by one, including some resources you can use for your own security awareness program.
Be Cyber Smart
The first theme is about general cybersecurity hygiene, and while this might feel obvious to you – remember your customers or your non-technical staff don’t have the same experience that you do! It’s always worthwhile to provide a recap of the basic security guidelines that are low-hanging fruit to an attacker, such as changing passwords regularly, using multi-factor authentication and backing up your work.
This is even more important when employees are working from home. Home environments aren’t managed as tightly as work environments, and items as simple as changing the default router password, sharing files safely via Zoom, or ensuring you don’t download malicious files when you’re outside work hours browsing on the Home network, can become real issues that open a whole business up to risk.
Fight the Phish!
Phishing is still the most popular way for cybercriminals to launch malware and ransomware attacks, so it’s no surprise that this has its own week of education and awareness for 2021. If you feel like a broken record giving advice like “Don’t click on links”, here’s some more practical advice you can offer to your customers:
- Be extra cautious around unknown senders and attachments.
- Use a sandbox environment to scan attachments before opening.
- Look out for grammatical mistakes and spelling errors – often signs of a scam.
- Use the hover function to check the URL of the link you’re being sent. Is it the same as the email URL? If not – don’t click.
- Retype the link address into your browser instead of clicking directly or copying and pasting.
- Never provide financial details or passwords via email, even if you’re sure of who you’re corresponding with.
Remember, you can’t fix what you don’t know about! Encourage staff to come forward if they think they’ve made a mistake by implementing a zero-blame policy for items like clicking on unsafe links, installing unapproved software, and more.
Explore. Experience. Share
This theme is all about learning from people who have ‘been there, done that’ and have the experience under their belts to help you improve your own security posture. At Atera, we know that MSPs are being increasingly called on to consult and navigate difficult security-related decisions, and we recently hosted a Cybersecurity deep-dive webinar where we heard from 4 experts in their field.
Lital Badash, Senior Cloud Solution Architect for Cybersecurity at Microsoft spoke to us about how the future of security is on the cloud through third-party vendors and solutions, and Kim Basset, CTO and founder of Jetty IT Solutions outlined how to approach auditing your customers’ environments with security in mind. You can find a recap of the webinar, or watch the full event here – an opportunity to stand on the shoulders of giants and put your best foot forward with security for 2022!
Cybersecurity First
The final theme for 2021 is Cybersecurity first, which we interpret as not treating security as an add-on for your service, but ensuring it’s a continuous and integral part of everything that you provide. For example, don’t tack on security as a final hurdle in getting code deployed and out the door, ensure that your developers treat security as part of the process from the earliest stages, at the build. Think about how you’re going to encourage security education when new employees join the company, not just respond reactively when someone makes a mistake.
In terms of hardware, make it part of the process to update default passwords or install agents on machines as soon as they are purchased, and make sure you have a process for scanning and monitoring so that you can spot unauthorized devices or other issues immediately.
Security should be a priority
It’s easy to feel like cybersecurity isn’t your area of expertise, especially if you started out selling hardware, or being the IT fix-it guy. However, today – cybersecurity is an expected part of being a Managed Service Provider or running an IT environment. Having the visibility and the technology that you need in place to protect your network is a core part of your work, and you’ll be in the hot seat if something falls through the gaps.
Atera bakes best practices like multi-factor authentication and automated patch management into our IT software suite, but we also partner with some of the best in the business for powerful and robust integrations. See a full list here.
