Celebrating cyberscariness month

cyber scariness 2

Celebrating cyberscariness month

October is not only Cybersecurity Awareness Month; it ends with Halloween. So I worked with some folks at Globalscape to come up with a set of Cybersecurity Awareness Month tips.

We decided to go with a Halloween theme -- something like “October is a month of zombies and ghosts and all manner of scary monsters, so it's the right time to focus on what we need to do to stay safe.” (Just rolls off the tongue, right?) So to help you celebrate (and enjoy more treats than tricks), we're offering some of our best tips -- dressed up in Halloween style -- to help you keep your networks and your data safe and secure.

lion dog

Checking it twice

This phrase is more often associated with another popular holiday. However, phishing schemes often dress up as email that looks like it came from someone you know, but on closer inspection might contain clues that suggest it's a trick.

The key here is to double check suspicious email, keeping an eye out for anything unusual. If you can’t tell the difference between BOO and B00, you could be in for a fright.

monster classroom joe goldberg

Be scare aware

Security training and awareness is important to keeping staff vigilant and aware of their responsibilities, especially while handling sensitive information. Training programs should be up-to-date and every employee (all the way up to the CEO) should be educated periodically on company policy. Many organizations require that security training be completed at least once a year.


To err is human

We all make mistakes. So, whenever possible, your organization should invest in systems that use automation to add constraints to the handling of sensitive information and minimize the risk of a data breach due to human error.

Making it harder to do something when it might involve a risk is a good thing.

pumpkin head

Don't turn into a pumpkin

What was state-of-the-art security software yesterday may be obsolete tomorrow. Don't drop your guard.

Keep your security tools up-to-date. Run patches when they become available. Be careful not to use unsanctioned applications out of convenience. Hackers are very good at exploiting vulnerabilities as soon as they are discovered.

once bitten erich ferdinand

Once bitten

Ransomware is a growing scourge that has infected businesses of every size and type, locking up valuable information and shutting down critical systems with the promise of release only for a high price.

Prevention is the best protection against ransomware, but have a plan B in case you are victimized. One good strategy is to have good backup practices in place, and to periocially test that the files on those backups are usable. 

backups juhan sonin

They won't get your back up if you backup

Back up your systems daily and archive critical files offline. Having clean reliable copies and practiced restoration plans may help you to weather ransomware storms along with many other kinds of attacks and mistakes.

rules exile on ontario st

Follow your own rules

Bending the rules weakens your security posture. Always follow the rules -- even your own. Every rule you bend puts a strain on your security posture.

If your security policies have been well-thoughtout, the constraints are there for a reason. If they don't work, challenge the rules; don't break them.


Which witch is which?

Enforce good authentication practices. Wherever practical, implement multi-factor authentication. Traditional forms of security are losing ground to advanced threats. Toughen your authentication requirements to stay ahead of the threats.

halloween at lowes

Create a security culture

Make security part of the way your organization thinks. It's not just the cyber experts who need to think security. Social engineering takes advantage of people's instinct to trust. Get everyone thinking about the ways someone might try to trick them into giving up sensitive data.

monster face mick rhodes

Be afraid

Take cyberthreats very seriously. They can be extremely costly, sometimes causing serious damage to your organization's reputation and sometimes resulting in loss of business.

Routinely scan your systems for vulnerabilities. Look into intrusion detection tools to help you quickly identify breaches. And be on the lookout for any indications that systems are not working properly.

teamwork kenny louie

Encourage teamwork

Get people working together, encourage the reporting of suspicious events, and reward your staff for participating in overall security.

Periodic reminders to staff of what is expected of them and clear instructions on how to report suspicious activity can go a long way toward preparing employees to respond with caution to possible threats.

skulls dean hochman

Bare bones

Don't forget that the basic elements of security are as vital as ever -- good passwords, locked doors, and people paying attention.

pumpkin bear valerie

If you don’t expect it… suspect it!

Peter Merkulov, vice president of product strategy and technology alliances at Globalscape, offers this one last piece of advice to keep you on your toes. "If you don't expect it ... suspect it!"


Be prepared

This rule is not just for boy scouts. For my last bit of advice, as a long-time Unix sysadmin and cybersecurity advocate, I would like to remind you to never stop preparing.

The boogeyman is coming. In fact, he's probably at your door right now repeatedly trying to break in. Never stop looking for the holes in your systems and your practices that might allow breaches to occur.


Have a happy Halloween and a smart Cybersecurity Awareness Month

And we all wish you a Happy Halloween and a productive observance of Cybersecurity Awareness Month!