October marks Cyber Awareness Month, an important reminder that cybersecurity is everyone’s responsibility. Whether you’re at work or home, your actions can significantly reduce the risk of a cyberattack or breach. As digital threats continue to evolve, businesses and individuals must adopt strong cybersecurity practices. Here are some essential steps to protect yourself and your organization from cyberattacks.
Stay Aware and Educated
At Work: Cyber threats constantly change, with new attack vectors emerging all the time. Regular cybersecurity awareness training helps employees stay informed about the latest tactics used by cybercriminals, such as phishing and ransomware.
At Home: Make cybersecurity a family discussion. Stay up to date on the latest scams, especially those targeting individuals, such as fraudulent emails and social engineering schemes. Educate family members about identifying suspicious online behavior, such as phishing attempts or fake websites.
Use Strong, Unique Passwords, Enable MFA, or Go Passwordless
At Work: Weak or reused passwords remain one of the top ways cybercriminals gain access to systems. Ensure employees use strong, unique passwords for every account. Moreover, the practice of writing passwords on a Post-it note and tacking it to your computer is never a good idea! Implement and encourage multi-factor authentication (MFA) wherever possible to add an extra layer of protection or go passwordless with FIDO- certified Passkeys.
At Home: Use a password manager to create and store complex passwords for each of your accounts. Always enable MFA for sensitive accounts, such as banking and email. This ensures that even if a password is compromised, attackers can’t access your account without a second authentication factor. Wherever offered, leverage Passkeys which are becoming more prevalent on consumer-related sites.
Regularly Update and Patch Your Devices
At Work: Businesses need to ensure they have a full and up-to-date inventory of their assets, and that all software and systems are regularly updated. Older devices, unpatched software and firmware are common entry points for attackers. Make sure that all devices—computers, servers, industrial, IoT and mobile devices—are accounted for, kept up to date, and set automatic updates whenever possible.
At Home: Home networks often have multiple and sometimes ephemeral devices connected, from laptops to wearables or smart TVs. Each of these can be a potential entry point for hackers. Keep all devices, including IoT devices, up to date with the latest patches. For routers, ensure that firmware is regularly updated. Consider using a separate network for your smart home devices, and a guest network for when friends stop by.
Secure Your Network
At Work: A properly configured network is essential for preventing unauthorized access. Utilize firewalls, network segmentation, and intrusion detection systems to monitor and restrict traffic to only what is necessary. Employ Zero Trust principles and compensating controls to limit access to sensitive systems based on identity verification.
At Home: Ensure your home Wi-Fi network is secure by changing default router passwords and using strong encryption, such as WPA3. Avoid using public Wi-Fi for sensitive activities; if necessary, use a VPN to encrypt your connection. Additionally, disable remote management and unnecessary features that can expose your home network to cyber threats.
Implement Data Backup and Recovery Plans
At Work: Having robust data backup and recovery plans ensures your business can quickly recover from a ransomware attack or data breach. Regularly backup critical data to secure locations, and conduct tests to ensure backup integrity.
At Home: Personal data is as valuable as business data. Regularly backup important files, such as family photos or financial documents, to a secure location like an external hard drive or cloud service. This ensures you can recover data if your device is compromised or experiences a catastrophic hardware failure.
Be Cautious of Phishing Attacks
At Work: Phishing is one of the most common methods of social engineering that attackers use to gain unauthorized access to business systems. Implement email filtering solutions and train employees on how to recognize phishing emails. Encourage them to verify unexpected requests for sensitive information by directly contacting the source.
At Home: Be vigilant with emails and texts that ask for personal or financial information. Phishing attacks often come disguised as messages from legitimate companies or even friends. Always double-check the sender’s email address, and don’t click on suspicious links or attachments.
Secure Devices with Encryption
At Work: Encrypt sensitive business data to protect it from unauthorized access. Devices like laptops, mobile phones, and removable drives should use encryption to safeguard data in case they are lost or stolen. Regular key rotation and asymmetric encryption methods can also boost the efficacy of encryption.
At Home: Enable encryption on your personal devices, such as phones and computers, to protect your personal information. Many devices already have encryption features built-in—ensure they are activated.
Practice Good Cyber Hygiene
At Work: Cyber hygiene refers to the regular practices and habits that help keep your digital systems secure. This includes everything from regularly updating passwords to monitoring systems for unusual activity. Implement regular audits and threat monitoring to detect vulnerabilities early and prioritize them according to not just the CVSS score, but also the risk it poses to your business.
At Home: Adopt healthy cyber habits. Be mindful of the websites you visit and the applications you download. Only install trusted software, and keep antivirus and security solutions running. It’s easy to get complacent, but regular checks can make a big difference.
Furthermore, it’s best to not use any AV, VPN or security software that is free or has a heavily discounted price. Sometimes, these “offers” can be ploys and are a hacking method in their own right.
Develop an Incident Response Plan
At Work: No business is immune to cyber threats, so having a plan in place is crucial. An effective incident response plan outlines clear steps to take if a breach occurs, from identifying and containing the threat to notifying relevant stakeholders and regulatory bodies.
At Home: While it may seem unnecessary, consider developing a basic incident response plan for your household. Know what to do if one of your devices is compromised, such as isolating the device and changing passwords on critical accounts.
In today’s hyperconnected world, staying cyber-aware is a necessity. Whether at work or home, adopting these best practices can help protect you from becoming the next victim of a cyberattack. For businesses, investing in comprehensive cybersecurity solutions like the Armis platform is essential to safeguarding your assets and systems. For individuals, these practical steps will enhance your security posture and help keep you and your loved ones safe from digital threats.
Stay safe, stay aware, and let’s make cybersecurity a priority this October—and beyond.