Cybersecurity Monthly: Tips Roundup for May 2021
Welcome back to our series, Cybersecurity Monthly, where we’ll be presenting you a round-up of updates from one of Impact’s cybersecurity experts.
You’ll learn about trends and strategies for SMB security and how you can improve your organization’s approach to ensuring the best cybersecurity practices.
Take a look!
Slow and Steady Wins the Race
Everything we do has to be processed with two goals: service availability and deliver secure products.
We are moving at the speed of Moore’s Law. We have the “need” to implement new technology and services as a first to market.
How about we are first to market in a secure manner? Are we exercising due diligence? Checked everything we can and correctly the first time?
I always told my charges, if you have time to do things over, you had time to do them right. I understand the whole model of getting it out the door, make money, then make improvements. With the risk profiles that are out there, this method should no longer be acceptable in cybersecurity.
Don’t get me wrong, I enjoy the job security I have. Most of my time is spent making sure the basic foundations in security are implemented first, crawl phase.
Then move to the walk phase, which would be documenting and measuring.
The run phase is where the true experts come to play, improving based on needs, automation, advanced testing, and bliss (Note: this is a personal view and results may differ on an individual basis).
If you are making, due diligence is our best friend. If you are implementing, slow and steady wins the race.
Learning to Prioritize
What are you protecting? Have you defined the level of protection you need? Have you conducted a risk assessment to help prioritize your resources?
These are things that are necessary to build a business case for an adequate level of security.
Not all things need Fort Knox-level security; some require presidential-level security, while others require a combination lock (three disks). Using risk management maximizes resources where required while still identifying risks, processes, and gaps.
Learning from ISACA really reset my focus on risk assessments, frameworks, measuring risk, and communicating the value of risk mitigation.
There is one component I am guilty of omitting—the third axis. Most risk assessments focus on the level of consequence and probability. What was missing from my previous risk assessments, the occurrences per year, and the value of each occurrence.
Two things that we should focus on reducing, the level of consequence and the occurrence.
Think About Your Passwords
May is home to many special days, like Cinco de Mayo and of course Star Wars Day! Most importantly for us in cybersecurity, however, is Password Day.
What is Password Day? It is a reminder not only for all internet users to check and change their passwords, but it is also a reminder for admins to go and check their global password policy on their enterprise.
Let’s also change the use from password to passphrase! Even the Cave of Wonders required the use of a passphrase.
Using a passphrase would be easier to create a 16-character string that contains UPPER and lowercase letters, numbers, and special characters.
Let’s also consider the lifecycle of the passphrase, 90 days seems to be the standard to have users change their passwords, or passphrase, which causes fatigue since they need one for a dozen or more platforms. That is a lot of credentials to maintain.
Help your end-users out, get them a password or credential manager to help them manage those passphrases and not reuse them across different platforms.
One of the leading factors of account compromise is password reuse. Help stop that practice.
Organizations need to create a list of forbidden words to be used in passphrases. This list should include seasons, organizational names, project names, and years!
That’s all for this month’s cybersecurity monthly. To learn more about cybersecurity, check out this video with an actionable cybersecurity tip, What Is the Definition of Multi-Factor Authentication? | Buzzwords