Now That Cyber Awareness Month is Over, Don’t Forget These Tips and Best Practices

When it comes to cyber awareness, a lot of professionals (you, perhaps?) may assume that being “in the know” means there’s nothing left to learn. Like, “Sure there’s always new areas to cover, but the basics? Eh, we got those down-pat.” 

But in a year that brought us the MoveIT vulnerability, the Fortinet FortiOS (CVE-2022-41328), and the PaperCut NG/MF vulnerability, among so many other severe and impactful exposures, it sure seems like even the best of us could use refreshers on even the most elemental security concepts every now and then.

Cyber Awareness Tips and Best Practices 

That’s why we bring to you this massive collection of tips, best-practices and cyber security resources gathered from our in-house experts over the course of Cyber Awareness month (otherwise known as October). These are things that can apply to anyone in their career – from the newest newbies to the most veteran practitioners. Leverage these tips to help strengthen your own organizational practices and ensure cyber resilience.

And so, without further ado, here we go:

Question 1:

What’s the most important tip that has left a profound impact on your approach?

“Defense in Depth”. This means that multiple layers of security measures should be implemented to protect against threats. Even if one layer is breached, others are still in place to provide protection. This approach acknowledges that there is no one foolproof solution and emphasizes the importance of a comprehensive, multi-faceted strategy. 

Harshad Salvi, Technical Director – India & GSI

I would say implementing Multi Factor Authentication everywhere. The day I realized it has such a significant impact on account security, I went immediately to enable it on all of my online accounts. 

Yishai Shor, Senior Sales Engineer

Always verify your findings. This will save embarrassment for you, and time for the client.

Craig Boyle, Solutions Architect

Operate under the assumption that a breach has already occurred. Adopting this “Assume Breach” mindset, helps proactively put safeguards in place and continuously monitor systems, rather than merely waiting on the sidelines for a known threat to emerge.

Geremy Charbit, Customer Success Manager

Cybersecurity is very closely related to business. Some people think of it as just the price of doing business but when viewed properly, it can also help build great solutions to improve customers’ business. 

Masayuki Suzuki, Sales Engineer, Japan

Question 2:

What do you think is the most overlooked issue in cybersecurity?

Despite advancements, human error remains a significant vulnerability. This can include anything from password misuse, and falling for phishing scams, to unintentional insider threats. 

Harshad Salvi, Technical Director – India & GSI

I think users and identities are becoming more and more important in the IT ecosystem, and we are still not paying enough attention to the threat they pose to our infrastructure due to having unnecessary privileges or other misconfigurations. 

Yishai Shor, Senior Sales Engineer

Getting rid of complexity. Some people think things need to be complex, but that’s not the case. Simplify implementation of security controls where possible and always look to provide the simplest answer to security issues when identified. 

Craig Boyle, Solutions Architect

Prevention vs. detection. There is too much focus on trying to detect malicious behavior vs. continually assessing and fortifying your weaknesses. 

Chris Keller, Sales Engineer

The biggest vulnerability often isn’t technology, but the people who use it. I’ve directly observed how social engineering attacks, especially phishing, can be alarmingly effective. Also, the importance of good password hygiene, can’t be overstated. Educating about these risks is essential, and sharing real-life incidents can be a powerful way to make the teams more aware.

Geremy Charbit, Customer Success Manager

I think credentials management is the most overlooked issue in today’s hybrid cloud environment. 

Joel Tian, Sales Engineer, Singapore

Many mature cyber security teams use multiple cybersecurity tools. At a glance it may all look perfect but these orgs need to ask why such companies still fall prey to data breaches. There’s often a disconnect between the tools they have and the actual threats they face, which leaves dangerous blind spots. 

Masayuki Suzuki, Sales Engineer, Japan

One often overlooked issue is cybersecurity awareness and education, which should be an ongoing and continuous program aimed at increasing the understanding of cyber threats and empowering users to be safer and more secure online. 

Marcus Pinheiro, Sales Director, LATAM

Question 3: 

What are your best tips for beginners?

Cybersecurity is a broad field with many different areas of focus which requires a solid understanding of IT concepts and Security measures. Find an area you’re passionate about and aim to become an expert in that area. 

Harshad Salvi, Technical Director – India & GSI

Ideally, find someone who can be your mentor and guide you through the process. 

Cybersecurity is huge. Learn what is out there and decide early on what your goals are. 

Keep track of new terms and concepts you are unfamiliar with, and dedicate 1 hour per day to go through the list and learn about them. 

Yishai Shor, Senior Sales Engineer

Take advantage of all of the free resources out there. Also, even though there are many different disciplines within cyber, they all mostly follow the same concepts and skills and are applicable across a wide range. 

Chris Keller, Sales Engineer

Start with IT basics, and potentially get certified with CISSP or CEH. Stay curious and document the latest threats (industry news sources, social media). Engage with the cybersecurity community. Stay updated on groundbreaking tools and catch the latest threats just as they’re about to make waves.

Geremy Charbit, Customer Success Manager

Consider pursuing relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Ethical Hacker (CEH) and Security+ from CompTIA. These certifications can boost your resume and help in your job search.

Also attend cybersecurity conferences to connect with professionals in the field. Networking can help you not only learn about new job opportunities, but also gain knowledge and insights and find mentors.

Marcus Pinheiro, Sales Director, LATAM

Question 4:

What are your best resources?

Podcasts:

• Blueprint: Provides the latest in cyber defense and security operations from blue team leaders and experts.
• Cloud Ace: Offers in-depth expert discussions on all topics that touch cloud security.
• CyberWire Daily: Published each weekday, the program also includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.
• Risky Biz
• DarkNet Diaries

Blogs and Websites 

• Heimdal Security: Great educational cybersecurity resources for individuals and organizations
• Krebs on Security: Run by Brian Krebs, a well-known name in today’s security landscape
• Schneier on Security: Run by Bruce Schneier, an internationally renowned security technologist
• Paul Asadoorian: Founder of Security Weekly, a platform that identifies the complexities of cybersecurity
• CloudSecList weekly newsletter from Marco Lancini.
• TCM Security, starting with their Practical Ethical Hacking resources
• Have I been Pwned
• https://krebsonsecurity.com
• https://www.darkreading.com
• https://thehackernews.com

So there you have it, our MASSIVE list of tips, best practices and amazing resources you can put to use to help your organization become just a bit more “cyber aware” each day. 

Have any to add to our list? Let us know!