October is a time of changing leaves, fresh apples, and children on a sugar-rush begging for candy door-to-door. It is also a great time to do a quick check-up of your cybersecurity posture.
- Ditch Windows 7 and check all other operating systems to ensure they are still supported.
And running Windows XP is just plain scary! Go ahead and update to Windows 10 version 1903.
- Encrypt phones, computers, backups, and external drives.
But also see # 10, forgetting to lock your computer is like forgetting to give out candy on Halloween – you risk getting pranked…or worse!
- Change the passwords on your IoT devices.
Don’t use the factory defaults or common passwords. Strong passwords or passphrases are a great first line of defense to ghosts, ghouls, goblins, and hackers.
- Review your vendor contracts.
Talk about scary! Wading through pages of agreements is no one’s idea of a treat, but ensuring you know the responsibilities and expectations of you and your vendors is important. Take a look at NC ethics opinion 2011-FEO-6 for some ideas.
- Check out the FTC’s Cybersecurity for Small Business resources.
They are free and informative – no tricks here!
- Review and revise your Office Equipment Disposal Policy.
Or create one if you have not yet formally done so.
- Who ya gonna call?
Your incident response manager, IT person/contractor, internet service provider, vendors, and cyber insurance contact are all good numbers to have handy.
- Check for breached credentials at Have I Been Pwned?
While you are there, take a look at the most recent statistics on collections of breached credentials.
- Watch a scary movie.
Not Friday the 13th though. Check out some of the employee training videos at places like Ninjio, Proofpoint Security, KnowBe4, SecurityMentor, and more!
- Walk around the office.
This is not a time to trick-or-treat, although a bit of candy corn would not go amiss! Are any computers logged in without a user nearby? Are passwords written down and taped to monitors, keyboards, etc.? Are monitors, files, servers, etc. in public areas or easily seen or accessed from public areas?
If you take it a little at a time, becoming more cyber-secure may not be so scary of a process after all!