Written by Doug Austin, Editor of eDiscovery Today
Tomorrow is October 1st, and the end of the month is Halloween. So, the phrase “be afraid, be very afraid” (a tagline* which came from the 1986 movie The Fly) seems very appropriate for the end of October.
But the phrase “be aware, be very aware” is appropriate for the entire month of October because it’s Cybersecurity Awareness Month!
Cybersecurity Awareness Month
Cybersecurity Awareness Month was launched by the National Cyber Security Alliance (NCSA) and the U.S. Department of Homeland Security (DHS) in October 2004 as a broad effort to help all Americans stay safer and more secure online. That’s straight from the NCSA website.
And the NCSA theme for 2021 is ‘Do Your Part. #BeCyberSmart’, helping to empower individuals and organizations to own their role in protecting their part of cyberspace.
So, how can your firm or your legal department protect your organization from cyber threats while also promoting awareness of Cybersecurity Awareness Month?
Ways to Protect Yourself Against Cyber Threats
To begin with, there are several things you can do to help protect yourself and your organization from cyber threats. Here are five of them:
- Exercise Good Password “Hygiene”: What does that mean? It means use best practices when creating and protecting passwords, like: 1) don’t share passwords with others, 2) don’t update your passwords by making a slight variation to the previous password (e.g., add a “1” to the end) and 3) don’t use the same password across multiple applications. If you protect your passwords and make it difficult for them to be discovered, they will help protect you.
- Don’t Click on a Link Unless You’re Sure It’s Legitimate: Phishing (via email) and smishing (via text) attacks (where users are tricked into clicking on a link that leads you to a site to capture your credentials) are becoming among the most common cyber attacks there are and thousands of data breaches every year start this way. Hover over a link to see if it’s the site it purports to be, and if you can’t tell for sure, check with the sender or your IT department.
- Back Up Your Data: Ransomware is another type of attack on the rise in law firms and corporate organizations which can cause them to be crippled when cyber criminals hold their data for ransom. As I mentioned back in June, ransomware attacks can even cost lives! The more current your data backups are and the better vetted your plan is for recovery, the quicker you can recover if you are hit with a ransomware attack.
- Minimize ROT Data: In addition to good password hygiene, good data hygiene is important and that includes minimizing redundant, obsolete, and trivial (ROT) data within your organization to minimize data you don’t need and (in turn) minimize your exposure. ROT data may no longer be useful to your organization, but it could be valuable to cyber criminals if not properly disposed.
- Understand Where Your Sensitive Data is Located: Finally, it’s important to leverage technology to understand where your organization’s sensitive data is located, so you can focus your efforts on protecting that data. Technology can help auto-classify Personally Identifiable Information (PII), Protected Health Information (PHI), and Payment Card Industry (PCI), and there are ways to monitor changes to data and track if sensitive data is copied to non-secure locations. Besides avoiding data breaches altogether, the next best thing you can do is address them quickly and remediate the affected data.
As for promoting awareness, the NCSA also identifies several things you can do on their “Get Involved” page, including these social media tips:
- Follow the National Cyber Security Alliance on Twitter, Facebook, YouTube and LinkedIn to receive the latest online safety news and resources.
- Post online safety tips and reminders about Cybersecurity Awareness Month on your social networks. Use the hashtag #BeCyberSmart on Facebook, Twitter, Instagram, and other social media sites.
- Download and share the NCSA sample social media posts leading up to and throughout the month on social media – download and share them all or customize them to your needs and interests!
- Blog about cybersecurity in October. Choose a topic that appeals to you or highlight one of the Cybersecurity Awareness Month calls to action. Darn it – missed it by one day! I guess I’ll need to write another cybersecurity blog post in October.
I could write a year’s worth of weekly best practices blog posts associated with cybersecurity awareness and still have plenty to write about. The cybersecurity landscape is continually changing, so you need to “be aware, be very aware” of those changes and how to protect your organization against cyber threats.
October is a great month to renew your focus on cybersecurity awareness! #BeCyberSmart!
*BTW, do you know who came up with the tagline for The Fly? It was comedic legend Mel Brooks, who was one of the main producers of the movie, a fact he deliberately kept shrouded from the public to avoid thinking the film was a comedy!
Learn more about how IPRO can help your organization reduce data to improve your cybersecurity risk.
And for more educational topics from me related to eDiscovery, cybersecurity and data privacy, feel free to follow my blog, eDiscovery Today!