European Cyber Month special: 5 tips for strengthening your online security
Embrace the European Cyber Month with confidence! Cybercriminals don’t rest, but with Gatewatcher’s 5 savvy tips, you can outsmart them standing with the official #BeSmarterThanAHacker 2023 motto. Let’s make online safety a playful challenge! Here are 5 must-haves for a secure Europen Cybersecurity month.
Have your equipment up to date
The first rule of maintaining network security is to have an up-to-date set of applications/ IT equipment. Failure to address this allows cybercriminals to exploit unpatched security flaws.
The key lies in effective and early patch management:
Each piece of equipment must be updated with the latest rules recommended in particular by the ANSSI – Agence Nationale de la Sécurité des Systèmes d’Information. Regularly, recommendations are presented following alerts raised by the CERT-FR, which allows everyone to update their equipment.
Similarly, it’s crucial to monitor upcoming deadlines, such as security appliance license expirations, to prevent potential issues during that time.
With these few checks beforehand, you’ll be anticipating potential vulnerabilities. And, to view the latest and most exploited critical vulnerabilities, check out the Gatewatcher Cyber Threats Barometer.
Maintain operational SOC
Keeping your park updated and secure reduces vulnerability and ensures your SOC operates smoothly daily, even during crises or without the CISO.
Therefore, avoid any major changes during the period. It should allow you to take stock of certain points to be improved once the whole team has returned from vacation.
Forecasting requirements guarantees a functional SOC, offering defense against cyber threats. Dynamic technology like NDR identifies malicious actions, allowing automatic response and remediation.
Raise employee awarness
All the mentioned actions rely on the awareness of every employee, including managers, CISOs, and CEOs, about the heightened vigilance necessary.
Futhermore, before the manager leaves, add to your weekly briefing a reminder of the procedures to follow and the right reflexes to have in case of a potentially risky situation. The advantages? A well-coordinated team capable of maintaining business operations during crises, along with educated and proactive employees, especially in countering social engineering attacks like spear phishing.
For this, here a few essential reminders to each employee:
Connecting to a public wifi network from your office or personal computer, you’ll forget.
Disconnection, is now your mantra. Let’s limit remote work, on a personal device (less secured), even to check emails!
By connecting external devices on your PC (USB key, camera) or on free charging stations in public places, you will be wary.
All the actions for good digital hygiene, you’ll keep (password manager, session lock, encryption of removable media, antivirus analysis of attachments before opening…)
Ensure crisis management capabilities
A crisis can swiftly unfold if the aforementioned rules are disregarded. The differentiating factor lies in your adeptness to respond promptly and, most importantly, effectively. Response time stands as a pivotal element, one upon which cybercriminals capitalize to disrupt your company and accomplish their objectives. This cyber month is the perfect time to raise awareness.
First and foremost, you need to be able to identify at least one contact person in each department who can ensure a minimum availability and a first level of reaction. Thus, by establishing an operational relay, you will avoid the associated tunnel effect.
The goal is to ensure business continuity and a response, with clear, digitized and automated instructions and procedures. Remember: time is your ally during a crisis. Giving clear instructions upstream will drastically reduce the reaction time of your employees in case of a crisis.
Automating and rehearsing the procedures will allow you to have a well-functioning crisis plan and to anticipate the unexpected. Simulation training is key.
Do not forget interconnection with third-party partner networks
“Just like employees, suppliers and service providers are possible entry points for cyber attackers. The company can thus be targeted through one of them or be a collateral victim.” *
The multiplication of supply-chain attacks such as Colonial Pipeline or Sunburst-SolarWinds should lead you to increase your vigilance if your IS has EDI interconnections with third-party systems authenticated as legitimate.
A CISO or other relay person should identify the capabilities of subcontractors or suppliers in case of a problem over the summer period.
It is important to ensure a minimum presence on their side as well, and to review the data, files, shared applications and interconnection modes with stakeholders to determine what procedures to put in place to protect yourself should a major event occurs.
You now have all the best tips to a safe October Cyber Month with limited contingencies! And for more information on Cyber Month, visit the official european website.
*Guide « L’essentiel de la sécurité numérique pour les dirigeants et les dirigeantes ». N°2 Nouvelle Edition. Challenges.s, you can outsmart them standing with the official #BeSmarterThanAHacker 2023 motto. Let’s make online safety a playful challenge! Here are 5 must-haves for a secure Europen Cybersecurity month.
Author: Clara Petit @Gatewatcher