Cybersecurity Awareness Month was established more than 20 years ago to provide resources to enable organizations and their employees to stay safer and more secure online. It is an opportunity to focus on four key behaviors that will help everyone stay secure throughout the year:
- Creating strong passwords and using a password manager
- Enabling multi-factor authentication
- Updating software
- Recognizing and reporting phishing attempts
Each of these key behaviors are necessary to help keep organizations, their clients, and their employees secure.
Securing Digital Assets by Regularly Installing Updates
Many organizations implement multiple layers of authentication to help prevent unauthorized access to their networks by requiring long, unique passwords and multi-factor authentication. Organizations can add an extra layer of security to further strengthen their information security framework: a patch management process. Not only do such updates install important security patches, they also provide computers and other devices with the latest features. How can organizations ensure that their network and devices are protected with the latest patches and updates?
- Implement an update protocol. Part of this protocol should be the implementation of an inventory system managed by the IT team to track devices and systems to confirm that updates and patches are applied consistently throughout the organization. As part of this process, the team would initially test each update on a small group of users to confirm that the update does not cause issues with the organization’s network and apps. After compatibility is confirmed, the update can be rolled out to the whole organization.
- Monitor for update announcements. Organizations should stay informed of upcoming updates to prepare for rollouts. Create a group email used to subscribe to automatic messages from software vendors, and schedule regular review sessions to discuss and plan for upcoming updates. If a vendor or provider does not send emails with update details, assign a team member to regularly check their website or communicate with the vendor’s account manager.
- Install all updates as soon as possible. Security updates and patches are released to fix bugs and vulnerabilities in operating systems and devices—any delay in installing updates increases risk by leaving a vulnerability unpatched. After updates are announced, there is a limited amount of time to act before hackers learn how to exploit security issues and bugs.
- Enforce updates for mobile devices that connect to the corporate network or access corporate data. Many organizations allow employees to use their personal mobile devices, also known as Bring Your Own Device (BYOD), to check work email and access data. By using a mobile device management system, organizations are able to monitor devices’ software versions to help reduce security vulnerabilities. To ensure these devices remain secure, organizations should require employees to regularly update all devices with network access. If employees do not install the most current software version on their devices, the device management system can remove their company access until the device has been updated.
- Educate employees about the dangers of delaying or ignoring device updates. Even if an employee’s device does not have direct access to company email and data, a compromised personal device could still pose a danger to an organization. For example, employees may sign into corporate email through the web portal on their mobile phones, thus opening up the organization to compromise. Train employees to set up automatic updates for their devices and all apps to increase the organization’s and employee’s security, especially prior to traveling.
Software bugs and vulnerabilities can open an organization to malware and unauthorized network access. Implementing multiple layers of security—creating strong passwords, enabling multi-factor authentication, and installing updates—helps keep an organization’s network and its confidential information secure.