October 4, 2023
An Introduction to CIS Controls for Small Business Cybersecurity
Unsure where to start with cybersecurity? Learn the basics of the CIS Controls, a proven framework used by organizations globally to strengthen defenses.
Reading Time: minutes
As digital technology continues to evolve, so does the need for enhanced vigilance and proactive measures to protect sensitive data. While cybersecurity may seem like an impossible challenge for regular people, it’s not solely the responsibility of IT staff. Everyone has a role in keeping their organization’s information secure, not to mention their own personal data. October’s Cybersecurity Awareness Month serves as an important reminder of the many ways we can help safeguard data. Following some basic best practices can make a big difference in how secure systems remain.
Cybersecurity Awareness Month is an annual initiative held every October to promote cybersecurity education and awareness. The goal is to empower people and organizations by providing knowledge and resources to strengthen defenses against cyber threats. Beginning as a US campaign, National Cybersecurity Awareness Month, it quickly went global. The effort is led by the National Cyber Security Alliance and the Cybersecurity and Infrastructure Security Agency. It brings together government agencies, industry leaders, and cybersecurity experts with the aim of raising awareness of cyber risks and best practices.
In its 20th year, this year’s theme focuses on reflecting on cybersecurity’s progress and remaining challenges. The 2022 awareness month spotlights four key best practices: enabling multi-factor authentication, using strong passwords and a password manager, updating software, and recognizing and reporting phishing. Let’s explore these four pillars of solid cyber hygiene.
Core to Cybersecurity Awareness Month is promoting essential cyber hygiene practices. Just as we follow good habits to maintain physical health, like brushing our teeth daily, cybersecurity also requires ongoing hygiene to secure the online space. These practices provide the basis of robust cyber defense for both individuals and organizations.
Implementing multi-factor authentication adds vital security to logins. With MFA enabled, hackers generally can’t access an account even with the password. Microsoft states MFA can block 99.9% of account takeover attacks. With that level of protection, everyone should use MFA across all accounts.
While biometric authentication is growing, passwords remain critical for securing accounts. Encourage unique, strong passwords for each account. Avoid easily guessable information like birthdays. Organizations can set password rules requiring a certain strength before acceptance. For example, at least 12 characters, including upper and lowercase letters, numbers and symbols.
Outdated software constitutes vulnerabilities that criminals can exploit. Regularly update operating systems, applications and firmware to maintain the most recent security patches. Automating updates ensures they’re completed promptly. For employee devices, endpoint managers like Intune streamline updates across all company endpoints, enhancing security.
Phishing is a common vector for cyber threats. Train your team to identify phishing emails, links and attachments. Verify sender addresses and never provide sensitive data without certainty of recipient authenticity. It’s also key to educate on phishing beyond just email, like text messages and social media. Employees should report phishing so others can avoid the trap and IT can take action. Ensure staff know how to report suspicious emails.
Cybersecurity Awareness Month offers a valuable chance to refocus on cybersecurity significance and prioritize essential practices. Building a culture of cyber awareness is key for resilience. If you need assistance implementing core protections, our experts can get you started with the fundamentals. Once those basics are in place, your organization will be far more secure and productive. Contact us today to schedule a consultation.
