Perhaps you already knew this, perhaps you didn't. Either way, the purpose is to bring attention to a topic that should always be "top of mind".
Personally and professionally our lives have never been more cyber-connected. All our professional and personal records, information, and history, be it legal, military, healthcare, and pretty much anything you can think of that has been scanned or recorded is somewhere online in some database. Doesn't matter if you like it or not, approve or not...it's there, and out of your control - for the most part.
So what now? Does this mean we just throw our hands up and say there's nothing we can do? Nope! You can do quite a bit actually.
Personally
Educate yourself on what security options there are for the platforms, applications, and systems / devices you use. One key thing I tell people to do is use multi factor authentication (MFA) whenever and where ever possible. Did you know the simple act of enabling MFA for Facebook keeps people from hacking your FB account? Same with Google, GoDaddy, and Microsoft. I believe every email provider has an option to enable this. I personally think it should be mandatory...but what do I know.
Another thing you can do is to utilize a password manager. I prefer LastPass, but there are others. Whatever you do...don't keep using the same password for every account you have. And don't just change the number(s) at the end of a password to coincide with the month you made the change. Don't be predictable! The beauty of password managers is that you only have to remember the primary password to the application...and that is it. Let the password manager handle the rest.
If you did just those two things mentioned above...you'd greatly improve your cybersecurity stance and reduce the likelihood of your information being compromised. At least that which you have control over. As for those companies and organizations who have your data in their possession, ask them how they're protecting you and your data. If they don't have MFA for you to access your data then you need to push them for it or see about moving your information to another provider. Or get yourself a good lawyer to go after them when they have a breach and your information is compromised.
Professionally
During October, your organization should have some sort of cybersecurity campaign launched to increase awareness and knowledge on topics relevant to information technology use – at work and at home. The campaign content should highlight a different theme each week, maybe something like:
- Week One: You and the threat to business operations.
- Week Two: You and the threat in the office.
- Week Three: You and the threat outside (remote) the office.
- Week Four: The threat beyond you.
As businesses continue to invest in information technologies to build competitive advantages, only a total commitment cybersecurity effort is capable of protecting whatever advantage you have or hope to have. We're all familiar with TEAM - together everyone achieves more. How about
I highly encourage you and your team to visit the Department of Homeland Security, Cybersecurity and Infrastructure Security Agency website: https://www.cisa.gov/cybersecurity-awareness-month for access to a wide range of cybersecurity awareness resources launched in observance of Cybersecurity Awareness Month.
