Cybersecurity fortification goes beyond the hardware and tools. Building a positive, defensive culture within the organization is a vital part of an overall cybersecurity posture. Cybersecurity awareness programs should be ongoing, not once a year. It will condition users to be aware of the possible cyber risks and attacks that face the organization and individuals. Users should be encouraged and supported in making decisions and reporting suspicious activities.
Creating a culture of cyber awareness involves everyone’s participation. Understanding the cyber threat landscape and what could happen if attacked can minimize the potential impact. Cybersecurity best practices should be implemented including:
- Use of strong passwords-the longer, the stronger. Use a passphrase.
- Unique passwords for various applications
- Use of MFA. This adds an additional layer of defense.
- Apply the practices of least privilege. Only give access to resources users require to do their jobs.
- Phishing simulations can assist with understanding the characteristics of a business email compromise (BEC) and other social engineering tactics.
- Computer based training and/or other educational methods such as newsletters, posters, gamification and contests.
- Create a process for reporting suspected malicious activities.
Should an attacker get past the hardware defenses in the organization, the user should be armed with the necessary resources to take action to defend themselves and the organization. Knowledge is power.